Electric and Autonomous Vehicle Security Concerns

Asad Khaliq
November 9, 2015

Submitted as coursework for PH240, Stanford University, Fall 2015

Introduction

Fig. 1: Some types of vehicle hacking aren't as advanced as others. (Courtesy of Randall Munroe)

Road transportation as we know it is unsustainable. More than 1.2 million people die on the road each year, 95% of the world's motor vehicles depend directly on non-renewable fuel sources for energy, and average speeds in congested cities can be as low as 12 miles an hour. [1] When we are asked to imagine the world one hundred years in the future, we conjure up utopian visions of a sustainable, autonomous, connected transport future. In this article, we will consider the economic and energy benefits of an interconnected, autonomous road transport system. We will also explore associated challenges, particularly with regards to security and safety, with the hope of informing awareness of some of the risks associated with such a system.

Benefits of an Interconnected Autonomous Transport System

Major social and economic benefits for autonomous vehicles in the form of accident savings, travel time, fuel efficiency, and parking benefits are estimated to approach $2000-4000 per year per autonomous vehicle (for reference, there are currently over one billion operating light vehicles). [1,2]

When it comes to safety, autonomous vehicles possess many advantages over the average human driver, with driver error believed to be responsible for 90% of all crashes. [2] Instead of having a limited field of view, autonomous vehicles can constantly monitor their surroundings and react to threatening situations faster. They do not drink and drive, they are not subject to distraction or fatigue, they do not break laws, and they can be optimized for smoother, more predictable traffic flows. Ultimately, some analysts predict that autonomous vehicles could cut motor-vehicle fatality rates to 1% of current rates, in line with fatality rates seen in aviation and rail. Furthermore, the reduced need for crash protection due to lower incidence of accidents means lighter construction materials can be used, further reducing energy expenditure and cost. [2,3]

Traffic and congestion are likely to be significantly reduced with an autonomous electric transport system. By creating an infrastructure allowing autonomous electric vehicles to communicate with each other, researchers are developing systems to reduce congestion as well as fuel consumption. For instance, autonomous vehicles with information about traffic and road conditions ahead of them can make fine speed adjustments and brake very smoothly, leading to reduction in wear and tear on vehicle components, fuel savings, as well as a reduction in 'shockwaves' of vehicle traffic that lead to congestion. [2] By utilizing more efficient routes, shorter gaps between vehicles, and co-ordinated platoons of vehicles, autonomous vehicles might use existing roadways more efficiently as well as do away with the necessity for traffic signaling. [2,4] These improvements can have significant energy benefits, improving fuel economy by up to 39% and traffic speeds by up to 13%, minimizing time spent on the road. [2]

Security Risks and Further Complications

The benefits of an entirely autonomous and electric grid are therefore evident. Most of these benefits, however, do not rely on the vehicle alone, but require vehicle-to-vehicle (V2C) and vehicle-to-infrastructure (V2I) communication to enable co-operative communication (further elaboration on these modes follows below). [2,5] The National Highway Traffic Safety Administration in the USA has announced its intention to mandate all new light vehicles to come equipped with V2I and V2C capabilities, suggesting significant proliferation of these technologies is soon likely. [2]

With increased technology and communication between cars, however, comes a higher security risk. With the advent of V2I and V2C communication, the sophisticated electronic systems that guide and control most vehicle functions are no longer silos, but are communicating openly and wirelessly. Computer hackers, disgruntled employees, terrorist organizations, and hostile nations could target autonomous vehicles and transportation infrastructure, causing collisions and traffic disruptions. Since each autonomous vehicle is a potential vector point for attack, it may not be feasible, and indeed, may not be possible, to create a transport system that is completely immune to attack. [2,5]

In July 2015, a team of security researchers were able to remotely connect to a Jeep SUV (without entering or being physically connected to the vehicle) and stop the engine while it was being driven on a highway. The incident resulted in the recall of 1.4 million vehicles by Jeep's parent company Fiat Chrysler. [6] In August 2015, two security researchers demonstrated a way to control hundreds of thousands of vehicles remotely, access information about vehicle location and speed, and control auxiliary functions such as the blinkers, navigation, and wipers - as well as, in some cases, central functions such as braking and steering. [7]

Security researcher Andy Davis, who works at information security firm NCC Group, says that hackers are "often able to gain control of crucial functions in a car - such as braking, steering, or switching the engine on and off". He points out that a car's systems are often interconnected by a central control unit, so "if you can get into one, you can get into another". [6]

Broadly, we can divide vehicle communication features amongst the following categories: [2,5]

  1. Car-to-Car Communication (V2C): Exchange of information between vehicles, warning each other of obstacles on the roadway, changes in road surface, or other hazards.

