Self-driving cars are definitely a very interesting concept. Especially if you don’t like driving, they can be an ideal solution to mundane journeys. But self-driving cars are essentially internet-connected computers. Everything that is connected to the Internet is a target for hackers and there’s no 100% guarantee of absolute cyber security.
The notion that you’re sitting in a car, which at any point could be hacked and controlled and there’s nothing you can do about it, isn’t very comforting. Still, that doesn’t mean it will happen or that it will be easy. In fact, all companies are working on improving the cyber security of their cars. They tend to avoid this topic as any information they share could give some insight to hackers. Yet, there are some details that they do share from time to time.
Multi-layer security
Ford has recently announced some of the plans for their upcoming fully autonomous vehicle. The company plans to release it in 2021 as a ride-hailing service. The car won’t have a steering wheel or pedals and there will be no way for the passengers to control it. Instead, the passengers will have to rely on the vehicle to handle itself in any sort of emergency or failure. How will that happen?
Ford says the car will have redundant power and control systems. So, if the main steering system fails, the other one will kick in and guide the vehicle to a stop. If the flaw is minor, it will be merely flagged for service and the passenger won’t even realize what has happened. In the case of a cyberattack or breach, the car will also automatically switch to a safety mode for a controlled stop. Basically, if anything isn’t “quite right”, the car will switch to redundant systems and seek for a place to stop safely.
Hacking made unnecessary
Back in 2016 Charlie Miller and Chris Valasek made headlines as they hacked a Jeep Cherokee remotely, cut its breaks and sent it into a ditch. Now they help companies improve the security of their autonomous cars. “Right now the whole field is competitive, with lots of secrets. Nobody wants to say how their solution works. Security isn’t like that. We get everything into the open, and talk about what works and doesn’t work as a community”, says Miller to PC Mag.
He notes that companies are now building additional systems which allow cars to scan their surroundings. “Even if you pull up the stop sign and throw it away, the car still knows it should be there,” he said. “And sensor hacks are nonsense. Jam or spoof the GPS signal? No effect on the car, as it doesn’t even need GPS.” Hacking the LiDAR system also doesn’t work, he says. “Those headlines don’t apply to real self-driving cars,” said Miller. “They have LIDAR, radar, cameras, and other sensors. And if the car doesn’t get good data, it just stops.”
Another method is simply not to add things you don’t need. “What do you need this for? Can’t answer? Yank it out. Also, don’t allow any inbound connections. Wait for the car to make the connection”, says Valasek.
Adding trusted execution prevents reprogramming components, too. This way companies can make it so that if someone changes anything on the car, even physically, it simply won’t start. All of this won’t make self-driving cars 100% unhackable as that is not possible. It can, though, make them very difficult and time-consuming to hack which will curb most hacker attempts from the start.