Out of all the challenges facing developers of driverless cars, cybersecurity threats offer up some of the most pulse-quickening plotlines. The idea of someone hacking your vehicle, especially in a way that compromises its safety, is unequivocally terrifying. Examples are no longer purely hypothetical either. Back in 2015, while it was traveling down a St. Louis freeway at 70 m.p.h. They started by fiddling with the climate control, then began switching the radio station, then, for style points, appeared on the car鈥檚 video dash display. Eventually, they cut the car鈥檚 transmission, fully disabling it and sending the driver looking for the shoulder.
Luckily, in this case, the driver was in on the hack. He was a writer for WIRED magazine, the hackers were two top cybersecurity researchers, and their intentions were to demonstrate the vulnerability of the car鈥檚 electronic control systems. But UM-Dearborn Associate Professor and cybersecurity specialist Di Ma says the style of cyberattack is pretty much what you鈥檇 expect from a real one. In the Jeep case, the hackers originally infiltrated the car through its dashboard connectivity system, but after that, they were able to gain access to electronic controls for the engine, braking and steering systems. 鈥淲hen you have a car that has dozens of electronic systems, you鈥檙e introducing a lot more vulnerabilities,鈥 Ma explains. 鈥淏asically, any of them 鈥 and the links between them 鈥 are potential entry points for attackers.鈥
It鈥檚 a fundamental challenge that鈥檚 magnified many times over for driverless vehicles, namely because autonomy requires so much more technology. For example, vehicle-to-vehicle and vehicle-to-infrastructure communications systems, which future autonomous vehicles will likely be equipped with, offer a whole new wireless frontier for hackers. Ma says securing all the AV鈥檚 systems isn鈥檛 all that different from securing other kinds of computer systems. What makes it tricky is that the vehicle is moving in space with human passengers inside. The fundamental issue is time: All security processes, even really fast ones, aren鈥檛 instantaneous. And yet autonomous vehicles will need to make hundreds of real-time decisions as they react to changing conditions on the road. Lag time in decision making caused by security checks simply isn鈥檛 an option when passenger safety is at stake.
Ma says even less high-stakes scenarios could bump into this fundamental challenge of time. We all know the feeling of getting impatient as we wait for our laptops or phones to boot. Part of the reason it takes a minute is the computer is running a security check to verify the authenticity of critical operating system components before they鈥檙e loaded into the memory. Ma says a car that鈥檚 as much computer as vehicle is no different, and manufacturers will have to be sensitive about the 鈥渂oot time鈥 of AVs, especially given that consumer expectations today are for instantaneous driving.
In fact, some of Ma鈥檚 latest research is tackling this very issue. The most comprehensive security checks, she says, verify the integrity of everything, but they also take the most time. Conversely, less thorough checks are quicker, but they鈥檙e less secure. So Ma has created an interesting approach that kind of cheats this zero-sum game. At boot time, instead of checking everything, her process verifies a random sampling of the vehicle鈥檚 firmware code, sort of like a food safety officer would randomly sample a few items coming off a production line to judge the integrity of the entire lot. Because the system is checking a lot less code, it鈥檚 much faster. But its randomness also offers up a surprisingly high level of security. With Ma's probabilistic system, for example, you can have a check that offers a 99.95 percent detection rate but only takes a fifth of the time needed for a full security check. If similar techniques could be applied throughout a vehicle鈥檚 systems, it could go a long way to meeting the nonnegotiable real-time processing requirements of AVs.
Solutions like this, which aim to strike a balance between security and convenience, are exactly the kind of tools manufacturers will likely need to make AVs a reality. But Ma says it also reveals a truth that many consumers might find uncomfortable: 鈥淚f we are looking for solutions that are 100 percent secure, I cannot say we will have a perfect solution,鈥 Ma says. 鈥淭hat is just my feeling. So I think we have to think in terms of the best available solutions, and those, like most security solutions, will seek to balance a tolerable amount of risk with some desired benefit.鈥
Though it may not completely quell consumers鈥 fears about vehicle hacks, Ma says it鈥檚 worth pointing out that an attack that puts an individual's safety at risk likely wouldn鈥檛 be a common one anyway. In her world, researchers do think about cases where terrorists might try to hack vehicles, either at random or for targeted assassinations. But far more likely is a ransomware attack, where a hacker might disable your vehicle and demand payment to unlock it. More lucrative still: A similar attack that targeted the car companies themselves.
鈥淵ou could imagine a hacker blackmailing one of the big manufacturers, threatening to stop millions of cars, maybe of their most popular vehicle,鈥 Ma says.
With in an autonomy-based future, they鈥檙e certainly the ones with the most at stake.
###
Story by Lou Blouin. This is the final story in a series exploring the future of autonomous vehicles. For more on this topic, check out the rest: 鈥Why your first driverless car is decades, not years, away," "Designing autonomous vehicles to be pedestrian friendly," and 鈥How we鈥檒l ultimately learn to trust autonomous vehicles.鈥 If you're a member of the media and would like to contact Professor Di Ma for an interview, drop us a line at [email protected].
