The electronic systems of a smart car present many weak points to would-be intruders, and the problem will get worse as cars start sharing information with each other and with the roads they drive on, argue two experts in automated automobiles. They recommend far more layers of cyberprotection than manufacturers have thought necessary.
Jonathan Petit of University College Cork, Ireland and Steven E. Shladover of the University of California, Berkeley make their recommendations in an upcoming issue of IEEE Transactions of Intelligent Transportation Systems. The authors say that their analysis seems to be the first “investigation of the potential cyberattacks specific to automated vehicles, with their special needs and vulnerabilities.”
Those needs, they note, are particularly pressing for cars that take care of most driving problems but must occasionally hand the driving back to the driver:
Recent research by General Motors (not yet published) has shown that drivers largely disengage from the driving task and monitoring of the driving environment after continuous intervals of fully automated driving ranging from 5 to 30 minutes, becoming almost totally dependent on the automation system.
Petit and Shladover break cyberattacks down into opposing categories: passive snooping versus active manipulation; mere jamming of a signal versus the substitution of a false signal for the true one; and attacks on lone cars versus those on networks of cars.
Some of this scullduggery is already possible:
GPS jamming is cheap to perform (around US $20), and some more expensive GPS jammers go even beyond jamming and perform GPS spoofing (medium threat in our system), where they replicate signals and provide false locations. A professional car thief can continue about his/her business of stealing by using a combined GPS/GSM jammer to block the car’s antitheft system from knowing and reporting where the vehicle is.
After analyzing the various means of attack for factors such as the ease of use and the seriousness of consequences, the researchers conclude that the biggest threat to a lone smart car is interference with its global navigation satellite system. “Hence, secure GNSS signal is mandatory,” they say.
For connected vehicles the biggest threat is spoofing—the sending of false messages (particularly involving GNSS signals) that may then be relayed through the network. Against this threat they propose authentication systems, based on encryption, and “misbehavior detection,” which uses algorithms to guess when something in the car’s activity just isn’t right.
Most safety engineering is centered on unintended effects, like the slipping of tires on the road. This kind, however, is directed against the malignity of an enemy, one who can respond to your every move. That’s why robocar engineers must come up with an endless stream of cyberdefenses. They’ll need to wrap smart cars in massively overlapping armor—what a soldier would call a defense in depth.