Stephen Coty, chief security evangelist, Alert Logic
Stephen Coty, chief security evangelist, Alert Logic

One of the most interesting accomplishments of the evolving Internet of Things (IoT) is the ongoing development of both partially and fully automated cars. There has been a proliferation of new car models that come equipped with advanced driver assistance mechanisms, including features such as automated parallel parking, adaptive cruise control, automatic emergency braking, and lane departure warning systems. This is set to continue with Philip Hammond, chancellor of the exchequer, announcing a focus on future mobility in his Autumn Statement, with £100m to go towards new UK testing sites for autonomous and connected vehicles. 

Autonomous vehicles are classified into five different levels by the National Highway Traffic Safety Administration.

Level 0:

No Automation

Driver has sole control over primary controls at all times

Level 1:

Function-specific Automation

One or more specific control functions such as cruise control, and automatic braking, that operate independently from one another.

Level 2:

Combined Function Automation

Two or more control functions designed to work in unison. Driver cedes primary control in certain limited situations

Level 3:

Limited Self-Driving Automation

Vehicle is capable of driving itself in most situations, but driver must be available to take control if necessary.

Level 4:

Full Automation

Vehicle is in full control of all functions. Driver doesn't need to take control at any given time.

While there are many positives to a future with driverless cars, including substantial reductions in traffic congestion and road fatalities, there are other considerations that need to be understood, such as an entirely new dimension to the cyber-threat landscape. It's not hard to imagine a world where access to your vehicles is restricted by hackers due to a ransomware attack, or attackers deliberately interfering with your car's navigation systems, intentionally causing an accident.

This, of course, is still hypothetical, with cars available to the general public in 2016 only offering level 2 automation, and companies such as Google piloting vehicles with level 3 autonomy. That being said, today's cars have become gradually more software driven through the introduction of features such as real-time traffic alerts and smartphone connectivity. Cars such as these contain between 20 to 100 computer components known as electronic control units (ECU's). Each of these ECUs is responsible for one or more features, from the monitoring of the car's steering wheel to seatbelt tightening. While the majority of ECUs communicate with each other as part of the vehicle's internal network, it is the ECUs that communicate externally which make remote manipulation possible.

This was proven in 2015 when cyber-security researchers Miller and Valaesk used a zero-day exploit to hack a Jeep Cherokee's Uconnect system. They were able to manipulate the air conditioning, radio, digital display and windscreen wipers while the car was travelling at 70mph. They were also able to cut the vehicle's transmission causing it to rapidly lose momentum. Chrysler released a patch in response to address the vulnerability, while also notifying all owners of vehicles with the Uconnect feature.

‘A Survey of Remote Automotive Attack Surfaces', a report by Miller and Valaesk, determined that a vehicle's vulnerability to remote attacks comes down to three factors;

  1. Remote Attack Surface: the presence of ECUs with remote functionality which could potentially be exploited as attack vectors
  2. Network Architecture: the extent to which a vehicle's internal network isolates ECUs with remote functionality from ECUs that control safety critical features
  3. Cyber-Physical Features: the presence of computers that control physical actions

Hackers must first compromise an ECU with remote functionality to execute a remote attack. These are typically responsible for functions such as the radio data systems, Bluetooth or mobile capabilities. Even if the attack surface is large enough, it is of little use to hackers unless the network architecture of the vehicle makes it possible to inject messages into the internet network. And finally, there needs to be a presence of ECUs that are responsible for physical safety features including steering, acceleration and braking in order to take control of the vehicle.

While all of this can sound scary, it is important to remember than there is yet to be a hack on a vehicle outside of the confines of research, and it would be extremely difficult for any attackers to carry out similar attacks on a stranger's vehicle in the current cyber-security climate.  Despite this, it is always better to take a proactive, research-driven approach when it comes to adopting new technologies. By doing this, the automotive industry will avoid lagging behind out of fear of the unknown.

Contributed by Stephen Coty, chief security evangelist, Alert Logic