Autonomous and connected vehicles are expected to improve traffic flow and safety, but they also represent a new target for cybercriminals. The growing complexity of software and communication interfaces makes connected and autonomous cars more vulnerable to attacks. Cybersecurity breaches result in a loss of data privacy, negatively impact car safety and even cause accidents. Therefore, appropriate safety measures and effective and robust cybersecurity solutions are essential.
6 Security Risks That Threaten Autonomous and Connected Vehicles
Autonomous vehicles communicate with other vehicles and infrastructure via external networks that can be exploited by hackers. Autonomous vehicles process a lot of information, such as image related data from deep learning algorithms. Large amounts of data are prone to adversarial attacks and increased false positives. Below, you’ll find a review of the most common attacks that threaten connected and autonomous vehicles.
1. Attacks on Smart Remote Keys
Passcodes and remote keys are based on Infrared Radiation (IR) and Bluetooth technologies. Hackers can crack IR communication easily with a brute force attack and manipulate Bluetooth connectivity to leak private information.
2. Attacks on Cloud-Based Networks
Self-driving vehicles process large volumes of data that are stored in the cloud. Sending and receiving data from the cloud is a security vulnerability because attackers can compromise data centers. Threat actors exploit data center breaches to access sensitive information such as vehicle safety features.
3. Malware Attacks—Software Security
Software security is an important factor in vehicle safety. Automotive manufacturers are facing the same security challenges as any other software organization. The most common factors that render software security are the pressure to meet deadlines, coding errors, lack of education on secure coding practices, and lack of vulnerability testing in production.
Autonomous vehicles are equipped with a range of sensors that help them navigate roads, detect other vehicles on the road, stop for pedestrians, and handle any unexpected dangers. Each type of sensor has its own strengths and weaknesses in terms of range, detection capabilities, and reliability. Sensors like cameras, LiDAR and GPS are vulnerable to the security threats explored below.
Autonomous vehicles use GPS data to locate and navigate the vehicle with great accuracy. Data from GPS satellites in the public domain can be easily accessed by anyone. Hackers can manipulate GPS data to provide wrong directions or to control the routing of the vehicle. This leads to security and safety issues of passengers. Manipulation of GPS signals is known as GPS spoofing and jamming.
Light Detection and Ranging (LiDAR)
Light Detection and Ranging (LiDAR) is used to localize the environment, detect and avoid obstacles. LiDAR technology measures the time it takes for light to travel to and from the vehicle. The measured times determine the distance to the object location. Hackers can send a signal of the same frequency to the LiDAR scanner and manipulate the object location. The vehicle may think that an object is nearby and stop, when in reality the object is far away.
Inertial Measurement Unit (IMU)
Inertial Measurement Unit (IMU) is an electronic device that measures the velocity, acceleration, and orientation of the vehicle. IMU also monitors dynamic environmental changes like the steepness of a road. Malicious modification of IMU data causes false-positive recognition of road steepness. Attackers can force the vehicle move slowly on steep roads, thus slowing down the entire traffic flow.
5. Network Attacks
A network attack is a method used to maliciously compromise network security. Every endpoint in the network is a part of the network attack surface. Hackers deploy malware and advanced persistent threats (APTs) on endpoints, for the purpose of gaining access to a network. Usually a network is exploited through remote access Wi-Fi and even local area networks (LANs).
V2X Network Attacks
Vehicle to everything (V2X) communication is a technology that enables data exchange between a connected vehicle and other cars and infrastructure. Attackers exploit this type of communication to expose the network access points.
Communicating channels between a car and external devices like smartphones are established through Wii, Bluetooth and GSM protocols. These protocols are inherently vulnerable and contain known bugs, which attackers can exploit.
Vehicle to Vehicle (V2V) Network Attacks
The main goal of V2V networks is to prevent accidents by opening a channel of communication between vehicles. Connected vehicles use the V2V network to transmit information about speed, location, travel route, braking, and loss of stability.
The major drawback of V2V communication is the use of insecure and unencrypted protocols that enables attackers to eavesdrop the traffic between vehicles. For example, when attackers launch an Impersonation attack, they deploy a malicious car that connects to the host vehicle. After establishing communication, the false car sends malicious code and receives sensitive information like authentication keys.
Vehicle to Infrastructure (V2I) Network Attacks
Autonomous vehicles use V2I to communicate with surrounding infrastructure systems, such as intelligent traffic signs and lights, and cellular network nodes. An attacker can easily gain access to a vehicle network and ECUs through such communication.
6. APT Attacks
Engine Control Unit (ECU)
ECU is an electronic control module for sensors and actuators in a vehicle. A typical vehicle consists of more than 100 ECUs. The proprietary code inside the ECU makes it safe and secure.
Attackers can update the ECU with malicious firmware and manipulate its state and actions using the external interface. They modify the ECU memory and security keys using hashing techniques and authentication of software updates. Such attacks are referred to as a direct access attack, because the attacker has direct physical access to the ECU.
OBD Port-based attack
Onboard diagnostics (OBD) and OBD port are present in almost all manufactured vehicles since 2008. OBD ports collect diagnostic data of vehicles. This data contains information about vehicle faults and performance.
OBD interacts with the ECU’s communicating through CAN bus. It is an external device like USB which has to be connected to the vehicle through a port. Once connected, the OBD port sends and receives data to and from the vehicle ECU’s. Hackers can then exploit and manipulate the transferred data and inject malicious code into the vehicle network.
Autonomous car security vulnerabilities are far more dangerous than malicious emails or even stolen credit card numbers. Malicious code exploits can cause real physical harm to a driverless car passenger. Rogue nations and terrorists looking to cause chaos and damage to infrastructure can also exploit these vulnerabilities.
It may take a long time for the automotive industry to ensure maximum security in autonomous vehicles. There is no doubt that hackers will attempt to breach self-driving cars, but today’s cybersecurity professionals have more powerful tactics to defend against them.
Want to take your customers' experience to the next level? Come meet HERE Mobility at #CES2020 to talk all things transport>