Is your car safe from hackers? This is the question that drove researchers to remotely attack a 2014 Jeep Cherokee going 70 miles per hour along the freeway, killing its engine and leaving the driver in real peril. The attack was intended to demonstrate to the driver (Wired writer Andy Greenberg) just how vulnerable modern cars are.
This demonstration is terrifying, and raises serious questions about the security of automobiles – both modern Internet-enabled cars, and future autonomous vehicles.
How to Hack a Car
The attack was executed using the in-car entertainment system, which connects to the Internet via the cell network. The attack doesn’t require physical access to the vehicle – or even physical proximity. An attacker can cripple the car from anywhere in the world, at any time.
More than one million vehicles were recalled in the wake of the article, and will receive updates to bolster their security against this sort of attack.
The freeway stunt was risky, and the Internet has been up in arms about the unnecessary risk involved, but that isn’t what we’re going to look at here. It is true that the researchers in question were wrong to unnecessarily jeopardize human life. However, we shouldn’t let this distract us from the larger concern here. Namely, the urgent need to make our cars secure against these sorts of attacks.
In the case of cars like the Jeep Cherokee, this problem could have been avoided by simply not linking the car’s internal computer (which handles core functions like braking) to the Internet-enabled entertainment center. It’s pretty easy to make a computer secure when it isn’t physically connected to the outside world.
However, with the rise of autonomous vehicles, having these core computers connected to the Internet is going to get more and more necessary.
Which could prove to be a really serious problem.
Who’s Afraid of a Two-Ton Killer Robot?
The concern here is pretty obvious. Google’s robot car may be cute, but it’s still ultimately an industrial robot – a large, heavy, dangerous machine that can travel at high speeds. In the hands of Google’s meticulously designed software, these machines are safer than human drivers. This is a testament to the enormous amount of engineering, research, and testing that Google has done on this problem. However, it doesn’t mean that the car will remain safe under a hacker’s control.
A robot car under malicious control could be used for kidnapping and murder. You could hijack a car in transit and take it to a new destination. You could drive it off a bridge. You could use an empty car to deliver a car bomb, or direct a number of cars to physically crash into people or buildings. This is a scary range of possibilities, especially because computer security is so difficult. If we can’t secure 95% of android phones, how can we secure robotic cars?
This threat is so obvious that even politicians have noticed. West Virginia senator Jay Rockefeller was quoted as saying,
“And as our cars become more connected — to the Internet, to wireless networks, with each other, and with our infrastructure — are they at risk of catastrophic cyber-attacks? […] In other words, can some 14-year old in Indonesia figure out how to do this and just shut your car down…because everything is now wired up?”
The Good News
Luckily, there is some reason not to get too bogged down in doom and gloom scenarios. For starters, we can make autonomous cars much more secure than smartphones or PCs.
Smartphones are hamstrung by the need to allow the users to run arbitrary applications, the endless permutations of hardware and software, and complexity inherent in any general-purpose operating system. Self driving cars can more locked down, with much smaller attack surfaces. This allows them to be engineered for much greater security.
It’s also worth noting that Google is taking these threats seriously – and not just the obvious ones. According to Chris Urmson, head of the Google SDC project,
“There is no silver bullet for security and we’re taking a multilayered approach […] Obviously there is encryption and very narrow interfaces or no interfaces at all. You do your best to make your outside layer secure and then make your inside layer more secure.”
What this means is that Google is embracing the notion of defense in depth – separating the operation of the car into isolated layers. Crucial components are isolated from less crucial components, making it harder to compromise the entire vehicle in one hack. To speculate a little, critical functions like braking when an object is detected in front of the vehicle might be handled by a fully isolated processor – meaning that no software change would be able to force the car to crash into a person or object.
Google is also looking into less traditional threats that only apply to robot vehicles, and coming up with counter-measures. As Urmson says, “If you just look at at traditional threats to a computer, you’re going to miss out on a lot bigger threats.” For example, the cars themselves are fairly predictable, and Urmson can point out a number of scenarios where this could be exploited.
- “What happens when you have two advanced cruise control vehicles and the one in front starts accelerating and breaking such that the one behind it starts doing the same thing in a more amplified fashion?”
- “We’re looking at the collision avoidance systems. They rely on radar. We think we can manipulate radar sensors to some extent. Is it simple for an attacker to create an obstacle out of thin air?”
- “Auto manufacturers always maintain the proper spacing in adaptive cruise control. You might get interesting effects if [someone] crafted certain inputs or misbehaved in a certain way so they create a very large traffic jam.”
- “If I’m a shipping company and I want to slow down the competition… I can take advantage of their sensors and keep making their cars brake and accelerate. We’ve already demonstrated in theory that it’s possible.”
These scenarios may sound paranoid, until you realize that these vehicles will probably be very common in the future. Attacks that seem pointless or silly become much scarier when you imagine more than half the cars on the road being fully autonomous robots. Self driving cars may prove to be a form of infrastructure as ubiquitous as the electric grid. And, inevitably, people will try to find ways to take advantage of them for personal gain.
The takeaway here is that Google is well aware of the security threat, and are prepared to handle it. The reason that existing cars are insecure is not because securing them is fundamentally hard. It’s because automakers are incompetent at computer security, and have never had to deal with these sorts of threats before. They don’t employ experts who would be able to design a secure system – or even to warn them that security is necessary.
In contrast, Google does deal with these threats on a daily basis, and has a much stronger security track record than practically any other company. They’ll be much more equipped to tackle these difficult challenges.
Security By Design
All of this is not to say that we can rest easy. Google is probably on top of the security concerns for self-driving cars. However, a lot of people are developing these things. Google is ahead by a huge margin – despite marketing claims to the contrary – but companies like Baidu, Uber, and Tesla are frantically trying to make up the gap. Will they be as careful as Google? Will they allow security concerns to slip by the way side in their race to market? It’s not out of the question.
As consumers, we need to be vigilant about this issue. Make security a priority when choosing which services to use in the future. It’s important that robot cars happen quickly – the human cost of drunk and distracted driving demands swift action – but it’s important that it happen without sacrificing security.
Are you excited by the potential of autonomous vehicles? Concerned about the security issues? Let us know in the comments!