FEATURE: IOT SECURITY
C
ountries such as the United
Kingdom, France, and
Switzerland are already testing
forms of autonomous cars on public
roads. According to Gartner, driverless
vehicles will represent approximately
25 percent of the passenger vehicle
population in use in mature markets by
2030.
While highways full of driverless cars
may be a shining vision of the future
for some, from a hacker’s perspective
they represent yet another opportunity
to wreak havoc. Driven home by the
rise in increasingly sophisticated cyber
attacks and data breaches over the
past several years, ensuring driver safety
from cyber threats has become a major
development focus and challenge in the
automotive and security industries.
A driverless car is a very advanced mode
of transportation, possibly even without
a readily available steering wheel. They
have considerably more electronic
components than “traditional” cars, and
rely on sensors, radar, GPS mapping,
and a variety of artificial intelligence to
enable self-driving. These new guidance
and safety systems must be integrated
into the electronic onboard systems
already present in modern day vehicles,
connect wirelessly to the manufacturer,
and probably even offer third-party
services via the Internet.
And that’s where the problems begin:
with hackers remotely accessing a
vehicle and compromising one of its
onboard systems, resulting in a range of
risks from privacy and commercial data
theft, to actual physical risks to people
and property.
Here are some attacks that are likely to
be targeted at highly connected and
autonomous cars:
systems. For instance, a limited amount
of communication is typically allowed
between an engine management system
and an entertainment system to display
alerts (“Engine fault!” or “Cruise Control is
Active”) that can potentially be exploited
Privilege escalation and
system interdependencies: not
all systems and in-car networks will be
created the same. Attackers will seek
vulnerabilities is lesser-defended services,
such as entertainment systems, and
try to “leap” across intra-car networks
to more sensitive systems through
the integrated car communications
System stability and
predictability: Conventional,
legacy car systems were self contained,
and usually came from a single
manufacturer. As new autonomous cars
are developed, they will very likely need
to include software provided by a variety
of vendors – including open source
software. Information technology (IT),
34
INTELLIGENTCIO
unlike industrial controls systems such
as legacy car systems, are not known for
predictability.
IT systems, in fact, tend to fail in
unpredictable manners. This may be
tolerable if it is just a matter of a web site
going down until a server re-boots. It is
less acceptable in the event of a guidance
systems being degraded even slightly
when an adjacent entertainment or in-car
Wi-Fi systems crashes or hangs.
Also expect to see known threats be
adapted to this new target, expanding
from common Internet platforms like
www.intelligentcio.com