VI Reflections: The Security and Safety of Modern Vehicles
By grigby1
Connected and autonomous vehicles provide advantages, but they also pose cyber threats that could result in fatalities on the road. The vulnerability of vehicles to hacking, manipulation, and disabling rises as their connectivity increases. Consumers will only utilize the advanced features offered by these vehicles if they trust the safety and security of them. Connectivity involves all vehicle components, encompassing everything from autonomous driving to connected infotainment and in-cabin monitoring. In addition, it includes external sensors, Internet of Things (IoT), Vehicle-to-Everything (V2X), Over-the-Air (OTA) communication, and remote control. Most vehicles are equipped to connect to cellular and wireless infrastructure, as well as to wired and wireless devices. The majority of cabins also have the ability to connect to a wide variety of personal devices. As vehicles become more connected and software-defined, new challenges will emerge, such as how to future-proof vehicle and software architectures, cybersecurity, networking issues, and other problems typically associated with computer systems. Autonomous vehicles employ Artificial Intelligence (AI), applying Machine Learning (ML) algorithms to collect, analyze, and transfer data for decision-making processes. AI systems, like most Information Technology (IT) systems, are susceptible to attacks that could potentially result in vehicle malfunction. The existence of vulnerabilities faced by vehicles provides an increased number of opportunities for hackers to engage in malicious activities. Through additional research and the development of solutions, it is imperative to address the cybersecurity concerns associated with connected and autonomous vehicles as they become more prevalent in our society in order to increase trust in them.
The "Internet of Vehicles" (IoV) is a hot topic in the automotive industry. This is a network of cars and other vehicles that can exchange data through the Internet to improve safety, efficiency, and autonomy. The IoV could help cars spot pedestrians, traffic, and other obstacles. It could enable driverless vehicles, improve road positioning, and aid defect diagnosis. More sensors, software, and other technologies are needed for a more advanced IoV. Cameras, mobile phone connections, and infotainment systems are more common in cars than ever, but some of these systems may also make vehicles vulnerable to hacking or theft as criminals find and exploit new vulnerabilities.
A research team led by the University of Michigan has developed a solution to prevent vehicle hacking that involves what is considered to be the lowest-technology feature of modern vehicles, the auxiliary power outlet. The team's solution named "Battery Sleuth," is a vehicle security system that can protect against sophisticated wireless hacking and more. It sidesteps the wireless communication that key fobs rely on as well as the standardized onboard communication network used by today's vehicles. Rather, it authenticates drivers by measuring voltage fluctuations within a vehicle's electrical system. Drivers use a keypad device plugged into the auxiliary power outlet to interact with it. The researchers point out that the solution leverages the power outlet's simplicity in that it is just a wire connected to the battery and there is nothing to hack. Battery Sleuth delivers a "voltage fingerprint," which is a predetermined series of voltage fluctuations, to the car's electrical system when the driver enters a numerical code into the keypad. A receiver recognizes this fingerprint and allows the car to be started. Battery Sleuth has defenses to prevent hacking or physical attacks on the device itself, including a siren that goes off if illegitimate activity is detected.
Today's cars and autonomous vehicles use millimeter wave (mmWave) radio frequencies to facilitate self-driving or assisted driving functions that protect passengers and pedestrians. However, this connectivity can also leave them vulnerable to cyberattacks. To improve the safety and security of autonomous vehicles, researchers from the lab of Dinesh Bharadia, an affiliate of the UC San Diego Qualcomm Institute (QI), and faculty member in the university's Jacobs School of Engineering Department of Electrical and Computer Engineering, along with colleagues from Northeastern University developed a novel algorithm designed to simulate an attacking device. The algorithm, which is described in the paper titled "mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect Array," enables researchers to identify areas where autonomous vehicle security can be improved. The team developed an algorithm that mimics a spoofing attack. Previous attempts to develop an attack device for testing cars' resistance had limited feasibility, assuming that the attacker can synchronize with the victim's radar signal to initiate an attack, or that both cars are physically connected via a cable. The team's method uses the victim vehicle's radar against itself. An attacker can hide their sabotage by changing the received signal's parameters at "lightspeed" before reflecting it back, making it harder for the vehicle to filter malicious behavior.
A study led by the University of Michigan found that emerging self-driving vehicle networks that collaborate and communicate with one another or with infrastructure to make decisions are vulnerable to data fabrication attacks. The V2X network of collaboration and communication is still in development as many countries are still testing it on a small scale. Information sharing among vehicles allows hackers to introduce fake objects or remove real objects from perception data, potentially causing vehicles to brake hard or crash. To gain further insights into security vulnerabilities faced by self-driving vehicles, the researchers administered falsified LiDAR-based 3D sensor data that appears realistic to the system but has been maliciously modified via physical access to the hardware and software system. They performed a high-risk cyberattack called "zero-delay attack scheduling," which involves precise timing to quickly introduce malicious data. In virtual simulations, the attacks were 86 percent successful. On-road attacks on three Mcity vehicles caused collisions and hard brakes. The countermeasure system, "Collaborative Anomaly Detection," uses 2D representations of the environment called "shared occupancy maps" to cross-check data, enabling cars to quickly detect the geometric inconsistencies of abnormal data. The system reached a detection rate of 91.5 percent with a 3 percent false positive rate in virtual simulated environments and reduced safety hazards.
Connected and autonomous vehicles offer benefits but present cyber threats that could lead to fatalities. As vehicles' connectivity increases, their susceptibility to hacking, manipulation, and disabling grows. Trust in these vehicles' advanced features increases as security against attacks improves.
To see previous articles, please visit the VI Reflections Archive.