As compromised bank accounts, stolen PIN numbers, and leaked celebrity photos have taught us, any device connected to the internet is at risk of being hacked. Self-driving cars are no different.
To be successful, self-driving cars must be constantly connected to the internet. Automated cars get GPS information from the web, including up to date statistics on the fastest routes, accidents, road changes, and other potential issues that might affect driving conditions. Driverless cars will use the internet to locate things like coffee shops and banks for their riders. Through internet-based connections, self-driving cars will talk to each other, allowing them to travel safely together on highways and city streets and report problems (potholes, speed bumps, pedestrians, disabled vehicles) to each other to enhance the traveling experience.
But internet connectivity is not limited to truly driverless cars. Most new cars today are sold with built-in navigation systems, which require internet connections to find routes and receive updated maps. Further, many cars use the internet to offer in-car entertainment options, or even allow riders to connect straight to their email account and/or music streaming account through the car’s computer system. Some cars even offer hot spots for riders to use to connect their own devices to the web.
Clearly, vehicles are becoming more and more connected, and with that connectivity comes the potential for hacking. Hacking is a major safety concern, as hackers experimenting with the potential for car hacking have been able to remotely control many functions of a vehicle, such as the radio, wipers, air conditioner, brakes, and even transmission. Although initial attempts to hack into and control cars required proximity to the vehicle, with hackers sitting in the back seat of the vehicle and actually being plugged into the car itself, more recent attempts have shown that cars can be vulnerable to hackers wirelessly from anywhere in the country. With the right code, hackers may be able to control certain makes and models of vehicles driving in California from their couch in Tennessee. In fact, a 2016 survey of insurers found that hacking and cybersecurity was the greatest concern about autonomous vehicles.
In 2015, two hackers remotely took control of a Jeep in a planned experiment. They turned on the wipers and wiper fluid; they changed the radio; they turned on the air conditioner. While the Jeep was on an interstate, they took control of the transmission and shut it off. Because the driver was aware that the experiment was taking place, he was not injured and was able to maneuver the Jeep down an exit ramp. After resetting the experiment in a safer area, the hackers were also able to disable the Jeep’s brakes, causing it to drive into a ditch. While the hackers never gained steering control, they were able to remotely turn the vehicle into an extremely dangerous tool. To read more about this, go to https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.
In 2016, these same hackers were able to turn the steering wheel and even activate the parking brake, even when the car was moving at highway-level speeds. This hack, however, required the hackers to be in the car being hacked.
While the Jeep hackers noted that finding a single car and driver using current hacking technology would be difficult, they did believe that it could be done. Greater, though, is the risk that a group could take control of an entire fleet (for instance, all the Jeep Cherokees) and disable them, causing quite the series of accidents and chaos. Or a hacker might try to gain access to an entire fleet of driverless vehicles, such as the fleet of driverless ride service (think Uber or Lyft) or delivery service (a pizza delivery service).
Hacking of self-driving cars, or even cars with more limited internet connection functions, could also be a terrorist target. Terrorists could see hacking into vehicles as a way to create multiple, horrific wrecks at strategic places and thus mass pandemonium.
As with any web-based application, car companies must vigilantly work to identify and patch security issues in their vehicle software. These companies must also find some way to ensure that, if the patches are not automatically installed, car owners actually install them in a timely fashion because a vehicle that can be hacked poses a risk not only to the occupants of the hacked vehicle but others as well. If vehicles are vulnerable to hacking, someone will be smart enough to figure out how to do it, exposing both the rider/driver in the hacked car and the other drivers on the road to great risk.
In late 2016, Volkswagon partnered with three Israeli cybersecurity experts to create a company dedicated to fighting cyber hazards for internet-connected cars. This type of work will be crucial as self-driving cars continue to gain momentum in the market.