The December 2022 issue of IEEE Spectrum is here!

Close bar

Researchers Prove Connected Cars Can Be Tracked

Just a handful of wireless ‘sniffing stations’ can pinpoint V2V and V2I cars

3 min read
Researchers Prove Connected Cars Can Be Tracked
Photo: GM Global

Connected cars that communicate with other vehicles or transport systems to improve safety and traffic flow can easily be tracked, a security researcher has shown.

In an experiment undertaken on the campus of the University of Twente in The Netherlands, two wireless sensing stations were able to pinpoint a target vehicle nearly half the time, according to Jonathan Petit, Principal Scientist at Security Innovation, a software security company.

“You can build a real-time tracking system using off-the-shelf devices with minimum sophistication,” says Petit. In a paper to be presented at the Black Hat Europe security conference in November, he describes being able to place a security vehicle within either the residential or the business zones of the campus with 78 percent accuracy, and even locate it on individual roads 40 percent of the time.

Vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communications, together known as V2X, promise to make roads smoother and safer in the future by allowing cars to automatically share information about their location, speed and trajectory. The U.S. National Highway Traffic Safety Administration (NHTSA) estimates that if drivers could be warned about possible collisions, half of all crashes, injuries, and fatalities at intersections and during left-turn maneuvers might be avoided. NHTSA is due to rule next year on when and how V2X should be implemented; GM has already announced that the 2017 Cadillac CTS will incorporate the technology.

The system relies on connected cars broadcasting messages ten times a second, using a portion of the Wi-Fi spectrum at 5.9 gigahertz known as 802.11p. Cars within a few hundred meters can receive these messages and use them to build up a picture of the traffic around them. Official roadside receivers might also use data from passing vehicles to monitor congestion, alter traffic light timing or optimize transit.

However, there is nothing to stop anyone else from also tuning in to the messages using a wireless ‘sniffing station’. Data in the messages a vehicle sends is unencrypted, to allow other vehicles to use the speed and position information being broadcast. But while there is no personally identifiable data (such as a license plate) within the message itself, each wireless bulletin is digitally signed to ensure that fake messages can’t be introduced to disrupt traffic or possibly even cause accidents. It is these digital signatures that Petit’s system tracks.

“If I install sniffing stations along the route, I will be able to eavesdrop on all the packets that you send,” says Petit. “However, there is a general misconception that such attacks are only accessible to governmental agencies or large companies with the resources to cover every road junction.”

Petit and colleagues from the University of Twente and University of Ulm installed sniffing stations at just two intersections on Twente’s campus (out of a possible 21), and equipped a security vehicle with a standard V2X transmitter. Over 16 days of normal operation, the vehicle transmitted over 2.7 million messages, of which the sniffers detected just 40,000, or around 3 percent. Even with this relatively minuscule amount of information, Petit was able to locate the vehicle roughly 40 percent of the time, and place it within either zone of the campus with much higher accuracy. “Burglars could wait until all police vehicles are outside of a certain area before attempting a robbery,” he notes.

One solution proposed by NHTSA and European authorities is for vehicles to sign their messages using pseudonyms that automatically change every five minutes. But Petit found that even this was not enough to outfox his system. “Changing pseudonyms every five minutes just leads to a 50 percent increase of the cost for the attacker, meaning they’ll have to install 50 percent more sniffing stations,” he says.

With sniffing stations currently costing around $550 each, that would probably dissuade all but the most deep-pocketed attacker. However, technology only gets cheaper. Petit already believes that sniffing stations could be built from a Raspberry Pi chipset, a Wi-Fi radio, battery, and SIM card to upload the data to the internet. “A real-time tracking system would be really cheap and really small,” says Petit. “I could drop one at an intersection and nobody would notice it.”

Ultimately, says Petit, pseudonyms will help to confuse attackers but might not be able to protect drivers’ privacy completely. Petit is now working with Ford, GM, and other carmakers to develop strategies to help secure connected cars. One interesting finding from his experiment was that a Manhattan-style grid of roads makes it difficult for potential attackers because there are more connections between the intersections. “This raises the idea of privacy-enhancing road networks, where cities are designed with the concept of privacy at their core,” he says.

The Conversation (0)

Chinese Joint Venture Will Begin Mass-Producing an Autonomous Electric Car

With the Robo-01, Baidu and Chinese carmaker Geely aim for a fully self-driving car

4 min read
A black car sits against a white backdrop decorated with Chinese writing. The car’s doors are open, like a butterfly’s wings. Two charging stations are on the car’s left; two men stand on the right.

The Robo-01 autonomous electric car shows off its butterfly doors at a reveal to the media in Beijing, in June 2022.

Tingshu Wang/Reuters/Alamy
Purple

In October, a startup called Jidu Automotive, backed by Chinese AI giant Baidu and Chinese carmaker Geely, officially released an autonomous electric car, the Robo-01 Lunar Edition. In 2023, the car will go on sale.

At roughly US $55,000, the Robo-01 Lunar Edition is a limited edition, cobranded with China’s Lunar Exploration Project. It has two lidars, a 5-millimeter-wave radars, 12 ultrasonic sensors, and 12 high-definition cameras. It is the first vehicle to offer on-board, AI-assisted voice recognition, with voice response speeds within 700 milliseconds, thanks to the Qualcomm Snapdragon 8295 chip.

Keep Reading ↓Show less