The future of driving may well lie in autonomous vehicles. So-called self-driving cars are growing in popularity and while most drivers would like to retain a degree of control, this is not a universal concern. In Switzerland, 32 per cent of users would be happy if they were not in control.
The only possible problem that autonomous vehicles face in Europe is one of connectivity. Yet this problem will be overcome. Yet what to autonomous vehicles’ cybersecurity? We already know that autonomous cars can be hacked: Chinese hackers were able to hack a Tesla and make it veer into an oncoming lane.
If the future is autonomous, we need to be aware of the fundamentals and future of cybersecurity for autonomous vehicles. In this article, we’ll dissect current cybersecurity issues and avenues of attack. Then we’ll take a look at possible problems autonomous vehicles could soon face. Ready to learn more? Then please, keep reading.
Table of Contents
Why autonomous vehicles are hacking targets?
Autonomous vehicles’ cybersecurity is a huge issue due to the vehicles’ designs. Autonomous cars and trucks use complex software, combined with physical feedback to change lanes, avoid collisions, and maintain routes. Autonomous vehicles also require an internet connection, which exposes the cars to attack.
It’s tempting to think that autonomous cars are secure units that cannot be hacked from the outside, without access to the vehicle itself. This is not the case. While telecoms companies encrypt mobile internet, this does not eliminate the possibility of hacking.
If in future, the market becomes saturated with autonomous vehicles, cybersecurity will become a priority for these companies. There will be a preponderance of targets and attack vectors.
Non-autonomous cars can still be hacked, as Charlie Miller and Chris Valasek proved when they were able to turn a Jeep’s wheel remotely by tricking the car into thinking it was parking. On non-autonomous cars, there are only a limited number of functions that hackers can take control of. Yet on a driverless car, all of its functions are at their fingertips: this means that cybersecurity in autonomous vehicles is fraught with attack vectors.
One of the most worrying problems doesn’t rely on hackers taking control of any vehicles. The rollout of 5G technology is crucial for self-driving vehicles due to its low latency. If a hacker can take down the 5G signal, the vehicles will not be able to transmit and receive data in a fast enough time.
At its most catastrophic end, this could lead to collisions. If manufacturers integrate an emergency stop function into autonomous vehicles’ cybersecurity features, this could lead to roads being shut down by traffic of huge proportions.
Other attack vectors rely on the car’s operating system. Kidnappers could take control of a car and keep the passenger hostage, for instance. Attackers could brick the car remotely, costing its owner a large amount of money in repair costs.
It’s also theorized that self-driving cars could become integrated into the larger internet of things, which would give hackers access to other systems via your car. Could they unlock your front door or disable your burglar alarm, based on spoofed proximity? It’s certainly a possibility.
Autonomous vehicles cyber security: manufacturer defenses
As the cybersecurity of autonomous vehicles is set to become a more contentious and worrying issue, what can manufacturers do to make their cars more secure? It’s impossible, as with a computer, to make a car hackproof if it’s connected to the internet. Yet there are some measures that manufacturers can take.
Avoiding a universal programming language
One of the most important steps for autonomous vehicle manufacturers to take is to avoid the use of a universal programming language for all cars. This step alone will make autonomous vehicles’ cybersecurity less fraught with problems as hackers will not be able to use one attack across all cars.
Using machine learning
Training machine learning to identify unusual behaviour on autonomous cars will also be a critical part of cybersecurity for autonomous vehicles. For instance, machine learning could and should be able to recognize that putting a vehicle into parking mode when travelling at 80 mph is not normal behaviour and could shut it off.
Not all cars should connect to the same network at once: there needs to be a diversification of networks that will allow only around 5-10 per cent of all autonomous vehicles on the road to be connected to one 5G network in an area. This would mean any attack would be less likely to cause heavy traffic problems.
We’re all familiar with MFA on our email and social media but it could be useful on vehicles. If a car is keyless and requires the driver to have a smartphone app to use, MFA could play a part in preventing hacks here, too.
Legal issues caused by cyber security in autonomous vehicles
The proliferation of autonomous vehicles and any cybersecurity holes in their software raises profound legal issues. If hackers hijack a vehicle and it then kills a pedestrian or another driver, who is at fault? Evidently, the hackers will be at fault but will it end there?
Will the driver be at fault for failing to make any necessary adjustments and for allowing the collision? Will the manufacturer be at fault for leaving a security hole in place, even if it was unknown? The implications of cybersecurity in autonomous vehicles pose philosophical questions that we, as a society, are yet to answer.
Do you want to join the conversation?
Are you interested in joining the conversation around autonomous vehicles cyber security and cybersecurity at large? Swiss Cyber Forum offers a collaborative environment for cybersecurity professionals, offering training and other events at regular intervals.
If you’re a professional interested in learning from your colleagues in the industry, why not become a member? For more information on our network, please take a look around our site.