Hackers on the Highway: Are We Prepared?

Information and communications technology (ICT) previously enabled advancements from wireless phone calls to social networking. Recent breakthroughs have connected cars to the ICT network, allowing them to be controlled from a distance and to transmit data to remote locations. These cars contain computing and communications systems that enable them to perform at or above the level of human drivers. Still, as people gradually relinquish control of their vehicles, cars may become increasingly vulnerable to cyberattacks.

The cybersecurity community has long been aware of vehicles’ susceptibility to cyberattacks. In 2015, two security researchers called attention to this danger by remotely hacking a Jeep Cherokee. The hackers took control of the Jeep’s functions from ten miles away via a simple 3G connection by exploiting a vulnerability in Uconnect, a system that controls navigation and entertainment in many cars. The consequences were serious. The hackers were able to gain control of the brakes and steering wheel, causing the car to stop on a highway. This case suggests that car hacking has the potential to more directly endanger lives than other cyber threats, such as online theft of personal information.

Recent work by researchers at the University of Texas-Austin identified a range of security risks that are now emerging in the autonomous vehicle industry. These threats include two types of attacks on automotive radars: jamming and spoofing.  Jamming attacks can effectively disable the functionality of radar systems by flooding them with noise, potentially leading to collisions. Spoofing, in which attackers replicate and re-transmit radar signals, supplies incorrect radar information to a car’s systems. This misinformation can disrupt a car’s ability to recognize surrounding traffic or driving conditions. When suffering a spoofing attack, a car might change lanes because it fails to detect a nearby vehicle, causing a potentially destructive crash.

Attacks targeting dedicated short-range communication (DSRC) technologies pose security risks as well. DSRC systems allow information including a car’s velocity and GPS location to be transmitted to other autonomous vehicles, reducing the likelihood of a collision. These systems are exposed to the same threats that are common with Wi-Fi technology, including Denial of Service (DoS) attacks. When directed at a car’s navigation or communications system, such attacks could disable the vehicle during operation. A DoS hack on a laptop may render it unusable, but the same type of attack on a vehicle could prove deadly.

Engineers and researchers are still coming to terms with the security problems that autonomous vehicles might face in the future. One potential way to begin addressing these risks is by forming a cross-industry consortium that includes the government, the private sector, and cybersecurity researchers from both automobile and cybersecurity sectors. Some companies have already initiated efforts to open dialogue; for example, Uber recently launched its FASTR initiative, a nonprofit research consortium dedicated to automotive cybersecurity.

Technological standards for vehicle security can also play a major role. These guidelines are directed at redefining the automobile design process to ensure that it includes cybersecurity features from the get-go. For instance, the International Telecommunication Union is creating new standards for remote updates on electronic modules that control engine performance in autonomous automobiles. Furthermore, the European Union Agency for Network and Information Security (ENISA) launched a study on automotive cybersecurity to develop policy options and provide a public list of security resources.

Technical and design preparedness may help protect vehicles and drivers from attacks, but efforts to build public awareness of and preparedness for cyberattacks are also vitally important and lacking in the current discourse.

Article source: Yeh, Enoch R., Junil Choi, Nuria G. Prelcic, Chandra R. Bhat, and Robert W. Heath, Jr. “Cybersecurity Challenges and Pathways in the Context of Connected Vehicle Systems,” D-STOP 134 (2017).

Featured photo: cc/(metamorworks, photo ID: 971997930, from iStock by Getty Images)