Driving away your freedom

Where the Autonomous Vehicle begins, your free, secure driving days end

"Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model—requiring prior physical access—has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them."  Comprehensive Experimental Analyses of Automotive Attack Surfaces (Stephen Checkoway et al.)

Electronics  systems  have  become  critical  to  the  functioning  of  the modern  automobile.  Enabled  by  advances  in  sensors,  microprocessors, software,  and  networking  capabilities,  these  systems  are  providing  a  rich and  expanding  array  of  vehicle  features  and  applications  for  comfort, convenience,  efficiency,  operating  performance,  and  safety.  Almost  all functions  in  today’s  automobile  are  mediated  by  computer-based  electronics  systems.  Some  of  these  systems  have  improved  on  capabilities once provided by mechanical, electromechanical,  and hydraulic  systems. In  many other cases,  electronics  systems  are  enabling  the  introduction  of new  capabilities,  including  a  growing  number  of  applications  intended to  assist  the  driver  in  avoiding  and  surviving  crashes. The next logical step envisioned a totally self-driven, or autonomous, vehicle, which may completely replace the human controller. Although a very old concept, the more advanced spectrum of artificial-intelligent circuitry provided the impetus current developers needed to convince governments and manufacturers of the technology's promise. However, the interest stems more from curiosity than potential support.

Autonomous systems are best deployed in a highly controlled environment, which demands smart coordination of all vehicles on the streets to traffic lights to even traffic signs. Each vehicle, traffic light, and traffic sign must share their status to one another to effect violation/accident-free safe zones. All vehicles must be uniformly controlled and monitored by a central traffic intelligence system. Essentially, a smart traffic light/sign must initiate start/stop processes via the vehicle's artificial intelligence control. Speed limitations should be governed by monitoring the imbedded GPS speedometer subsystem.

Interconnectivity   with  devices  and  networks  external  to  the  vehicle  will  provide  the desired  functions.  System  interconnectivity  and  complexity  are  destined  to  grow  as the  capabilities  and  performance  of  electronics  hardware,  software,  and networking  continue  to  expand  along  with  consumer  demands  for  the benefits  these  interconnected  systems  confer.  Networked  electronics  systems  and  software  will  continue  to  be  the  foundation  for  much  of  the innovation  in  automobiles  and  may lead to fundamental changes in how the responsibilities  for  driving  tasks  and vehicle control are shared among the  driver,  the  vehicle,  and  the  infrastructure.

Increased interconnected    systems are  creating  opportunities  to  improve  vehicle  safety  and  reliability  as  well  as demands  for  addressing  new  system  safety  and  cybersecurity  risks.  As  systems share  sensors  and  exchange  data  to  expand  functionality,  an  emerging safety  assurance  challenge  is  to  prevent  (a)  the  unintended  coupling of  systems  that  can  lead  to  incorrect  information  being  shared  and (b)  unauthorized  access  to  or  modifications  of  vehicle  control  systems, both  of  which  could  lead  to  unintended  and  unsafe  vehicle  behaviors. A critical  aspect  of  this  challenge  is  to  ensure  that  the  complex  software programs  managing  and  integrating  these  electronics  systems  perform as  expected  and  avoid  unsafe  interactions.  Another  is  to  ensure  that the  electronics  hardware  being  embedded  throughout  the  vehicle  is compatible  with  the  demanding  automotive  operating  environment, including  the  electromagnetic  environment,  which  may  be  changing  as electronics  devices  and  accessories  are  added  to  automobiles.  Inasmuch as  many  problems  in  software  and  electromagnetic  interference  may leave  no  physical  trace  behind,  detection  and  diagnosis  of  them  can  be more  difficult.

By  enabling  the  introduction  of  many  new  vehicle  capabilities  and changes in familiar driver interfaces,  electronics  systems  are  presenting  new human factors  challenges  for  system  design  and  vehicle-level  integration.  Although  automotive  manufacturers  spend  much  time  and  effort  in  designing  and testing  their  systems  with  users  in  mind,  the  creation  of  new  vehicle capabilities  may  lead  to  responses  by  drivers  that  are  not  predicted  and that  may  not  become evident  until  a  system  is  in  widespread  use.  Drivers unfamiliar  with  the  new  system  capabilities  and  interfaces  may  respond to  or  use  them  in  unexpected  and  potentially  unsafe  ways.  Thus,  human factors  expertise,  which  has  always  been  important  in  vehicle  design  and development,  is  likely  to  become  even  more  so  in  designing  electronics systems  that  perform  and  are  used  safely. 

IT is enabling nearly all vehicles to be equipped with  EDRs  that  store  information  on  collision-related  parameters,  as  well  as enabling  other  embedded  systems  that  monitor  the  status  of  safety-critical electronics,  identify  and  diagnose  abnormalities  and  defects,  and  activate  predefined  corrective  responses  when  a  hazardous  condition  is  detected.  Access to data logged in EDRs can aid crash investigators, while diagnostics systems  can  facilitate  vehicle  repair  and  servicing  and  inform  automotive manufacturers  about  possible  system  design,  engineering,  and  production  issues.  Continued  advances  in  electronics  technology  and  their  proliferation  in  vehicles  can  be  expected  both  to  necessitate  and  to  enable  more applications  for  monitoring  state  of  health,  performing  self-diagnostics, implementing  fail-safe  strategies,  and  logging  critical  data  in  the  event  of crashes  and  unusual  system  and  vehicle  behaviors.

