The August 2022 issue of IEEE Spectrum is here!

Close bar

To Foil Cyberattacks, Connected Cars Need Overlapping Shields

There are many ways into a car's electronic guts, so engineers will have to build in massively redundant safeguards

2 min read
Lock and chain in the shape of a car.
Photo: Getty Images

The electronic systems of a smart car present many weak points to would-be intruders, and the problem will get worse as cars start sharing information with each other and with the roads they drive on, argue two experts in automated automobiles. They recommend far more layers of cyberprotection than manufacturers have thought necessary.

Jonathan Petit of University College Cork, Ireland and Steven E. Shladover of the University of California, Berkeley make their recommendations in an upcoming issue of IEEE Transactions of Intelligent Transportation Systems. The authors say that their analysis seems to be the first “investigation of the potential cyberattacks specific to automated vehicles, with their special needs and vulnerabilities.”  

Those needs, they note, are particularly pressing for cars that take care of most driving problems but must occasionally hand the driving back to the driver: 

Recent research by General Motors (not yet published) has shown that drivers largely disengage from the driving task and monitoring of the driving environment after continuous intervals of fully automated driving ranging from 5 to 30 minutes, becoming almost totally dependent on the automation system.

Petit and Shladover break cyberattacks down into opposing categories: passive snooping versus active manipulation; mere jamming of a signal versus the substitution of a false signal for the true one; and attacks on lone cars versus those on networks of cars.

Some of this scullduggery is already possible:

GPS jamming is cheap to perform (around US $20), and some more expensive GPS jammers go even beyond jamming and perform GPS spoofing (medium threat in our system), where they replicate signals and provide false locations. A professional car thief can continue about his/her business of stealing by using a combined GPS/GSM jammer to block the car’s antitheft system from knowing and reporting where the vehicle is.  

After analyzing the various means of attack for factors such as the ease of use and the seriousness of consequences, the researchers conclude that the biggest threat to a lone smart car is interference with its global navigation satellite system. Hence, secure GNSS signal is mandatory,” they say.

For connected vehicles the biggest threat is spoofing—the sending of false messages (particularly involving GNSS signals) that may then be relayed through the network. Against this threat they propose authentication systems, based on encryption, and “misbehavior detection,” which uses algorithms to guess when something in the car’s activity just isn’t right.

Most safety engineering is centered on unintended effects, like the slipping of tires on the road. This kind, however, is directed against the malignity of an enemy, one who can respond to your every move. That’s why robocar engineers must come up with an endless stream of cyberdefenses. They’ll need to wrap smart cars in massively overlapping armor—what a soldier would call a defense in depth.

The Conversation (0)

Self-Driving Cars Work Better With Smart Roads

Intelligent infrastructure makes autonomous driving safer and less expensive

9 min read
A photograph shows a single car headed toward the viewer on the rightmost lane of a three-lane road that is bounded by grassy parkways, one side of which is planted with trees. In the foreground a black vertical pole is topped by a crossbeam bearing various instruments. 

This test unit, in a suburb of Shanghai, detects and tracks traffic merging from a side road onto a major road, using a camera, a lidar, a radar, a communication unit, and a computer.

Shaoshan Liu

Enormous efforts have been made in the past two decades to create a car that can use sensors and artificial intelligence to model its environment and plot a safe driving path. Yet even today the technology works well only in areas like campuses, which have limited roads to map and minimal traffic to master. It still can’t manage busy, unfamiliar, or unpredictable roads. For now, at least, there is only so much sensory power and intelligence that can go into a car.

To solve this problem, we must turn it around: We must put more of the smarts into the infrastructure—we must make the road smart.

Keep Reading ↓Show less