Self
-Driving Car are hackable.
The
experts are slowly beginning to weigh in on the most troubling aspect of
Self-Driving Cars, which is the fact that they can be easily hacked as noted in
the article “Selfdriving
cars vulnerable to cyberattack, experts warn”, published June 1 2015 by Luc
Olinga, Physorg.
US security firms Mission Secure Inc (MSi) and Perrone Robotics Inc
have declared that IVE (In-Vehicle Entertainment Systems) meant to make
vehicles safer were in fact easily compromised, due to their connected nature
both within the vehicle as well as via the Internet.
These
research firms, in collaboration with the University of Virginia and the Pentagon,
have tested various vehicle models and found that they can be easily hacked.
What's
most troubling, is that the Security analysts were able to remotely access the
test vehicles via Wi-Fi or Bluetooth connections built into the vehicles IVE. Because
in most of these vehicle systems the internal Network that controls the vehicle’s
Braking system and the IVE are linked, sometimes even sharing the same
hard-drive, they were also able to gain control over the vehicle while it is
driving.
To
quote the report available on MSi's website, if your vehicle is hacked and
you’re in it, the hacker can control your vehicle remotely, quote: “One attack
scenario forces the car to accelerate, rather than brake, even though the
obstacle avoidance system (using LiDAR) detects an object in front of the car.
Rather than slowing down, the car hits the object ... at high speed, causing
damage to the car and potential threat to the life and safety of the passengers
in the car under attack and in the car being struck”.
In
fact, according to US security firms, a successful hack would be
indistinguishable from a software failure, as most of these IVE's have no
internal system log to track external intrusions, quote: “If an attack were
carried out successfully, automobile manufacturers have no means of quickly
gathering information for forensic analysis or to rapidly deploy additional
protections to cars in response to new and evolving attacks”.
So
how widespread is this? And is there any defense against it?
How IVE can be hacked –
Contract killing via Remote Vehicular Homicide
Reports
are now coming in suggesting that these cars can be hacked.
On
my blog in August 4th 2014, I'd done and article highlighting the
fact that Cars are hackable via their IVE (In-Vehicle Entertainment Systems) as
explained in my blog
article entitled “Automotive
Security Researchers tell CNN Money Vehicles are hackable - How Vehicle
Entertainment Systems are hacked”.
This
as many of their IVE's access the Internet either by themselves using a built
in 3G or 4G LTE Radio (SIM Card Required!) or using the 3G/4G LTE from a
connected smartphone.
Also
the Vehicles internal Network that controls the vehicle's Braking system and
the IVE, if linked and sharing the same hard-drive, present an opportunity that
many hackers can exploit. Thus if a hacker gain control of the vehicle via its built
in Wi-Fi or Bluetooth connection they can gain control of the vehicle.
An
alternative scenario is where the victim’s Smartphone is infected with a Trojan
horse app.
The
victim then connects that smartphone to their vehicle IVE via the USB Cable,
Wi-Fi or Bluetooth, unknowingly allowing the Trojan Horse to infect their IVE. This
then allows the hacker, via the Internet, to remotely access the vehicle using
that smartphone from anywhere in the world, not just within range of the
vehicle's Wi-Fi or Bluetooth connectivity.
This
is an even more dangerous scenario to contemplate, as basically an assassin
does not have to come close to your car to hack it using the Bluetooth or Wi-Fi
connectivity in some of these vehicles. All they have to do to carry out a contract
killing is to install a app with a link to server that has a specially designed
Trojan Horse as described in my Geezam blog
article entitled “Google
Play Store Apps with AdWare threat to Android Security”.
Then
when the person accesses their favourite app, it remotely downloads the Trojan
as an update to the app, infecting the targets vehicle remotely, giving control
to the assassin hundreds of miles away via the Internet to carry out their
contract killing.
These
vulnerabilities could also give government
spy agencies, such as the NSA (National Security Agency) in collaboration with
other Intelligence agencies the ability to hack your vehicle using back door
access to apps as explained in my Geezam blog
article entitled “NSA
and Five Eyes Alliance in Project Irritant Horn Spying on Arab Spring Jihadists”.
Not
only could they spy on persons of interest, but should it become necessary,
they might be able to commandeer the vehicle and crash it. Thus, the NSA would
thereby be committing Remote Vehicular Homicide from hundreds of miles away!
Apple Carplay and Android
Auto – Possible Vulnerabilities makes them Assassin’s Weapon of Choice
The
automakers listed in my original article automakers may soon expand, as both
Apple and Google have introduced their versions of a portable IVE on a
smartphone.
Apple's
version, called Apple Carplay, was launched in March 2014 gives the driver
access to Apple's Siri to supplant their vehicles IVE as reported in my blog article
entitled “Apple
to launch CarPlay at Geneva Auto Show in Geneva, Switzerland - Siri Voice
Assistant and Primesense bring Hands-free Remote Control Revolution to The
Grand Budapest Hotel”.
Apple
Carplay along with Google's Android Auto is now coming to Cadillac's CUE
(Cadillac User Experience) IVE for several of their 2016 vehicle models as
reported in the article “Apple
CarPlay among multiple Cadillac improvements”, published 10 June 2015 by
Wayne Cunningham, CNET News and “2016
Cadillac models will get CarPlay and Android Auto”, published June 9, 2015
By Chris Ziegler, The Verge.
Apple
Carplay and Android Auto are also coming to GM (General Motor) 2016 models as
well as reported in the article “Chevy
bets big with Android Auto and Apple CarPlay in 2016 line-up”, published
May 27, 2015 by Wayne Cunningham, CNET News .
At
this rate, by 2017, most vehicle manufacturers would have IVE's that can
interface with Apple Carplay and Android Auto via their smartphone. This might
include Google’s’ self Driving Buggy cars, set to hit the roads in June 2015 as
argued in my blog
article entitled “@Google’s
Self-Driving All-Electric Vehicles in June 2015 – Autonomous Vehicles reduce
Road Accidents, Parking and make Ride Sharing the Norm” making hacking yet
another obstacle the must navigate.
Thus,
by 2017, it would become a hacker's paradise, making these vehicles the
Assassin’s Weapon of Choice.