Can consumer-owned self-driving cars like those being made by Tesla, BMW and Mercedes and others be secured from cyber attack? The hackers who famously commandeered a Jeep Cherokee using software attacks say they aren’t so sure.
Three years after putting the automotive industry on notice with their remote compromise of a Jeep Cherokee, Charlie Miller and Chris Valasek said that securing consumer owned vehicles is a much harder problem than securing corporate owned fleets of vehicles like those operated by GM’s Cruise Automation and Uber.
“It’s a harder problem that we haven’t thought too hard about that because we haven’t needed to,” said Miller. “But its certainly a harder problem.” “I’m glad I don’t have to solve that problem right now,” added Valasek at a press conference following their talk at Black Hat on Thursday.
Cruise vehicles travel known routes and return to a company garage each evening. That allows the company to make software updates or even hardware updates as needed. However, automakers trying to manage globally distributed fleets of self driving cars won’t have that luxury and may find themselves hampered by the difficulty of modifying software and hardware on vehicles that are not under their direct control – vehicles that may go months without being serviced.
[See also:Expert says: Hack your Smart Home to Secure It]
In a presentation, the two said that, for all their eye popping capabilities and sophisticated sensing equipment, autonomous vehicles are like “data centers on four wheels” when looked at through the lens of information security. They present mostly known challenges, many of which can be solved with existing tools and technologies.
Car makers need to reduce the attack surface of vehicles by removing unnecessary or redundant features and limiting – if not eliminating – inbound connections. Software needs to be verified from the firmware embedded on hardware in the car to the software applications that allow users to interact with the vehicle. Data leaving the vehicle should be encrypted as well and any software updates need to be signed and verified.
“Almost everything that we’re doing and talking about has been done before,” Miller told The Security Ledger.
Still, many technology standards used in automobiles are outdated and insecure, the two agreed. The Controller Area Network (or CAN bus) that is the communications backbone of most vehicles lacks the capacity to handle large, fast data loads that autonomous and self driving vehicles demand. In addition, the version of Ethernet used in many vehicles relies mostly on the UDP – User Datagram Protocol – rather than the more common TCP protocol and do not use encryption to protect the data sent back and forth between components. Furthermore, long vehicle supply chains of hardware and software make it difficult and time consuming to improve the security of vehicles, short of starting from scratch.
The two said that their 2015 hack, though controversial, was successful in getting car makers to focus on and prioritize cyber security.
GM and Cruise, the two said, give high priority to the security issues the two raise and prioritize security in their design of autonomous driving systems.
Fleets of corporate owned autonomous vehicles like Cruise Automation’s may offer a more secure alternative to consumer-owned and operated vehicles: allowing for regular and predictable maintenance and updates. Fleets of self driving cars also allow vehicle makers like GM to start from scratch in the design of the vehicle and keep= finished vehicles out of the hands of owners who could dismantle them and figure out their inner workings. Security through obscurity – while of dubious value as a security practice – may have some use in the autonomous driving space, Valasek told the audience.
Still, the two said that securing self driving cars isn’t impossible – especially if car makers are careful not to lock in security features, but to allow their vehicles to be flexible and capable of adapting to both software and hardware changes over time.
“You can’t lock in security,” said Miller. “This needs to be iterative and flexible.”
