Out of the many digital threats we as a society are going to face over the coming decades, few are as unique as that posed by ‘smart’ autonomous transport. Unlike with typical hacks which only target a victim’s personal finances or data, we could very well soon be living an era where it will be possible for cybercriminals to take control of a vehicle traveling at speed, whilst it is occupied.
As with any other autonomous system, smart vehicles operate independently from human input, controlled via on-board systems and with a connection to a central hub which dictates the vehicle’s actions. The possibilities of such a system are massive, and would not only change personal transport, but any industry that utilises fleets of logistical vehicles. The Government of Singapore for instance, has commissioned Swedish-made autonomous trucks for operations within their port facilities, to help bolster their human labour force who are needed for other tasks.
In the USA as well, major manufactures such as Ford are researching how to mass-market a car that not only is self-controlled, but lacks even a steering wheel or pedals. Such a development would be truly revolutionary, but how safe is it really to completely entrust your safety on the roads to a machine without any form of override?
But as any number of statistics can no doubt show, computers will always be able to outperform humans in any number of relevant tests. Specially designed software will of course boast a better reaction time than even the sharpest human driver, will be more aware of their vehicle’s surroundings, and will even be capable of analysing the road ahead many miles in advance, so as to determine the quickest route to a destination.
Theoretically, such a system would make transport far safer, by removing the possibility for human error and no doubt saving many thousands of lives a year.
However, would shutting down this source of trouble give rise to one that whilst perhaps not as common, could be far more sinister in intent? If hackers diverted their attention to breaking into these systems, then they could in essence take the concept of ransomware to new levels, only with passengers instead of information. Or worse, as recent terror attacks have shown, vehicles of all sorts have fast become the weapon of choice for many would-be mass murderers, who may no longer have to put themselves in the line of fire to inflict casualties, gifting them the opportunity to strike again and again.
Over the last few years, we’ve seen that even the defences of institutions such as the Pentagon are far more vulnerable than previously believed. Therefore, how can the manufacturers of autonomous vehicles in good faith claim that an external force cannot take control of their machines and put occupants in serious danger? Whilst no doubt it would be terrible for business if such an event occurred and it was proven that the cyber defences in question were lacking, every system will require 24/7 monitoring for intrusion, as well as a dedicated response team who could regain control at a moment’s notice.
Furthermore, even if a system was compromised by hackers, the hope would be that a team of security professionals would be constantly monitoring the situation, and could regain control of the vehicle and pre-emptively shut down any issues. This would work similar to a monitored 24 hour home alarm system, but raises two more issues.
Firstly, even if a breach could be detected, if a hacker was seeking to cause an instant impact then they could do near instantaneously before anyone could possibly respond in time. Secondly, we are talking about monitoring a product not owned by a few hundred or few thousand people, but by hundreds of millions across different time zones, cultures, languages etc. Similar to how the Internet today is so difficult to police, it would be impossible to oversee every vehicle all at once. One of Tesla’s latest models, the ‘Model 3’ received around 373,000 pre-orders in a single day, which just shows the size of the potential customer base that would have to be kept safe.
Indeed, it is virtually inevitable that as such a technology would become widespread, hackers given time would find a way to breach and exploit any online barriers designed to keep them out. The number of attacks in general is only on the way up, to the extent where 1 in 10 people in England and Wales last year were the victims of some form of cyber-attack. Defending in theory millions of autonomous vehicle users is barely feasible, without the collective effort of the world’s leading cyber security experts in designing a strategy that not only would blunt any attacks, but could evolve and adapt alongside the technology it would be designed to defend.
Therefore, we must ask the question as to what specific safeguards will be put in place to prevent such diabolical potential plots? Whilst we’d like to believe that a system can be developed that has not a single spot for backdoor access, with enough time then seemingly any system can be cracked. There’s all kinds of methods and tools out there that all but a few are aware of, and even Apple for all their resources are still unsure how the FBI broke into the iPhone taken from one of the San Bernardino shooters.
Without knowing the specific ways in which someone would theoretically take control of a driverless car, designing defences against this becomes quite a bit harder. Assuming along the lines that it would function a similar way to how computers are protected against viruses, customers would most likely have the option to purchase security software as an accessory along with their vehicle, with different packages offering various layers of security.
Or, it may very well be deemed a requirement by law that all vehicle owners acquire one form or another of protection, much as car insurance is needed in order to legally drive on the roads. This is of course common sense, but when we consider that approximately 13-14% of drivers in the USA have continued to drive uninsured at times, this does not bode well for others. Would you be willing to share the roads with millions of vehicles who could at any second be turned against you?
Yet another cause for concern is even with your protection all set up and working perfectly, is what would happen in areas of poor signal connection. The vehicle itself may continue to handle perfectly fine thanks to its on-board instruments, but many anti-virus software systems can only function to their optimum potential when they are connected to the Internet.
If you were for whatever reason heading through an area of poor Internet connection that was somewhat isolated such as a heavily rural or desert region, then your Internet connection may flag and temporarily compromise some of your counter-measures, granting a hacker the opportunity they need to bypass what before may have been keeping them out.
This may seem somewhat paranoid, but as with all aspects of this issue, every potential avenue of danger needs exploring. The chances are of your vehicle being hacked is of course incredibly small, but such a target will almost certainly present an incredible opportunity for those looking to enrich themselves or benefit at the expense of another. Being so new, experimental, and arguably hurried to production to gain an edge on the competition, there is still much yet to discover around how to make driverless vehicles 100% safe.
Whilst the resources of various big businesses, designers, developers, software engineers and even most likely various governments are extensive, they cannot physically react fast enough to an attack that could only last a matter of seconds. Hacking into a single vehicle (I only assume) would not even require multiple people to co-ordinate, so there may not even be the usual trail of communications to detect, which is what fortunately scuppers numerous attempted terrorist attacks. Also if a hacker was skilled enough to carry out such a plan, we can probably assume that they would know how to do so without triggering an alarm. It could be a very long time until the hack is uncovered, which for an occupant if in the vehicle is not an option-it would require immediate attention.
Ultimately though, it is by planning for a worst case scenario that the best solutions to the problems laid out can be thought up. Fortunately for the public, the minds behind this technology are far from stupid and no doubt have many ideas that can be implemented should any issue arise. Just from a PR perspective if nothing else, just one incident could do tremendous harm to a designer’s reputation, so it pays for them to invest in ensuring their models are well guarded from all threats.
Lastly, this article is also assuming that all hackers are out for their own interest without a single care for their victim. Whilst there will always be those completely without scruple, I would like to think that the majority would the draw the line between online theft and actually physically injuring someone travelling at high speed. It would be quite a line to cross, but hopefully thanks to the cyber-defences in place, the question will never even be put to them.
About The Author:
Justin Fox is a History graduate from the University of Kent, with a keen interest in current affairs, also a Guest Writer for NexxyTech. Seeing the move towards automation as inevitable, he is seeking to analyse this transformation of society in all its aspects rather than leap blindly into the unknown. Also, as someone who loves to drive, giving up control of his car would be far from ideal! you can catch up with him on Twitter or on Facebook.