Cybersecurity In Self-Driving Cars

Uploaded on 2018-08-15 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Instead of taking you home from work, your self-driving car delivers you to a desolate road, where it pulls off on the shoulder and stops. 

You call your vehicle to pick you up from a store and instead you get a text message: Send $100 worth of Bitcoin to this account and it'll be right over.

You buckle your seatbelt and set your destination to a doctor's appointment, but your car won't leave your driveway. It senses it's been hacked and your home is its pre-programmed safe destination.

These three hypothetical scenarios, posited in a new white paper by University of Michigan researchers working with Mcity, illustrate the breadth of the cybersecurity challenges that must be overcome before autonomous and connected vehicles can be widely adopted.

While every new generation of auto tech brings new security risks, the vulnerabilities that come along with advanced mobility are both unprecedented and under-studied, the paper states.

The white paper introduces a tool called the Mcity Threat Identification Model, which could help academic and industry researchers analyse the likelihood and severity of potential threats.

The new model outlines a framework for considering: the attacker's skill level and motivation; the vulnerable vehicle system components; the ways in which an attack could be achieved; and the repercussions, including for privacy, safety and financial loss. The tool is believed to be the first of its kind focused on automated vehicles.

Understanding the Threats

"Cybersecurity is an overlooked area of research in the development of autonomous vehicles," said Andre Weimerskirch, lead author of the paper, who leads Mcity's cybersecurity working group and is also vice president of cybersecurity for Lear Corp.

"Our tool marks not only an important early step in solving these problems, but also presents a blueprint to effectively identify and analyse cyber-security threats and create effective approaches to make autonomous vehicle systems safe and secure."

Connected and automated vehicles are what researchers call a cyber-physical system, with components in the "real" and virtual worlds. The safety stakes are as high as these systems are hard to protect. Connected and automated vehicles will face familiar threats, and new ones, the report describes.

They will be vulnerable to those that regularly disrupt computer networks, like data thieves of personal and financial information, spoofers who present incorrect information to a vehicle, and denial-of-service attacks that move from shutting down computers to shutting down cars.

In addition, new threats unique to automated vehicles themselves emerge, hackers who would take control over or shut-down a vehicle, criminals who could ransom a vehicle or its passengers, and thieves who direct a self-driving car to relocate itself to the local chop-shop, for example.

Finally, there are security threats to the wide-ranging networks that will connect with autonomous vehicles, the financial networks that process tolls and parking payments, the roadway sensors, cameras and traffic signals, the electricity grid, and even our personal home networks.

"It might seem convenient for an autonomous car that gets within 15 minutes of your home to automatically turn on your furnace or air conditioner, open the garage and unlock your front door," the researchers write. "But any hacker who can breach that vehicle system would be able to walk right in and burglarize your home."

The New Threat Identification Model

To demonstrate the insight, the new model can provide, the researchers used it to examine vulnerabilities in automated parking, both parking assist technology and the more advanced remote, self-parking.

They determined that the most likely attacks are: a mechanic disabling the range sensors in park-assist or remote parking in order to require additional maintenance, and an expert hacker sending a false signal to your vehicle's receiver to turn off remote parking. Both received sixes on the researchers' 10-point scale, with 0 being lowest probability.

At the same time, the type of attack that would have the most impact would be a knowledgeable thief spoofing your remote parking signal in order to steal your car. This type of attack received a 7 on the researchers' scale of impact.

"Without robust, fool-proof cybersecurity for autonomous vehicles, systems and infrastructure, a viable, mass market for these vehicles simply won't come into being," said Huei Peng, Mcity director and the Roger L. McCarthy Professor of Mechanical Engineering.

"Funding this kind of research is a critical part of Mcity's mission to help break down barriers to widespread deployment of connected and automated vehicle-technology."

Phys.org

You Might Also Read:

Dubai  Launches First Standard For Driverless Cars:

Self-driving Uber Vehicle Strikes & Kills:

 

« Law Firms Are Uneducated & Exposed
GMail Users Warned Of Vulnerability »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Sikich

Sikich

Sikich LLP is a leading professional services firm specializing in accounting, advisory, technology and managed services.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

NCIIPC's mission is to protect the Critical Information Infrastructure of India, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction.