Travis Farral, director of security strategy at Anomoli, discusses how manufacturers can protect their autonomous vehicles against potential attacks.
Autonomous vehicles use millions of lines of code and a variety of interconnected systems and sensors – all of which have the potential to be manipulated or otherwise compromised. Threats include sensor jamming, forged vehicle communications, leaked data and physical attacks, which can either affect the vehicle itself (and its safety systems) or the owner’s data. In more serious cases, security issues can affect the safety of passengers and others.
The benefits of autonomous vehicles are legion, but as with every other major advance in technology, they introduce new issues and concerns that must be overcome. To effectively combat potential attacks, vehicle manufacturers must view their autonomous cars as business-critical data systems.
Specific threats
Some attacks against autonomous vehicles currently require a level of sophistication or access to equipment that is beyond the average person. The most likely threats will come from items and knowledge that are easily accessible. An attack that can be carried out with a laptop, a USB cable and some software downloaded from the internet is a more likely threat than those involving lasers and other components meant to blind the sensors of an autonomous vehicle.
It is important for developers and manufacturers to understand the current threat landscape, what is currently being developed by criminals, and who among them have an interest in attacking self-driving vehicles and for what purpose. Some of these specific risks are explored below.
- Sensor jamming, spoofing and blinding: Current approaches to self-driving automation leverage a variety of cameras, lasers, GPS, radar and other sensors to give the vehicle the environmental and situational awareness it needs. Each of these types of sensors can be blinded or jammed, thereby hindering the vehicle’s ability to retain full awareness of environmental conditions or potential obstructions.
- DoS/DDoS [(distributed) denial of service] attacks: Autonomous cars will be fitted with a number of communications systems that are designed to receive and share information necessary for safe navigation and driving. These communications systems could include vehicle-to-satellite, vehicle-to-vehicle, vehicle-to-internet and more. There is also communication within the vehicle itself via the ‘controller area network’. Disruption of any of these methods of communication can degrade the ability of the car to operate appropriately.
- Forged vehicle communications: Another risk involving communications would be the forging of vehicle communications to spoof hazards that don’t exist or attempts to cause a vehicle to behave in ways it wasn’t designed or intended to. One potential problem revolves around protocols that lack cryptographically sound integrity checks. These protocols may be vulnerable to spoofing depending on their implementation and communication methods.
- Leaked data: Autonomous cars will, by nature, have a significant amount of data about the travels and potentially some of the communications of its passengers. Additionally, personalization features as well as other functionality may have to store sensitive information about passengers, such as payment details and other personally identifiable information (PII). If the vehicle is compromised, this information could be obtained by an attacker.
- Physical attacks: Certain attacks could be carried out by those with physical access to the vehicle. Vehicular systems that are exposed to passengers such as USB ports or OBD-2 ports might provide mechanisms to allow for malicious use or exploitation. As with other technological systems, physical access often bypasses controls that are specifically in place to prevent remote exploitation.
Potential mitigations
Designers should take all the above threats into account when developing autonomous driving systems and build in sufficient defense systems and redundancy to address these.
Some of these examples may include:
- Safety protocols that put vehicles in ‘lock-down’ mode: When enabled, the attack surface is reduced to the minimum necessary to safely carry passengers to their destination. These protocols could be activated at times when specific threats are present or likely.
- Access controls to prevent unauthorized communication: Systems that only allow accepted types of communications may provide adequate defense, but additional research into other vehicle-based solutions against DoS and DDoS attacks should be conducted.
- Sharing of threats and other security concerns via V2V communications.
It remains to be seen how effective the security measures engineered into autonomous vehicle systems will be when these are the default vehicles on the road. The auto industry has built processes around how it handles defects and vehicle recalls, but it has yet to prove itself capable of effectively responding to widespread cybersecurity issues.
While cyberattacks pose a risk to the vehicle owners themselves, a bigger potential impact is the longer-lasting effect on the reputation of vehicle manufacturers. Loss or tampering of customer data through a cyberattack could lead to reduced customer trust– affecting sales and share price.
Vehicle manufacturers have taken steps to improve cybersecurity, such as the establishment in 2015 of a threat intelligence sharing group called the Automotive Information Sharing and Analysis Center (Auto-ISAC). However, with more and more vehicles boasting automatic driving systems, manufacturers must take every precaution to defend against malicious threats that could lead to serious consequences and undermine the trust the public places in these innovations.