When we think of autonomous driverless cars, we usually give them a science-fiction sheen. We think of clean, state-of-the-art vehicles, whisking us smoothly from place to place, silently and without a hitch. The reality, unfortunately, could be different. While driverless cars should theoretically be safer than cars driven by people because they eliminate human error (and don’t use phones or change the radio whilst driving), driverless cars pose a different type of risk. The threat of cybercrime associated with driverless cars is considerable and real. Improving cybersecurity in driverless cars is essential.
The problem is simple. For driverless cars to function properly involves data collection and exchange on an enormous scale. Every time a piece of data is transferred provides an opportunity for a hacker to commit cybercrime. As the age of the driverless car looms closer, steps must be taken to safeguard passengers, other road users and pedestrians.
Are Driverless Cars a Risk to Car Users?
The risks posed to driverless car passengers by cybercrime can be divided into three areas:
- Risks while travelling
- Privacy issues
- Theft of personal property
One of the earliest demonstrations of automotive cyber hacking was In 2015 when two researchers spotted a vulnerability in the in-car entertainment system of the Jeep Cherokee. They did this by discovering a way to guess the password that the car’s computer automatically generates when you use it for the first time.
Through this hack, the researchers could remotely control the entertainment system. However, turning up the volume on the radio was just the start. By remotely installing firmware updates, they were able to take control of the car. This standard Jeep became a real-life remote-controlled car. The researchers could control everything about it, even the brakes and the steering wheel.
Chrysler recalled this model of Jeep Cherokee to fix the vulnerability. Tesla suffered from a similar hack by Chinese researchers in 2017, but claim to have plugged the gap in their security. However, the problem remains. If real cybercriminals hacked into your car’s system and started controlling your accelerator and brakes, your safety would be severely compromised.
Threats to privacy arise because of the vast amount of data that is transferred between driverless cars and their connected surroundings and paired IoT technologies including your phone or your smart key fob. Every movement your car makes will be tracked, some of the data that is produced by will be personal, unique to you, such as the addresses you travel to and the times you travel most. If this data gets into the wrong hands, it could lead to identity theft issues.
Finally, there is an issue regarding your driverless car and your personal property. If they are all connected, your car could theoretically know when you are half an hour away from home, then switch on your central heating, so it’s nice and warm when you arrive. Maybe when you’re half a minute away, it could open your garage door? While that sounds super-convenient, if a hacker got into this system, they could walk right in and commit theft in your home.
Risks to Society
It’s not just car users that are threatened by cybercrime. Because of the connected infrastructure that will be needed to make driverless cars move smoothly, society as a whole needs to be aware of the potential risks.
For driverless cars to function in a ‘smart’ city, everything needs to be connected. As well as the cars themselves, traffic lights, roadside sensors, even the electricity grid need to be able to talk to each other and transfer data. If cybercriminals hacked any of these, it would affect everybody.
Cybercriminals might also be able to hack into driverless cars on a massive scale. For example, they could attack every Toyota, or every driverless car using Google’s. Waymo system. Stopping every Toyota on a highway would impact more than only Toyota drivers.
Solutions to Automotive Cybercrime
What can be done to solve these potential problems? Opinion is divided, which is why there has been little concrete progress in combating cybercrime in driverless cars. Manufacturers are more concerned about developing the best product and being the first to achieve scale in the industry, than by addressing concerns about cybersecurity. The united front, the holistic approach that is needed, hasn’t happened yet.
Some believe that blockchain could be the key to creating the ‘hack-proof’ car. Because blockchain keeps data that is protected, tamper-proof, time-stamped and linked to data that has come before it, networks can quickly assess whether data is secure or fraudulent. In driverless cars, blockchain could be used to confirm whether data being sent to or received by a vehicle is correct, or whether it has been provided by a foreign body or hacker.
With every new technology, there will always be challenges. To meet them, preparation is vital and a united front is always more effective than going it alone. Will the automotive industry rise to overcome these challenges? In the next few years, we will find out.
Director, Hampleton Partners
Henrik is a highly-experienced CIO, having worked at the most senior levels internationally in both the private and public sector. His experience runs from Navision, now Microsoft Business Solutions, to the Danish Ministry of Finance, where he lead the entire horizontal government IT complex. He then headed up SAS Institute’s Information Management Division out of Copenhagen, working with early Big Data and Advanced Analytics Technologies. Henrik has been based in Silicon Valley since 2012, founding eCommerce and international business development companies. He is also the co-author of Return of the Vikings: Nordic Leadership in Times of Extreme Change.