Even  with  the  increasing resources provided by local artificial intelligence,  the  driver  remains  the  critical  determinant  of  safe  performance.  Driver  actions  and  inactions  contribute  to  the  majority  of  crashes  and  are  most  often  labeled  as the  proximate  causes.  The  label  of  driver  error,  however,  can obscure  the  role  that  vehicle  designs  can  play  in  crash  causation if  insufficient  consideration  is  given  to  human  capabilities  and limits.  The  new  capabilities  of  vehicle  electronics  promise  to eliminate  or  mitigate  some  driver  errors,  but  they  risk  introducing  new  ones  if  drivers  are  not  properly  considered  as  integral  to the  vehicle  system. The  field  of  human factors  engineering  provides  various  standards,  guidelines,  and  test  procedures  to  aid  in  the  design  of systems  that  are  less  likely  to  induce  driver  errors.  These  practices  apply  to  the  physical  layout  of  the  vehicle  to  ensure  that drivers  can  see,  reach,  and  operate  vehicle  controls.  For  example,  human  factors  practices  guide  the  placement,  width,  and length  of  the  brake  and  accelerator  pedals  to  minimize  pedal misapplication.  Human  factors  practices  also  apply  to  the  design of  dashboard  warning  lights  and  control  levers  and  buttons  to ensure  that  drivers  can  easily  interpret  information  and  control critical  vehicle  systems.  Traditional  safety  analysis  tools  such  as failure  mode  and  effects  analyses  (discussed  below)  help  ensure that  design  choices  are  consistent  with  driver  expectations  and response  tendencies. Increasingly,  automotive  manufacturers  apply  techniques that  have  been  developed  to  make  other  consumer  products user-friendly,  such  as  user-centered  requirements  generation and  usability  testing.  Their  applicability  is  growing  as  vehicle electronics  assume  greater  control  of  the  vehicle  through  such features  as  adaptive  cruise  control,  collision  warning  systems, lane-keeping  aids,  and  automated  braking  systems.  These  and similar  “mixed  initiative”  systems  could  cause  the  driver  to misunderstand  and  be  startled  by  the  electronics  even  when the system is operating as designed. 

Low-level sensors used in autonomous cars cannot distinguish a heavy snowfall from a snow-covered vehicle. Therefore, the vehicle's computer only 'sees' a blank white background.

A  major  challenge  for  system  designers  is  in  understanding the  long-term  adaptation  of  the  driver  to  the  electronics  and  the degree  to  which  the  driver  will  assume  that  the  vehicle  is  capable of  certain  control  functions.  For  example,  drivers  might  begin  to believe  that  the  vehicle  carries  out  some  control  functions  in  a way  that  is  inconsistent  with  the  designers’  intent.  Advances  in driving  simulators  and  instrumented  vehicles  are  thus  being developed  to  give  human  factors  engineers  new  tools  to  assess and  model  how  the  driver  and  automotive  electronics  will  interact.  In  this  sense,  automotive  vehicles  exemplify  the  mass  adoption  of the assisting  or operating “robot,” partnering with humans to  ease  or  even  take  over  the  human  workload.

Although onboard artificial intelligence systems are vulnerable to cyber attack, self-driving cars will be irresistible to hackers. Researchers have already hacked a normal car, so how what are the risks once self-driving cars reach our roads? [Interior of a steering wheelless Rolls Royce concept. The Guadian-2016]

Speaking exclusively to the Guardian, Eddie Schwartz, the vice president of global security solutions for Verizon's enterprise subsidiary, said that the cyber-security industry is still 40 years from maturity, and that the first half of the 21st century will see the number of targets increase exponentially.

"All of the major automobile manufacturers are working on self-driving cars," Schwartz explained. "For cars to be able to self-drive, they have to be able to negotiate with each other. You can't negotiate something like that without having some security principles behind it. So cars have to do basic things that we do with each other, like recognise each other – authentication.

"OK, I authenticate to you, that means there has to be an underlying artefact, a certificate or something like it that says 'you're an authorised car, and I'm an authorized car, therefore we can exchange this information really fast.' And you stop and I turn.

Schwartz described "a million applications" in the car industry alone designed for machine-to-machine communications with potentially a million underlying security issues.

Even normal cars are susceptible to hacking attacks. In August, a pair of researchers demonstrated attacks on a Ford SUV and Toyota Prius which enabled them to slam on the brakes, jerk the steering wheel, or accelerate the car using a laptop plugged into the the diagnostics port.

In 2011, a different team of researchers managed to penetrate similar systems through bluetooth, mobile data and even a malicious audio file burned onto a CD played in the car's media player.

But self-driving cars have many more avenues of communication with the outside world, and – definitionally – less oversight from a driver to correct any errors.

