Robocars Should Be 'Disconnected,' Warns Former EFF Chief

[Lucian Armasu]

Brad Templeton, who used to advise Google's own self-driving car team and was an EFF chair for 10 years, laid out a plan for how car companies should secure their robocars against cyber attacks in an interview with Tom's Hardware.

Robocars Should Be 'Disconnected,' Warns Former EFF Chief : Read more

 

[Olle P]

I think a good starting point (from a judicial point of view) is to treat autonomous cars like medical devices.
If/when a medical device misbehave it can cause death or injury to a patient and/or operator. Likewise a car going haywire can "kill" its passengers and/or external trafficants.

The issue about cars being on-line or not gets a bit more complicated once navigation come into play. One vision is to have fleets of autonomous cars pretty much acting like taxis. Arriving to pick you up when and where you want and then drive to your intended destination to drop you off before either preparing for a new transport or go to a parking lot that may be located quite some distance away.
For the car to know when and where to pick you up that data needs to be fed into the navigation system, with the possibility to do so from a distance and at very short notice.

 

[dark_lord69]

The only way to make it secure:
1. The self driving components need to be completely disconnected from the internet. This would mean 2 complete separate networks in every self driving car. One for the user that has access to the internet and one for the self driving system. With ZERO crossover connections between the 2 of them.
2. Updates and patches to the software should be done physically (at the car) by a mechanic. Not using bluetooth, wifi, cell phone towers or any other type of wireless.

That would be the ONLY way to make it secure. But that will never happen because automakers will want to update remotely and tell the self driving system different things like current traffic conditions. So, don't expect self-driving cars to be secure, at least not up to my standards when my life is on the line.

 

[chaz_music]

Automotive technology has mostly ignored security just as most other markets. They focus their innovation on tech that sells, and security does not inherently make better sales. Hence the IoT bandwagon.

Since users are going to want to continue having Bluetooth access and other device linked to their car, connectivity is not going to go away. When Bluetooth first came out in cars, hackers found ways to control and effect these cars quite easily. Implementing new tech without assessing it's vunerabilities is a repeating theme. I believe it was about 20 years ago that Ford came out with a pneumatic door lock system that was "super secure". Then thieves found that they could use a tennis ball with a hole in it to punch against the lock, build up pressure, and unlock all doors. Security has to be treated seriously, and be included with FMEA studies if it is going to be truly successful.

All one would have to imagine is rush traffic on the Long Island Expressway, and having the hacked cars all accelerate at the same time, or having some cross over the median. A new 9/11. If we truly want to have this kind of tech, there needs to be a market focus on security. And maybe a secure version of the Internet (not anonymous)? Then online banking would be safe, too. But I think slowing down the IoT trend is quite important. There have already been some universities and businesses hit with their IoT devices being turned into botnets. What would North Korea do with that ability?

 

[kuhndj67]

Holy crap yes... does that mean that the self driving systems in current autonomous vehicles is connected to their internet connected systems!? Wow under definition of "REALLY stupid ideas" on wikipedia this would be the textbook example. I think we WILL see some level of mesh local network for multi-vehicle coordination, but all those systems should be COMPLETELY isolated from any public/general use network.

 

[Olle P]

... slowing down the IoT trend is quite important. ...

I totally agree!

 

[alextheblue]

Since users are going to want to continue having Bluetooth access and other device linked to their car, connectivity is not going to go away. When Bluetooth first came out in cars, hackers found ways to control and effect these cars quite easily.

Most of the wireless vulnerabilities that allow an attacker to control aspects of a vehicle are found in add-on components that are directly connected to the vehicle's CANbus via the OBD-II port. Insecure IoT-like GPS devices handed out by insurance firms, for example. There are few models where there was a successful remote attack (with the ability to control throttle, brakes, etc) without any such insecure add-ons. Mainly this happened with Chrysler products. Even then I can't think of any cases off the top of my head where Bluetooth was the attack vector. In both scenarios the connection was cellular, for the cases I read about. With that being said:

The way they currently have their networks set up is stupid and dangerous. As stated in the article above, you need two separate networks. I believe they could be linked with one-way connections at points. You could potentially solve the add-on component issue by making two physical OBD connectors, one which offers only one-way data (consumer-facing) and a secure two-way one for temporary use (wired!) during updates/repair work. So even if you have an insecure GPS module or other wireless device hooked up to the one-way port, it can only receive data and can't feed anything back into the secure network.

Ditto with BT/infotainment systems. There's no need to remove BT. Just isolate that system so that your phone can link and play media, run apps, whatever - without the ability to transmit to the driving systems. Again, the core driving systems should be isolated such that they can share data outside their network but only receive data from other secured systems including their sensors. No influence from outside.