Cyber vulnerabilities of self-driving cars laid bare in study by tech giants

News by Andrew McCorkell

Government-backed project by telecoms and tech giants develops cybersecurity blueprint for self-driving cars at a critical time with projected growth worth £28 billion expected by 2035.

A UK funded project that lays the ground for connected and autonomous vehicles has tested their cybersecurity working with O2 and Cisco.

The test project comes at a crucial time for the growing connected and autonomous vehicle market, in an industry that is projected to be worth £28 billion by 2035.

As a blueprint for getting self-driving cars on the road, it has been funded by Innovate UK, the UK Government-funded innovation agency, and the Centre for Connected and Autonomous Vehicles (CCAV) to boost the development of cybersecurity testing capabilities.

The project worked with partners Cisco, Millbrook Proving Ground, and Warwick Manufacturing Group as well as the engineering, manufacturing, and technology department at the University of Warwick.

As part of a 12-week-long Baselining, Automation and Response for CAV Testbed (BeARCAT) cybersecurity project, O2 provided access to its technical experts.

The O2 cybersecurity experts determined the types of cyber-attack and attackers that pose the greatest threat to CAV networks2.

The investigation was used to develop models to classify, manage, and mitigate cybersecurity risks for intelligent transport systems.

It is thought they will be vital for the safety and security of road users in the future.

Niels Schweisshelm, technical programme manager, HackerOne said: “When it comes to cybersecurity in the automotive sector, one of the most commonly exploited vulnerabilities is around vehicle access and theft. Typically, hackers exploit weak encryption/ algorithms in the radio frequency, which means they can hack the key fob transaction to gain illegal access.

“Other access points to the vehicle include Bluetooth, which is on anytime the vehicle is running, the Wi-Fi hotspot, ADAS sensors around the vehicle or even the tire pressure monitoring sensor. Essentially, anything connected can leave a vehicle vulnerable.

“Security testing on cars is still in its early days, but as connected technology becomes ever more embedded in vehicles, we need to take the threat more seriously than ever before.

“Cybercriminals will always try to stay one step ahead and explore creative avenues to take advantage of emerging technologies and this is no different in the automotive sector. To combat this, we need to allow security researchers the same freedom to test in the name of safety - this will be the key to ensuring the ongoing security of future vehicles.”

It comes after a Cabinet Office report calculated that cybercrime costs the UK economy £27 billion annually, £21 billion of that to businesses, £3.1 billion to citizens, and £2.2 billion to the Government.

The automotive cybersecurity market and the UK CAV market is estimated to grow to around £28 billion by 2035.

The project, led by Cisco and conceived at a leading vehicle testing facility - Millbrook Proving Ground, in Bedford -  ran from 1 January to 31 March 2020.

Speaking to SC Magazine, Peter Stoker, chief engineer - connected and autonomous vehicles at Millbrook said: “The importance of cyber integrity in a connected vehicle fleet and associated networks cannot be underestimated, as the implications for their safe operation and control could be far-reaching and damaging.

"As the industry evolves towards increasing autonomy, this impact has the potential to become even more disruptive, unless steps are taken now to develop, test and validate systems to mitigate these threats.”

Recommendations were put forward by the consortium to Innovate UK to form the basis of a future cybersecurity CAV test facility, which outlined the design, development, and trialling of the outputs of the phase study.

Brendan O’Reilly, CTO at O2 said: “If connected and autonomous vehicles are going to become a permanent fixture in our day-to-day lives, it will be critical that governments and the public feel reassured that this technology is secure from cyber-attacks."

Joel Obstfeld, an engineer in Cisco’s Emerging Technology and Incubation Team said the key to the success of the BeARCAT project was that it brought together expertise from key sectors to the CAV ecosystem.

Obstfeld said: “From the operational expertise of the O2’s cybersecurity experts, Millbrook’s experience in the testing environment, the academic research capabilities of WMG, to Cisco’s expertise in networks and security services, BeARCAT offers a great example of the cross-disciplinary thinking required to create a viable testing framework to address cybersecurity challenges for CAVs in the UK.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews