Security expert: Here’s how driverless cars could be hacked
David Kennedy, founder of TrustedSec (trustedsec.com) and Binary Defense Systems, is a white hat hacker and cybersecurity consultant to major corporations, manufacturers, financials and governments. Prior to the private sector, David worked for the US Marine Corps and was deployed twice to Iraq for intelligence related missions.
The auto industry is rapidly moving toward a future of driverless cars. One of the main arguments in favor of this new technology is that it will make driving safer.
But what about the flip side of the coin? What new risks could it create?
Tesla (TSLA) has led the field in self-driving technology for years, and it is now getting closer to what it calls FSD: full self-driving technology. At the same time, other car manufacturers and leading tech companies like Apple (AAPL), Google (GOOGL), and Uber are also developing driverless vehicle technology, which could begin rolling out soon.
For the past four years, our team at TrustedSec has been working with leading auto manufacturers to check these vehicle systems for potential security risks a criminal hacker might exploit. While I can’t disclose what we’ve found, what I can say is this: vehicle systems are not exactly bulwarks of security. Just like any other electronic device that runs code, they have vulnerabilities which can be attacked.
To make matters worse, car manufacturers also source many of their products and components from diverse outside vendors, which makes it harder to tell what technology is actually running inside the car.
How will cars be hacked?
As cars become more like computers, they can be hacked like computers. The future risks to cars range from data breaches to hijacking critical systems, backdooring the car network, extortion, and more.
Criminal hackers could target the car itself, the back-end servers supporting it, or the outside systems that communicate with the car, like ‘smart’ traffic lights. The possibilities are vast.
A criminal could steal personal information by hacking the car’s WiFi or cellular network, or compromising a third-party service provider. The coming trade in driver data could be particularly useful for identity thieves.
Ransomware could seize control of a car’s functions, or disable it altogether, until the owner or automaker pays the ransom. It’s also possible to carry this out on a larger scale, if an attacker is able to find a model-specific vulnerability.
The infotainment system is perhaps the most vulnerable point of entry for the car. If unprotected, it is a direct conduit into the CAN bus, where an attacker could then migrate to other controllers and take over the car’s critical functions. In theory, this could allow a criminal hacker to remotely control or sabotage the vehicle – similar to what security researchers Charlie Miller and Chris Valasek demonstrated with the Jeep Cherokee hack.
Attackers could seize control of an entire fleet of vehicles by breaching the back-end infrastructure. This type of attack could occur if the hacker was able to compromise a manufacturer or key service provider and then use it to deploy malicious code to every car under its servers’ reach. We’ve seen this type of attack in other industries. Recently, ASUS was hacked and used to distribute the ShadowHammer malware as a fake software update to hundreds of computers.
Driverless technology could enable remote car theft. If the attacker can get a shell on the vehicle’s system, s/he could in theory order the car to drive itself away, while also disabling any GPS tracking feature.
As driverless cars will rely heavily on V2V and V2X communication to navigate, any successful breach of one of these outside systems could be used to manipulate the car. For instance, researchers recently tricked Tesla’s lane recognition software by placing fake lane marking stickers on a test track. This shows the potential for manipulating cars based on this external data input.
Today’s car is already a computer on wheels
Most vehicles since the 1970s contain dozens of computer controllers — known as electronic control units (ECUs) — to monitor and regulate the car’s functions like the engine, transmission, brakes, and even steering. Additionally, since the early ‘90s, they also have a centralized network to manage them — known as the controller area network (CAN bus).
However, a computerized system has one important downside — it can be manipulated through malicious code. If a criminal hacker can gain access to this system, that person could potentially jeopardize the safe operation of the vehicle.
In the past, vehicles had no connection to the internet. But that is quickly changing with the rise of ‘connected’ vehicles, driverless cars, and 5G. This raises the stakes considerably for cybersecurity. For instance, both 4G and the upcoming 5G networks provide direct access to the cars, their back-end servers, and ultimately, a substantial amount of data coming out of the car, known as telemetry.
If vehicles aren’t properly protected, an attack on the infotainment system could spread throughout the car’s other systems. This is why Fiat Chrysler Automobiles (FCA) recently introduced the “Secure Gateway (SGW)”, which is like a firewall that sits in between un-trusted networks on the CAN bus (like the infotainment system) and the vehicle's ECUs.
FSD takes this to a whole new level
Full self-driving capabilities will significantly increase the scale of computerized controls and the car’s need to connect with outside systems.
The technology will add higher power computers, additional ECUs, enhanced sensors to monitor critical applications (like the engine), and substantially more code to run the vehicle autonomously. For instance, many cars today now have graphics processing units (GPUs), similar to those used in video game systems, just to handle the road telemetry and to process images of the vehicle's surroundings. New connectivity measures like vehicle-to-vehicle (V2V) and vehicle-to-everything (V2X) will also be essential for driverless cars to navigate, manage traffic hazards, and reduce congestion.
All of this increased complexity and added connectivity means the vehicle now has more potential points of failure and a larger “attack surface” for a criminal hacker to exploit.
Vehicle updates further compound the risk
To sustain all of these sophisticated systems, driverless cars will require software and firmware updates from the manufacturer. The most practical way to manage this is with over-the-air (OTA) software updates, and by 2020, many more automakers will begin to make OTA updates available for their vehicles.
Tesla is a good example of what this will be like. It already has functional OTA updates for its vehicles and continuously releases new software updates. For instance, when I first purchased my Tesla, it had all the necessary hardware for AutoPilot v1.0, but the software had not been released yet. One morning I woke up and noticed the update was available, and, voila, I had AutoPilot 1.0. A few months later, the Summon feature was released, which enabled owners to backup or move forward their cars using just the Tesla mobile app or key fob.
But OTA updates can be a double-edged sword. While they are vital for vehicle safety and performance, they also introduce a direct pathway into critical vehicle systems. If the update process is compromised or “spoofed,” an attacker could push malicious code directly into the vehicle’s controllers.
Security mandate for automakers
The shift toward ‘connected’ and driverless vehicles is creating many new security risks which the industry may not be prepared for.
These are vehicle systems which have generally lacked network connectivity before, so adding this type of integration and then combining it with autonomous capabilities is a massive leap forward – and that creates a lot of potential blind spots for manufacturers and other key players.
Many automakers still haven’t addressed older security problems and they are not yet conducting thorough cybersecurity tests of the third-party hardware and software which enters these vehicles.
In order to secure these vehicles, automakers have to make cybersecurity testing a top priority. They need to fully audit all third-party materials, and they need to implement strong security controls on their back-end server infrastructure and the data they collect from these vehicles (telemetry). Automakers will need to carry out end-to-end testing across their entire manufacturing process and back-end IT infrastructure.