  2. Car-to-Infrastructure Communication (V2I): Wireless communication between vehicles and components of infrastructure; such as intelligent traffic signals, or nodes in a cellular network.

  3. Car-to-X Communication (V2X): A broad term for any information exchange, such as between a car and a mobile phone or between a car and internet applications and cloud services.

Having such a varied array of communication methods means the surface for exploitation is very large, as any possible node on the network could be attacked and used to nefariously gain access to other nodes. Another issue is the wide variety of systems on the road, and their differing life cycles. As a very obvious example, consider that most people will replace their mobile phone every 1-2 years, and the average cycle between a mobile phone hitting the market and its successor hitting the market is one year. Conversely, the average age of passenger vehicles in the US is more than 11 years. Connected components therefore can have very different levels of security, and the requirements for wide ranging compatibility between cars, systems, and other devices can lead to potential points of exploit. For instance, an old or insecure smartphone connected to a newer vehicle may allow that vehicle to be compromised by acting as a point of attack to the vehicle's control units. [5]

When it comes to attack points on vehicles themselves, researchers have identified a few key complications. A car's ECU, or Electronic Control Unit, acts as a control center for various key functions. ECUs are incredibly complex and difficult to make fully secure, and often include debugging or diagnostic modules to make repairs easier. These modules leave ECUs especially open to attack. Many other systems used in vehicles were designed many years ago, with reliability and cost-effectiveness in mind. These were not intended to be used with external network connections, and so lack the necessary security to prevent attacks. As vehicles have gotten more luxurious and sophisticated, the addition of infotainment and network features has made this point particularly troublesome. For instance, a well known car hack utilizes failures of a system known as Combox in order to exploit features of BMW's popular ConnectedDrive software. [5,8]

Autonomous vehicles include even more sophisticated systems in order to effectively integrate the myriad sensors and computations needed to create a safe, efficient, transport system. Therefore, ensuring that cars and associated infrastructure are built with security in mind is of paramount importance. However, computer security has "lagged far down the list of automakers" business priorities" in recent times. [2,8]

Steps for the Future

The majority of current cyber-attacks are acts of espionage, intended to gain access to a system to gather information, as opposed to acts of sabotage. Disrupting the communication or sensors of a vehicle would require a very complex and sophisticated attack, and disrupting the control commands of a vehicle would be even harder. Further still, compromising or infecting parts of a greater transport infrastructure would be even more challenging. However, the potential for threat is most certainly real and could have disastrous consequences. [2,5]

Some frameworks are already being put in place to mitigate potential issues. The National Institute of Standards and Technology is developing a framework to improve cyber security of critical infrastructure, which could provide a guide for improved security for connected transport technologies. In addition, V2I protocols are being developed with security in mind from the start, as opposed to in an ad-hoc manner as was done with personal computers and the Internet. In addition, over time, the US and other countries have demonstrated that secure implementation and maintenance of critical infrastructure systems is possible. [2]

Manufacturers and legislators must work to ensure the safety and security of future vehicles, with a concerted effort to integrate a cohesive approach to security into development frameworks. The potential economic, social, and energy benefits of a connected transport system are numerous - as long as we can effectively mitigate the risks.

© Asad Khaliq. The author grants permission to copy, distribute and display this work in unaltered form, with attribution to the author, for noncommercial purposes only. All other rights, including commercial rights, are reserved to the author.

References

[1] L. D. Burns, "Sustainable Mobility: A Vision of Our Transport Future," Nature 497, 181 (2013).

[2] D. J. Fagnant and K. Kockelman. "Preparing a Nation for Autonomous Vehicles: Opportunities, Barriers and Policy Recommendations," Trans. Res. A-Pol. 77, 167 (2015).

[4] E. Coelingh and S. Solyom, "All Aboard the Robotic Road Train," IEEE Spectrum 49, No. 11, 34 (2012).

[3] O. Van Vliet et al., "Energy Use, Cost and CO2 Emissions of Electric Cars" J. Power Sources 196, 2298 (2011).

[7] M. Isaac and N. Perlroth, "Uber Hires Two Engineers Who Showed Car Hackings," New York Times, 29 Aug 15.

[6] C. Baraniuk, "The Cyber-mechanics Who Protect Your Car from Hackers", New Scientist, 31 Jul 15.

[5] T. Becso, S. Aradi, and P. Gaspar. "Security Issues and Vulnerabilities in Connected Car Systems," IEEE 7223297, Int. Conf. on Models and Technologies for Intelligent Transportation Systems (MT-ITS), 3 Jul 15, p. 477.

[8] A. Wright, Hacking Cars," Commun. ACM 54, No. 11, 18 (2011).