A ransom for your medical data? As well as self-driving cars, Eddie Schwartz cautioned that the entire field of machine-to-machine communications, also known as "the internet of things", presents an enticing target to hackers.

"How many IP-based [internet connected] devices does the average person have in their home today? Most people can't even count them. If you ask them, they would probably say 'oh, I have two computers and a whatever', but the reality is it's probably more like 20 to 30 if they start thinking about it… You're going to see a spill from 4 or 5bn IP devices to hundreds of billions over the next 10 years."

Schwartz cautioned that with the growth of new devices and services in the health space the potential for malicious hacks will grow exponentially, including devices that gather intimate personal medical data.

"These are going to be embedded solutions. It's going to be wireless communications or NFC. These are machine-to-machine communications, and for critical care, they are going to have telemetry going on 24/7.

The fully connected autonomous car will likely require a service provider for internet and GPS connectivity. By not paying your internet/cellphone bill in an IoT environment, it is likely that your IP can deny your driving priviledges. 

"There's an underlying security and privacy issue: imagine ransom-ware [software such as Cryptolocker that breaks devices and demands a fee to fix them] in that world." Experiments have been conducted by researchers at the University of  Washington  and  Mr. Checkoway and associates  at the  University  of  California,  San  Diego,  to examine  cybersecurity  vulnerabilities  in  modern  automobiles. They  have  demonstrated  how  individuals  with  sufficient  skill and  malicious  intent  could  access  and  compromise  in-vehicle networks  and  computer  control  units,  including  those  controlling  safety-critical  capabilities  such  as  braking,  exterior  lighting, and  engine  operations.  In  the  laboratory  and  in  road  tests,  the researchers  first  demonstrated  the  ability  to  bridge  internal  networks  and  bypass  what  the  researchers  described  as  “rudimentary”  network  security  protections  to  gain  control  over  a  number of  automotive  functions  and  ignore  or  override  driver  input, including  disabling  the  brakes,  shutting  off  the  engine,  and  turning  off  all  lights.  To  do  so,  they  extracted and  reverse-engineered  vehicle  firmware  to  create  messages  that could be sent on the CAN through the OBD port to take control of  these  systems.  This  included  the  insertion  of  code  in  the  control  units  to  bridge  across  multiple  CAN  buses.  In  follow-up experiments,  the  researchers  examined  all  external  attack  surfaces  in  the  vehicle  to  demonstrate  and  assess  the  possibility  of remote access  to  cause similar  outcomes. The  experiments  indicated  that  such  exploitation  can  occur through  multiple  avenues,  including  those  requiring  physical access  to  the  vehicle  (e.g.,  mechanics’  tools,  CD  players)  and those  using  remote  means  such  as  cell  phones,  other  shortrange  wireless  devices,  and  tire  pressure  monitoring  systems. 

Your IP can determine the mileage allowable by your autonomous vehicle  according to your contract. The higher the payment, the greater mileage the vehicle will be granted.

The  committee  was  briefed  by  the  researchers,  who  described in  more  detail  the  many  possible  means  by  which  an  adversary could  attack  a  vehicle  in  the  manner  outlined  above  and  the implications  for  the  safe  operation  of  a  vehicle. In  the  briefing and  published  papers  cited,  the  researchers  surmise  that automotive  manufacturers  have  designed  their  networks  without  giving  sufficient  attention  to  such  cybersecurity  vulnerabilities  because  automobiles  have  not  faced  adversarial  pressures (unlike  PCs  connected  to  the  Internet)  and  because  of  the  incremental  nature  by  which  these  networks  have  been  expanded, interconnected,  and  opened  to  external  communication  channels. Recognizing that high levels of interconnectedness among vehicle  control  units  are  necessary  for  desired  functionality,  the researchers did not propose the creation of physically isolated networks.  Instead,  they  proposed  the  hardening  of  remote  interfaces and  the  underlying  code  platform,  greater  use  of  antiexploitation mitigations  used  elsewhere,  and  the  use  of  secure  (authenticated and  reliable)  software  updates  as  part  of  automotive  component design. The  committee  notes  that  although  the  researchers  did  not give  specific  examples  of  a  vehicle  having  been  compromised  by such  an  external  attack,  cyberattacks  in  the  field  have  been reported. One such incident, in early 2010, involved a former employee  of  an  automotive  dealership  alleged  to  have  remotely hacked  into  systems  that  had  been  installed  in  purchased  vehicles  to  track  their  whereabouts  and  gain  access  to  them  in  the event  of  a  bank  repossession.  About  100  private  vehicles  were targeted;  their  starters  and  GPS  were  deactivated  and  their  horns were  triggered.  Many  of  the  owners  were  stranded  and  incurred towing  expenses,  according  to  media  reports. Obviously, had such  an  attack  compromised  a  vehicle’s  power  train,  braking, and  other  operating  systems  while  being  driven,  the  consequences  could  have  been  much  more  severe.

···Ebook update: Learn more about IoT, artificial intelligence, and cloud computing and their collective impact on society

https://www.amazon.com/-/e/B01HA82EA8?ref_=pe_1724030_132998070

Now available for download