Ex-Uber Employee Explains Why it's Difficult to Protect Self-Driving Cars

Home > News > Content

【Summary】Ex-Uber employee, Charlie Miller, who was once in charge of ensuring that Uber’s autonomous vehicles were protected against hacking, explains why protecting driverless cars is so difficult.

Original Vineeth Joel Patel    Apr 19, 2017 7:05 AM PT
Ex-Uber Employee Explains Why it's Difficult to Protect Self-Driving Cars

A few years ago, Charlie Miller and Chris Valasek demonstrated just how easy it was to remotely hack into a Jeep Cherokee through the SUV's Internet connection. The hackers managed to stop the car dead in its track on the highway. Since then, there have been a few more demonstrations on hacking, which includes a Tesla being hacked by a Norwegian security company and even hackers attempting to steal autonomous secrets from Baidu

After revealing just how vulnerable driverless vehicles are, both Miller and Valasek went on to work for Uber, helping the ride-sharing company secure its self-driving cars against attacks from hackers. Miller, who recently left Uber to work for Chinese competitor Didi, revealed why securing autonomous vehicles is such a difficult task. 

Targeting A Vehicle's Weak Points

In an interview with Wired, Miller explained why beefing autonomous cars' security up is so crucial. "Autonomous vehicles are at the apex of all the terrible things that can go wrong," said Miller. "Cars are already insecure, and you're adding a bunch of sensors and computers that are controlling them…If a bad guy gets control of that, it's going to be even worse." 

Back in 2013, Miller and Valasek conducted a series of experiments that saw the duo hack into various vehicles, including a Jeep Cherokee, Ford Escape, and Toyota Prius. The hackers, as Wired points out, were able to alter the cars' brakes, steering wheel, and accelerator pedal, but did so by targeting different systems. 

All of the aforementioned vehicles were equipped with some kind of automated features. Miller and Valasek, according to Wired's report, were able to apply the Prius' brakes by gaining access to its collision avoidance system and managed to get the Cherokee to accelerate by accessing the SUV's cruise control feature. The researchers even managed to turn the Cherokee's steering wheel by tricking the vehicle into thinking it was parking itself, even when the car was on the highway. 

The Computer Is In Charge

As Wired points out, the hacking that was done on previous vehicles was limited to a few of the functions that a car's computer handles. It's not the same thing for an autonomous car, as the computer controls every single thing in the vehicle. "In an autonomous vehicle, the computer can apply the brakes and turn the steering wheel any amount, at any speed," said Miller. "The computers are even more in charge." 

Miller claims that an alert driver could, theoretically, override an attack. If, for instance, a vehicle's cruise control is being taking over, tapping on the car's brakes would bring the attack to a halt. But in fully-autonomous vehicles that aren't equipped with brakes or a steering wheel, stopping an attack would be impossible. 

The situation becomes even graver when one considers driverless taxis, as Miller believes that every passenger has to be considered as a potential threat. As Wired reports, researchers revealed that plugging an Internet-connected gadget into a vehicle's OBD2 port – an outlet under a car's dashboard that provides vital information on the vehicle – can offer a hacker access to some of the most sensitive systems. 

Protecting against hackers, then, will require fundamental changes to automaker's security architecture, reports Wired. Miller believes that every car's internet-connected computer will need "codesigning," a measure that ensures vehicles only run trusted code signed with a bespoke cryptographic key. Vehicles also need intrusion detection systems to alert the driver of when something strange is happening. To stop hackers from getting an initial foothold in cars, automobiles need to limit their "attack surface," by limiting services that may accept malicious data, reports Wired

Making these fixes and other necessary ones to stop cars from being hacked isn't exactly simple as companies like Uber and Lyft don't even manufacture the vehicles that they use, claims Wired. Solving the dilemma of having autonomous cars that can stand up to hackers, according to Miller, will require cooperation and open discussions between automakers and companies. 

Prev                  Next
Writer's other posts
    Related Content