Search for content, post, videos

The Future of Mobility: Opportunities and Cybersecurity Threats of Autonomous Cars

In January 2014, SAE International, formerly known as the Society of Automotive Engineers, classified the future of the automobile. A system was developed defining six levels of automated driving from SAE Level Zero (no automation) to SAE Level 5 (full vehicle autonomy). It has since become one of the most widely used standards for systems classification.

Autonomous driving is at a developing stage, however, it is estimated to help safe driving. Despite that, as people, the avoidance of accidents may not be entirely possible as of now but the developments in the field seem hopeful. In my opinion, the case of autonomous driving is that it creates plenty of business opportunities and frees up time, suddenly you do not need a driver, allowing you to use that time to do something else, such as; sort out your kids’ homework during that commute, sort out groceries, or get some extra work done. With the implementation of autonomous driving, advertising platforms will be able to explore more business ventures as well!

Granted, there are some areas of concern that raise a few questions, for example, who is liable for the handover period between self-driving systems? What suggests that staged handover systems may be needed to ensure a safe transfer of control, especially at higher speeds?

Lawmakers have been urged to consider the time it takes a driver to take back control from automated systems after new research revealed a significant gap in reaction time. The latest report found delays of up to three seconds between a vehicle deactivating its autonomous mode and a driver taking back control. While there is clearly much to understand about the safety and security of autonomous and cooperative automated driving (AD), connected cars remain in development – and will become a viable proposition in the not-too-distant future.

Let us clarify that the presence of devices in an automobile that connects the devices within the car/vehicles, networks, and services outside the car including other vehicles, home, office, or other apps, makes the car connected to Wi-Fi. Cars can now warn drivers of accidents, traffic, collisions, and other safety alerts such as snowy or slippery roads.

Multiple threats and vulnerabilities exist and more will doubtlessly emerge as technology progresses. It is worth noting that, nowadays, vehicles increasingly feature automated driver assistance technologies – such as; forward-collision warning, automatic emergency braking, and vehicle safety communications.

Vehicle cybersecurity, for some time, has been a glossedover area of research in the development of driverless vehicles. While this is an ongoing multi-industry discussion, there are still some pertinent issues.

Technology is about trust

Advancements in driver assistance technologies rely on a multitude of electronics, sensors, and computer systems. Connected and automated vehicles, also referred to as ‘cyber-physical systems’, with components in the real and virtual worlds.

As all other things online, these systems are vulnerable to those that regularly disrupt computer networks, like data thieves or malicious actors (be that personal or financial information), spoofers (who present incorrect information to automobiles), and denial-of-service attacks (that shut down computers or vehicles). In addition, hackers could shut-down or take control over a vehicle, lawbreakers could ransom a vehicle or its passengers, and car thieves who direct a self-driving car to relocate itself.

Many vehicles use the Controller Area Network (CAN) to communicate with a car’s Electronic control unit (ECU), which operates many subsystems, such as; antilock brakes, airbags, transmission, audio system, doors, and many other parts—including the engine. The newer car models, also use Diagnostic Version 2 port that is used to diagnose problems, this could be abused by CAN traffic, and interrupted from the On Board Diagnostics (OBD) port which can be plugged into a car as a backdoor for external commands, controlling services, for example: the Wi-Fi connection and unlock the door.

For automobiles, applying cybersecurity is vital. Systems and components that handle safety must be protected from harmful attacks, unauthorized access, damage, or anything else that might have an interference with safety functions. Furthermore, vulnerabilities in automated parking are more prominent due to mechanical attacks disabling the range sensors in park-assist, or remote parking in order to require additional maintenance. To name a few examples:

  • In 2016, hackers proved the Nissan Leaf could be hacked from anywhere in the world via mobile app and web browser
  • In 2015, cybersecurity researchers demonstrated a remote attack on a Jeep Cherokee, sending it off the road
  • ln 2015, hackers exploited a vulnerability in BMW’s Connected Drive technology to unlock the cars
  • In 2016, hackers remotely unlocked Volkswagens

There are additional security threats to the wide-ranging networks that will connect with autonomous vehicles, for instance: the financial networks that process tolls and parking payments, the roadway sensors, cameras and traffic signals, the electricity grid, and even our personal home networks. How does the AD industry deal with such multifarious potential safety and security issues?

In order to secure products across the supply chain, the automotive sector must develop new ways to collaborate.

Products can be secure only if they are designed with security in mind. High-quality components—from software to hardware—must implement the design. Original Equipment Manufacturers (OEMs) need to create and enforce stringent guidelines to minimize softwaresecurity gaps and also enable easier modifying or patching systems.

A secure design, however, does not guarantee security. To be effective, solutions must be implemented constantly. This requires an increase in collaboration between product-security teams and corporate IT-security teams. This is why over-the-air (OTA) updates, currently available for some cars, are essential for connected systems.

OTA updates assist OEMs in quick counter attacks and help eliminate specific vulnerabilities before attackers exploit them. Nonetheless, implementing support for OTA updates is pretty complex and costly, both for vehicles and the backend infrastructure. Responsibility for implementation lies with manufacturers.

So, the need for creating strict and effective regulatory guidelines, as well as beneficial multi-sector alliances to deal with regulators and to share intelligence on threats or vulnerabilities, is even more evident.

Some automotive companies are already creating alliances, while other OEMs and suppliers should consider joining them.

Customer safety should be of utmost importance for automakers, so that connected cars will get constant oversight and protection. OEMs, Tier 1s, regulatory bodies, insurance companies, technology companies, telecommunications organizations affected by the new attack landscape are working to strengthen cybersecurity.

In recent years, government agencies have begun producing reports and guidelines such as the Cyber Security and Resilience of Smart Cars by ENISA (the EU Cybersecurity Agency), the Federal Guidance for improving Motor Vehicle Cybersecurity, NHTSA, Vehicle Cybersecurity, and Automated Driving Systems (ADS): A Vision for Safety 2.0 in the US.

In the UK, lawmakers have published their Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles.

National governments are also acting on the appearing public safety implications of vehicle cybersecurity. For example, in 2017 US regulators passed bills like the 2015 Spy Car Act and the Security and Privacy in Your Car Study Act, which focused on vehicle cybersecurity.

US authorities have also passed the SELF DRIVE Act and the AV START Act, which make cybersecurity a necessary component of any automated driving system.

However, even if the industry puts its best efforts forward, we will succeed only if car drivers understand the importance of cybersecurity, make efforts to maintain it, and take measures to avoid threats. There is a lot of work to still be done but there are interesting challenges and opportunities awaiting.

One of the main conclusions to be pointed out, is that while legislators need to take into consideration the handover period while determining new regulation, it is still important to highlight the capability of drivers and avoid restraining the appeal of the technology by unfairly penalizing them.

Leave a Reply

Your email address will not be published. Required fields are marked *