Building hack-resistant driverless cars
Technology-packed autonomous vehicles will create a new frontier for hackers. A UM-Dearborn cybersecurity expert explains how we might protect them.
Out of all the challenges facing developers of driverless cars, cybersecurity threats offer up some of the most pulse-quickening plotlines. The idea of someone hacking your vehicle, especially in a way that compromises its safety, is unequivocally terrifying. Examples are no longer purely hypothetical either. Back in 2015, two hackers remotely compromised a nonautonomous Jeep Cherokee while it was traveling down a St. Louis freeway at 70 m.p.h. They started by fiddling with the climate control, then began switching the radio station, then, for style points, appeared on the car’s video dash display. Eventually, they cut the car’s transmission, fully disabling it and sending the driver looking for the shoulder.
Luckily, in this case, the driver was in on the hack. He was a writer for WIRED magazine, the hackers were two top cybersecurity researchers, and their intentions were to demonstrate the vulnerability of the car’s electronic control systems. But UM-Dearborn Associate Professor and cybersecurity specialist Di Ma says the style of cyberattack is pretty much what you’d expect from a real one. In the Jeep case, the hackers originally infiltrated the car through its dashboard connectivity system, but after that, they were able to gain access to electronic controls for the engine, braking and steering systems. “When you have a car that has dozens of electronic systems, you’re introducing a lot more vulnerabilities,” Ma explains. “Basically, any of them — and the links between them — are potential entry points for attackers.”
It’s a fundamental challenge that’s magnified many times over for driverless vehicles, namely because autonomy requires so much more technology. For example, vehicle-to-vehicle and vehicle-to-infrastructure communications systems, which future autonomous vehicles will likely be equipped with, offer a whole new wireless frontier for hackers. Ma says securing all the AV’s systems isn’t all that different from securing other kinds of computer systems. What makes it tricky is that the vehicle is moving in space with human passengers inside. The fundamental issue is time: All security processes, even really fast ones, aren’t instantaneous. And yet autonomous vehicles will need to make hundreds of real-time decisions as they react to changing conditions on the road. Lag time in decision making caused by security checks simply isn’t an option when passenger safety is at stake.
Ma says even less high-stakes scenarios could bump into this fundamental challenge of time. We all know the feeling of getting impatient as we wait for our laptops or phones to boot. Part of the reason it takes a minute is the computer is running a security check to verify the authenticity of critical operating system components before they’re loaded into the memory. Ma says a car that’s as much computer as vehicle is no different, and manufacturers will have to be sensitive about the “boot time” of AVs, especially given that consumer expectations today are for instantaneous driving.
In fact, some of Ma’s latest research is tackling this very issue. The most comprehensive security checks, she says, verify the integrity of everything, but they also take the most time. Conversely, less thorough checks are quicker, but they’re less secure. So Ma has created an interesting approach that kind of cheats this zero-sum game. At boot time, instead of checking everything, her process verifies a random sampling of the vehicle’s firmware code, sort of like a food safety officer would randomly sample a few items coming off a production line to judge the integrity of the entire lot. Because the system is checking a lot less code, it’s much faster. But its randomness also offers up a surprisingly high level of security. With Ma's probabilistic system, for example, you can have a check that offers a 99.95 percent detection rate but only takes a fifth of the time needed for a full security check. If similar techniques could be applied throughout a vehicle’s systems, it could go a long way to meeting the nonnegotiable real-time processing requirements of AVs.
Solutions like this, which aim to strike a balance between security and convenience, are exactly the kind of tools manufacturers will likely need to make AVs a reality. But Ma says it also reveals a truth that many consumers might find uncomfortable: “If we are looking for solutions that are 100 percent secure, I cannot say we will have a perfect solution,” Ma says. “That is just my feeling. So I think we have to think in terms of the best available solutions, and those, like most security solutions, will seek to balance a tolerable amount of risk with some desired benefit.”
Though it may not completely quell consumers’ fears about vehicle hacks, Ma says it’s worth pointing out that an attack that puts an individual's safety at risk likely wouldn’t be a common one anyway. In her world, researchers do think about cases where terrorists might try to hack vehicles, either at random or for targeted assassinations. But far more likely is a ransomware attack, where a hacker might disable your vehicle and demand payment to unlock it. More lucrative still: A similar attack that targeted the car companies themselves.
“You could imagine a hacker blackmailing one of the big manufacturers, threatening to stop millions of cars, maybe of their most popular vehicle,” Ma says.
With billions already invested in an autonomy-based future, they’re certainly the ones with the most at stake.
Story by Lou Blouin. This is the final story in a series exploring the future of autonomous vehicles. For more on this topic, check out the rest: “Why your first driverless car is decades, not years, away," "Designing autonomous vehicles to be pedestrian friendly," and “How we’ll ultimately learn to trust autonomous vehicles.” If you're a member of the media and would like to contact Professor Di Ma for an interview, drop us a line at UMDearborn-News@umich.edu.