Car automation has filled tech-headlines in the last couple of years and set the technologically inclined watering at the mouth. What might have seen less publicity is the looming danger of being able to hack and hijack that technology. However exciting the prospect of a self-driving car might be, it's equally as scary to think that it might not be so self-driving as the passenger might have once believed.
Even now, forms of car hacking are in relatively wide-use. London's Metropolitan police has reported that 6,000 vehicles in the capital were stolen with small devices that hack the locks and ignitions of keyless cars and car-hacking manuals are readily available. This danger hasn't gone on so much unrecognised as it has been overlooked.
Tony Dyhouse is a cyber-sec veteran of the Trustworthy Software Initiative, an initiative which wants to help bring about a sea-change in the way we look at software. He sat down with SC magazine UK, to discuss the potentially looming, but all too often quiet problems on the horizon of vehicle hacking.
Dyhouse has been around the cyber-security block a number of times, in fact he was there pretty much from it's beginning. Notably he spent a number of years with Qinetiq, one of the great giants of the cyber-security and defence industry. After several of other high profile positions in the industry, Dyhouse found himself at the Trustworthy Software Initiative, where he sits now as its knowledge transfer director, encouraging best practice in cyber-security.
The problem, thinks Dyhouse, is that companies are pushing themselves towards increasing amounts of functionality, at the cost of safety: “functionality sells now: we want more functionality and we get it but largely at the expense of testing.”
That push for functionality is largely driven through the on-board ‘infotainment' system, which connects the GPS and radio to the drive systems and engine management of the car. This problem might not even be isolated to cars: The FBI is currently investigating a man who claimed to have changed the speed and direction of an airplane from his seat via the onboard infotainment system.
The CAN bus system, found in all European cars, is particularly worrying , Dyhouse said, as it's essentially an “open network” and “the infotainment system is connected to the same network that controls the engine management, the brakes and all the safety measures on the car.” So, if somebody wants to hack that vehicle, “it's quite simple to do so.” All this leads to a situation where the actual driving of the car can be hijacked through the radio.
He thinks that the car industry should learn from cyber-security in business: “"we need within those vehicle networks the same things we would see within a business network, we should have them firewalled off from each other, we should have intrusion detection systems.”
The automotive industry is not used to the kind of problems the cyber-security industry was made for. Where vehicles are tested for accidents, software is tested for malicious attack. It's an industry that has always “tested from a safety point of view.” While “we can't fault their safety record but when they're not looking for people actively trying to break their systems” said Dyhouse.
But the ignorance of malicious intent isn't the only problem.Over the last few years, Dyhouse reminded us, “we've seen an ever-increasing avalanche of software faults, problems in vehicles that have been caused by vulnerabilities or errors in the software” Dyhouse recalls an incident early this year when hundreds of thousands of Jeep Cherokees were recalled because of a problem with the airbag software that caused them to inflate without even crashing and with such force that they actually harmed the passengers.
The problem is described as in the bone of thing, but it's being treated as a problem that's only skin-deep: “I don't believe the automotive industry are paying enough attention to the quality of the software.” That is to say, how it's written in the first place.
Dyhouse, and the Trustworthy Software Initiative, think that “we need to go back to basics: a lot of the software we've produced over the last decade has not been best quality.” Dyhouse says he has seen the best of safety-critical software: “We write software that keeps fighter jets in the air, but the software we're writing for vehicles is not deemed to be safety critical it seems, because it's not being written with the same thoroughness”
Companies' solutions to software failures is often to patch them over-the-air through the infotainment system. Such a method does not require a massive (and pricey) recall and gives the owners peace of mind because these updates can be applied by simply sending them to the car's onboard technology. Not only does this mean that patching treats only the symptoms and not the root cause but “poses an opportunity for hackers to intervene.” If a vehicle can be sent information from the manufacturer then a hacker can do it too; this opens up a great opportunity for hackers who want to perform a man-in-the-middle attack
It also means that information can be sent back to the manufacturer, which poses yet more problems when you think about the proposed machine learning in vehicle automation, such as Tesla's learning network. Dyhouse notes that the persistent problem with artificial intelligence comes “if bad behaviour is present but not noticed, then it can classify that behaviour as normal - the system doesn't consider it bad”. That potentially bad data can then be quickly propagated out to thousands of cars, all inheriting the same bad lessons that a minority of compromised vehicles were initially taught.
But the fact that someone can hack a car, doesn't mean that they will; most car users will never experience these kinds of problems. That's the mindset problem that much of the car industry are beset with.
Dyhouse gave SC a car-hacking manual, readily available on Zone-H, a site regularly used by hacking enthusiasts, that boasts it will “take someone from being mildly interested to being a competent hacker in a manner of weeks”. Congregating on sites like Zone-H, young hackers often perform attacks on large organisations in order to ingratiate themselves with their peers, so it's not too hard to imagine how a teenage hacker might carry out one of these ‘pranks' on a vehicle: “why would they want to hack this car? because they can.”
Hacking cars has an entirely new dimension than hacking a local government website for obvious reasons; crashing the latter can lead to a couple of hours of discomfort for the website administrators, crashing the former can lead to injury or death.
Imagine you're a disgruntled employee with payback on your mind, the source of so many large scale hacks, said Dyhouse, or a small taxi company which isn't too happy about a larger competitor entering the market. From there, it's not hard to imagine this kind of abuse: “commercial sabotage has been alive and well in cyber-security for the longest time” he added that “it's quite conceivable that as the hacking of vehicles becomes more simple, it could just be in the hands of the person at home who wants to cause the neighbour some aggravation, it could be a prank, it could be as serious as causing someone to swerve.”
These are not merely things that can be patched over: “I think the risks involved are what would be deemed to be safety critical risks.” Perfection is perhaps not to be expected, “no system can be completely secure, but we do have to make sure it's trustworthy,” he concludes.