Autonomous Vehicle Cyber Security: Safety Within and Without
Cybersecurity is of the utmost importance. Approximately 143 million Americans were reminded of this when Equifax, a credit company, was hacked and their data was compromised. If Equifax had followed industry best practices, this breach could have been avoided. Since they didn’t, millions of Americans are now at risk of identity fraud. When it comes to self-driving cars, or vehicles with advanced driver assistance systems (ADAS), the stakes are a bit higher. If someone hacks into your vehicle they could disable it, or even worse, crash it and possibly harm any passengers inside. This risk is a difficult one to tackle but it can be managed. If you ignore it, you might end up like Equifax, with a big mess on your hands and no excuses to cover you.
High Stakes Security
Two security researchers have been hacking vehicles for years in an attempt to expose vulnerabilities and raise awareness about safety problems in the automotive industry. They’ve been continuing that work, and have also started speaking more publicly about the cybersecurity risks that come with self-driving cars. Autonomous vehicles will present hackers with the unique opportunity to physically interact with a target vehicle without having to buy or steal it. Once physically plugged in, hackers could use increasingly ubiquitous ADAS features to control the car with disastrous consequences.
Not too long ago they remotely hacked into a Jeep Cherokee and were able to activate or deactivate important components like the brakes and transmission. Soon after the hack was shared with Chrysler, the company patched the car’s software so that the researchers couldn’t hack it remotely. They’ve since been doing more work that involves physically breaching the car’s security systems. Being in the car allowed the researchers to hack into the vehicle’s CAN network, an internal network that allows for communication between components. Once someone has access to this network they can use it with disastrous effect. In their previous hack, the researchers took over individual components and were able to activate or deactivate them. Using this method they were able to disable the central controller with safety features that could prevent them from doing too much damage. With that electronic control unit (ECU) out of the way, they could hijack the entire system instead of interfering with individual components. Other researchers have also been able to use the CAN network to simply disable components. They corrupt data coming in from sensors or microcontrollers to the central processor, and eventually, the primary controller thinks the component is damaged and cuts it off. There’s always the risk that your components can fail in the field by chance, but this kind of attack could shut down all ADAS features simultaneously.
This could become a very real image.
This raises the question of how will hackers ever have physical access to your vehicle? Well, if you’re designing a self-driving car that could be used as a taxi the answer is, all the time. Charlie Miller, one of the researchers who hacked the Jeep, has spoken out to highlight this risk after working for Uber. Any passenger in a driverless Uber would be able to hack into your car. They can gain access to a car’s internal systems using easy targets under the dashboard, like the OBD2 port.
Once inside a car’s network, a hacker could use the CAN network’s security flaws to tamper with any part of the vehicle that is controlled by computers. In older cars that may have just been cruise control or a few other features. Now in ADAS enabled cars, everything from the brakes to steering can be controlled by ECUs, and are thus vulnerable to attack. Autonomous vehicles pose a particularly dangerous risk, because the user may not be able to physically override computer controls. For example, in the Jeep hacking the researchers could activate cruise control to accelerate the car, but if the driver tapped the brakes cruise control would disengage. In a self-driving car that doesn’t have brakes, an accelerator, or even a steering wheel, the user does not have the features to override such a hack.
The stakes are high when it comes to securing autonomous vehicles. First you can physically secure your car’s systems to prevent a rider from accessing them. Then you can focus on software safety by implementing failsafes and self-checks.
It can be difficult to physically secure a modern day car. It’s illegal to permanently disable the OBD2 port that I mentioned earlier. However, you can try to guard your systems or make them tamper-evident to mitigate these concerns. Manufacturers should try to make ports difficult to access. A rider shouldn’t be able to easily pop off a section of the dashboard and access critical circuitry. Masking components can mitigate some of that risk, as it’s more difficult for a hacker to enter a system if they don’t know what kind of components they’re dealing with. In addition, using things like tamper-evident tape can help you know when someone has opened something they shouldn’t have.
You’re much more likely to foil hacking attempts with software than with physical protection. In the original Jeep hack, the researchers were only able to interfere with a few features because the central ECU had safety checks that prevented further meddling. Once they disabled that ECU, it was a free for all. Using software checks to make sure your components are still working can alert you to intrusions. If your controller is in update mode while driving, you will know that there’s a problem and can park the car until the issue is fixed. Checking components can help foil attacks like the disabling hack mentioned earlier. Maybe someone has used the CAN network to trick the processor into thinking sensor aren’t working. If those sensors are self-checking they can tell the controller that they are, in fact, operational and trigger some kind of failsafe. If you know an attack is happening you can mitigate it. The problem comes when you don’t prepare for a breach and let the hacker run amok in your system. You should also try to segment your system as much as possible to prevent cascading failures. If someone hacks into the entertainment system in your car they shouldn’t be able to use it to disable the entire system.
Cars without steering or brakes leave the user at the mercy of electronic controls.
Cybersecurity is a very complex problem that can be difficult to solve, however it must be addressed. Ignoring this issue in ADAS enabled vehicles could lead to injury or death, so the risk is high. When designing your software you should assume that hackers will have physical access to the network, knowing is half the battle. Then you can focus on designing software that checks components, and itself, to detect when an attack is happening. Once you know something is wrong you should have fail-safes in place that can either stop the attack or park the car so that no one gets hurt.
If you’re going to design impregnable software you’re going to need the best tools at your disposal. TASKING makes products like standalone debuggers that can speed up your development time and static analyzers that can help you check your memory and prevent cascading failures.
Have more questions about cybersecurity? Call an expert at TASKING.