Cybersecurity In Self-Driving Cars

Uploaded on 2018-08-15 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Instead of taking you home from work, your self-driving car delivers you to a desolate road, where it pulls off on the shoulder and stops. 

You call your vehicle to pick you up from a store and instead you get a text message: Send $100 worth of Bitcoin to this account and it'll be right over.

You buckle your seatbelt and set your destination to a doctor's appointment, but your car won't leave your driveway. It senses it's been hacked and your home is its pre-programmed safe destination.

These three hypothetical scenarios, posited in a new white paper by University of Michigan researchers working with Mcity, illustrate the breadth of the cybersecurity challenges that must be overcome before autonomous and connected vehicles can be widely adopted.

While every new generation of auto tech brings new security risks, the vulnerabilities that come along with advanced mobility are both unprecedented and under-studied, the paper states.

The white paper introduces a tool called the Mcity Threat Identification Model, which could help academic and industry researchers analyse the likelihood and severity of potential threats.

The new model outlines a framework for considering: the attacker's skill level and motivation; the vulnerable vehicle system components; the ways in which an attack could be achieved; and the repercussions, including for privacy, safety and financial loss. The tool is believed to be the first of its kind focused on automated vehicles.

Understanding the Threats

"Cybersecurity is an overlooked area of research in the development of autonomous vehicles," said Andre Weimerskirch, lead author of the paper, who leads Mcity's cybersecurity working group and is also vice president of cybersecurity for Lear Corp.

"Our tool marks not only an important early step in solving these problems, but also presents a blueprint to effectively identify and analyse cyber-security threats and create effective approaches to make autonomous vehicle systems safe and secure."

Connected and automated vehicles are what researchers call a cyber-physical system, with components in the "real" and virtual worlds. The safety stakes are as high as these systems are hard to protect. Connected and automated vehicles will face familiar threats, and new ones, the report describes.

They will be vulnerable to those that regularly disrupt computer networks, like data thieves of personal and financial information, spoofers who present incorrect information to a vehicle, and denial-of-service attacks that move from shutting down computers to shutting down cars.

In addition, new threats unique to automated vehicles themselves emerge, hackers who would take control over or shut-down a vehicle, criminals who could ransom a vehicle or its passengers, and thieves who direct a self-driving car to relocate itself to the local chop-shop, for example.

Finally, there are security threats to the wide-ranging networks that will connect with autonomous vehicles, the financial networks that process tolls and parking payments, the roadway sensors, cameras and traffic signals, the electricity grid, and even our personal home networks.

"It might seem convenient for an autonomous car that gets within 15 minutes of your home to automatically turn on your furnace or air conditioner, open the garage and unlock your front door," the researchers write. "But any hacker who can breach that vehicle system would be able to walk right in and burglarize your home."

The New Threat Identification Model

To demonstrate the insight, the new model can provide, the researchers used it to examine vulnerabilities in automated parking, both parking assist technology and the more advanced remote, self-parking.

They determined that the most likely attacks are: a mechanic disabling the range sensors in park-assist or remote parking in order to require additional maintenance, and an expert hacker sending a false signal to your vehicle's receiver to turn off remote parking. Both received sixes on the researchers' 10-point scale, with 0 being lowest probability.

At the same time, the type of attack that would have the most impact would be a knowledgeable thief spoofing your remote parking signal in order to steal your car. This type of attack received a 7 on the researchers' scale of impact.

"Without robust, fool-proof cybersecurity for autonomous vehicles, systems and infrastructure, a viable, mass market for these vehicles simply won't come into being," said Huei Peng, Mcity director and the Roger L. McCarthy Professor of Mechanical Engineering.

"Funding this kind of research is a critical part of Mcity's mission to help break down barriers to widespread deployment of connected and automated vehicle-technology."

Phys.org

You Might Also Read:

Dubai  Launches First Standard For Driverless Cars:

Self-driving Uber Vehicle Strikes & Kills:

 

« Law Firms Are Uneducated & Exposed
GMail Users Warned Of Vulnerability »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Focal Point Data Risk

Focal Point Data Risk

Focal Point is a pure-play data risk management provider capable of offering end-to-end consulting, implementation, and training services.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

Continent 8 Technologies

Continent 8 Technologies

Continent 8 Technologies is the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions to the global online gambling industry.

Cyber Guru

Cyber Guru

Cyber Guru is an effective cybersecurity awareness training platform, enabling organisations to increase their resistance to cyber-attacks by changing employee behaviour.