There is seemingly no shortage of issues still to resolve before autonomous vehicles become a mainstream presence on our roads, but one of the more interesting ones is security. A recent paper from the University of Michigan outlines some of the main cybersecurity challenges we need to overcome before autonomous vehicles are able to offer us safe mobility.
The paper introduces a new tool, called the Mcity Threat Identification Model, which the researchers believe can help advance work in the field, especially around the identification of potential threats. The model provides a framework for considering various factors, including:
- the motivation and capabilities of the attacker
- the vulnerability of the vehicle’s systems
- the various ways an attack could be achieved
- the repercussions of a successful attack, whether in terms of safety, privacy or financial loss
“Cybersecurity is an overlooked area of research in the development of autonomous vehicles,” the researchers say. “Our tool marks not only an important early step in solving these problems, but also presents a blueprint to effectively identify and analyze cybersecurity threats and create effective approaches to make autonomous vehicle systems safe and secure.”
An autonomous vehicle is what’s known as a cyber-physical system because it has elements in both the physical and virtual worlds. This makes security particularly challenging. Not only are they at risk from traditional cyber attacks to the information and running of the vehicle, but also to a new breed of attacks around things such as ransomware and vehicle theft.
There are also security risks to the networks that connect vehicles, whether the financial networks that process payments, roadside sensor networks, electricity infrastructure or traffic control features.
“It might seem convenient for an autonomous car that gets within 15 minutes of your home to automatically turn on your furnace or air conditioner, open the garage and unlock your front door,” the authors explain. “But any hacker who can breach that vehicle system would be able to walk right in and burglarize your home.”
Proving its worth
The model was put through its paces to highlight the security vulnerabilities associated with automated parking, whether with the kind of parking assist technologies commonly found in modern vehicles or the self-parking technologies just around the corner.
The model suggested that the most likely attacks would involve a hacker disabling the range sensors in the vehicle to force the car to require additional maintenance. Hackers could also send a false signal to the vehicle to disable remote parking. The most harmful attack could be a thief spoofing the remote parking signal so that they can steal the vehicle.
“Without robust, fool-proof cybersecurity for autonomous vehicles, systems and infrastructure, a viable, mass market for these vehicles simply won’t come into being,” the team explain. “Funding this kind of research is a critical part of Mcity’s mission to help break down barriers to widespread deployment of connected and automated vehicle technology.”
It’s a first step towards tighter security of autonomous vehicles, but it’s an important first step to make to hopefully ensure that when the technology is more mainstream, we can be confident in its security.