It has long been a favourite scene in films and television dramas: a driver desperately stamping on the pedals in a futile attempt to stop a car after the brake cable has been cut.
In future, perhaps directors will instead show a person left helpless in the front seat as an autonomous vehicle obeys the commands of a distant hacker.
This is not a fanciful scenario. In 2015 Fiat Chrysler Automobiles launched a 1.4-million vehicle recall when two hackers showed that they could use a Jeep Cherokee’s wireless entertainment system to take over the vehicle. From 10 miles away, they played about with the heating, the stereo and the windscreen wipers before grinding the vehicle to a halt.
This was done while a journalist drove the vehicle, with the mischievous hackers (actually two cybersecurity researchers) demonstrating their prowess for a magazine article. Imagine if more malign actors were at work.
It could be a major problem: the technology research organisation Gartner estimates there will be 250 million connected cars by 2020.
With their constant need to communicate with nearby objects or other vehicles, autonomous vehicles are especially vulnerable. Amir Kanaan, the Dubai-based managing director for the Middle East, Turkey and Africa at the cybersecurity specialist Kaspersky Lab describes them as “computers on wheels” connected to a network.
“Cars will gradually be installed with new intelligent technologies, telematics and autonomous driving, remote driver assistance and infotainment,” he said.
“Internal control systems are becoming more sophisticated and complex, with multiple sensors, controls and applications that interact with nearby vehicles and the environment.
“Their functions can be controlled remotely, via digital systems. With this, connected cars are becoming more of a target for cyber-attacks.
“A key vulnerability is injecting malware into the heart of an unsuspecting vehicle through its essential connection, transferring control to a hacker.”
Complicating things is the fact that a vehicle can have many software subsystems, often written by different developers and implemented separately. Possibly lacking full knowledge of different proprietary systems, manufacturers can lose control of the source code and software.
“Vulnerabilities can also be introduced via a growing portfolio of affiliated products and services,” said Kanaan.
“In short, manufacturer-installed software and connectivity nodes, and every further link to the automobile, serves as a potential point of weakness.”
These weaknesses extend beyond safety. Owners could arrive back at their cars only to find a message demanding money before they can start the vehicle, an automotive equivalent of the ransomware attacks seen with office computers. The potential effect on a fleet owner, all of whose vehicles could be affected, is devastating.
In recognition of the issue’s growing importance, four years ago General Motors appointed its first chief cybersecurity officer and the issue has moved further up the agenda of the car giants, which have launched initiatives to share cybersecurity information.
“It’s pretty well-recognised by the OEMs [original equipment manufacturers] and suppliers that this is the issue that needs to be addressed,” said Betty Cheng, a professor in computer science and engineering at Michigan State University (MSU), who has formed a tie-up with a German car parts manufacturer, ZF, to address cybersecurity threats.
There are many factors that should be considered from the outset to ensure that problems do not arise later, according to Dr Paul Sanderson, a cybersecurity senior technical specialist at a UK consultancy, SBD Automotive. This company works with OEMs in Europe, North America and Asia to do work including threat modelling, design review and penetration testing of components and vehicles to make the vehicle and its software attack resistant. SBD has introduced the Automotive Security Development Lifecycle, ASDL, which has been described as a “cost-effective hardware and software approach to cybersecurity” covering the whole vehicle development cycle.
“Software: has it been written robustly; is it secure; has it been developed using secure and safecoding guidelines; has it been checked and validated; pen [penetration] tested?” said Sanderson.
Sanderson said, until now, often the answer to these questions has been ‘no’, but that “things are getting a lot better”.
Ethical hacking is used by corporations such as the telecommunications giant BT to identify weaknesses. It employs tests aimed at the vehicle’s “attack surfaces”, including interfaces accessible inside the car like Bluetooth links or USB ports, plus external connections such as links to mobile networks. All systems interacting with the vehicle are tested and verified.
“The ultimate objective is to identify vulnerabilities that would allow unauthorised alternation of configuration settings or that would introduce malware into the car. These remote systems can include the laptops of maintenance engineers, infotainment providers and other supporting systems,” said Martin Hunt, BT’s senior business development director for the global automotive industry.
One novel security approach being assessed by Siraj Shaikh, professor of systems security at Coventry University in the United Kingdom, involves using light to produce random numbers. Cryptographic systems can be vulnerable because the numbers they use are not truly random.
A tie-up between Crypta Labs, a cybersecurity start-up based in London, and Coventry University’s Institute for Future Transport and Cities (FTC), where Shaikh works, involves testing whether Quantum Random Number Generation (QRNG) technology can make systems more secure.
“It’s a technology that could underpin security. There’s definitely potential,” said Shaikh.
Physical security is also important. For example, tampering with the position of a sensor can make it misinterpret what it detects and where.
A key safeguard is the high level of redundancy. An autonomous vehicle may receive input from radars, cameras, lidar (which uses pulsed laser light to determine distances) and ultrasonic sensors, so if one is compromised, operation should not be affected.
The growing popularity of electric cars – forecast by the bank UBS to make up 16 percent of global vehicle sales by 2025 – may allow for the creation of more robust systems.
“The move to electric vehicles is giving OEMs and new disruptive companies entering the market the opportunity to redesign the underlying vehicle architecture. It gives them the ability to implement cybersecurity solutions,” said Sanderson.
“Generally, you get a different version of the vehicle every three or four years. [Manufacturers] will make minor changes, but the underlying architecture is the same.
“When you get a disruptor like Tesla, their architecture is different from the traditional OEM. They can design from scratch.”
For all the concerns over cybersecurity, Cheng at MSU counsels against exaggerated fears. Firstly, it is not just the onboard technology that is the subject of cybersecurity work; the infrastructure too is “being hardened so the communications cannot be compromised.”
Also, autonomous vehicles are not, Cheng points out, going to become common worldwide overnight.
“There’s a bit of a misperception that it’s going to be sooner than it actually will be. People see Google and Tesla, but they’re slightly different in scope and the implications are different in terms of the consumer,” she said.
So the OEMs still have time to deal with the vulnerabilities, and the increasing emphasis they appear to be putting on cybersecurity suggests a determination not to allow a repeat of the type of PR meltdown that Fiat Chrysler endured three years ago with their runaway Jeep.
“The OEMs are taking it seriously and investing in cybersecurity solutions. We’re very, very busy,” said Sanderson.