{"id":28291,"date":"2019-08-30T11:10:27","date_gmt":"2019-08-30T15:10:27","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=28291"},"modified":"2022-04-01T08:03:27","modified_gmt":"2022-04-01T12:03:27","slug":"cybersecurity-autonomous-vehicles","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cybersecurity-autonomous-vehicles\/28291\/","title":{"rendered":"Driving change: Will autonomous vehicles be safe to use?"},"content":{"rendered":"<p>The Department for Transport in the UK recently claimed it wants to see fully autonomous cars\u00a0<a href=\"https:\/\/www.bbc.co.uk\/news\/technology-47144449?intlink_from_url=https:\/\/www.bbc.co.uk\/news\/topics\/c90ymkd8lglt\/driverless-cars&amp;link_location=live-reporting-story\" target=\"_blank\" rel=\"noopener nofollow\">tested<\/a>\u00a0on British roads by 2021. Astonishingly, this expectation was set out after several\u00a0<a href=\"https:\/\/www.telegraph.co.uk\/technology\/2018\/05\/08\/uber-self-driving-car-saw-ignored-pedestrian-deadly-arizona\/\" target=\"_blank\" rel=\"noopener nofollow\">fatal crashes<\/a>\u00a0in Arizona, USA.<\/p>\n<h2>A legacy system risk<\/h2>\n<p>The communications infrastructure used in cars today (known as a Controller Area Network, or CAN) was designed back in the 1980s. It was developed for exchanging information between different microcontrollers. Essentially, what we have is a peer-to-peer network \u2013 and an old one at that.<\/p>\n<p>The main issue here is that these networks weren\u2019t built with security in mind, as it wasn\u2019t a key concern back then. As time has progressed, new functionality has been layered on top of existing functions, all connected to the CAN. This offers no access control or security features but instead leaves vehicle access potentially open to criminals.<\/p>\n<p>While there are no real-world hacks that have been executed this way, it has been proven to be possible. For example, in 2015 two researchers and a journalist were able to use wireless technology to drive a Jeep Cherokee off the road. As a result of this flaw, half a million cars were\u00a0<a href=\"https:\/\/eugene.kaspersky.com\/2015\/07\/24\/your-car-controlled-remotely-by-hackers-its-arrived\/\" target=\"_blank\" rel=\"noopener\">recalled<\/a>.<\/p>\n<p>It\u2019s an example of emerging technologies being layered on top of old infrastructure, without fully considering the security implications.<\/p>\n<p>Potential security issues don\u2019t just lie in the underlying communications network of the car itself; there\u2019s also the possibility of an attacker infecting a driver\u2019s smartphone and hijacking any apps they use to control functions on the car \u2013 for example, to lock and unlock it.<\/p>\n<h2>Cars need humans too<\/h2>\n<p><img decoding=\"async\" class=\"alignnone wp-image-28498 size-large\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/08\/04162352\/autonomous-vehicles-2-1-1024x773.png\" alt=\"two autonomous cars\" width=\"1024\" height=\"773\"><\/p>\n<p>Following the fatal incident in\u00a0<a href=\"https:\/\/www.theguardian.com\/technology\/2018\/mar\/19\/uber-self-driving-car-kills-woman-arizona-tempe\" target=\"_blank\" rel=\"noopener nofollow\">Arizona<\/a>\u00a0last year, experts\u00a0<a href=\"http:\/\/smarthighways.net\/many-years-till-autonomous-cars-replace-human-drivers-report\/\" target=\"_blank\" rel=\"noopener nofollow\">predicted<\/a>\u00a0that it would be many years before autonomous cars replace human drivers. The reality is, I don\u2019t think driverless cars will or\u00a0<em>should<\/em> ever replace human drivers in the way that we think of them doing so now. In the future, I think everyone will continue to drive a private car, but it will be self-driving.<\/p>\n<p>However, the issue of how we implement the technology is something for society to ultimately decide \u2013 whether this takes the form of private vehicles or a co-ordinated public transport system \u2013 but I do not believe either should remove the human aspect of driving vehicles.<\/p>\n<h2>The risks of delegating control<\/h2>\n<p>I think people are becoming more apprehensive when it comes to driverless cars, where safety is paramount, and rightly so. Historically, driving has always been an aspect of life where human control has been essential, so the idea of watching a film or sleeping while a car transports us feels understandably \u2018wrong\u2019 to many people.<\/p>\n<p>There are various levels of autonomy with self-driving cars \u2013 ranging from add-on features such as parking assistance through to completely driverless cars. A \u2018grey area\u2019 lies between the two, where the driver has very little to do, but has responsibility for the vehicle and might need to take control at some point. In the latter scenario, there\u2019s a danger that the driver may switch off because they don\u2019t feel required to be in full control and might be unable to regain control in an emergency.<\/p>\n<p>Driverless car fatalities have shown that there is a very real danger with autonomous vehicles, and it\u2019s reasonable to question whether it\u2019s wise to resume the use of them so quickly after the incident.<\/p>\n<h2>Safety first<\/h2>\n<p>There are concerns about pedestrian and driver safety \u2013 as recent stories surrounding autonomous car testing have demonstrated, which society needs to tackle before driverless cars are launched.<\/p>\n<p>There\u2019s also a moral or ethical issue to consider. Christian Wolmar raised the issue of \u2018<a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/11\/christian_wolmar_interview_self_driving_cars\/\" target=\"_blank\" rel=\"noopener nofollow\">the Holborn problem<\/a>\u2018: if driverless cars are programmed to stop when they sense a pedestrian, what happens when they\u2019re confronted with a mass of people milling across a busy road? \u00a0Will they wait all day? Or will they be programmed to operate with a lower safety bar? Or if the car is given the chance to choose to avoid hurting pedestrians or the passenger in the car in the lead-up to an accident, how and who will it choose? A car isn\u2019t able to make moral-based decisions on its own.<\/p>\n<p>Ethics aside, in terms of cybersecurity, it\u2019s important to remember that nothing is 100 percent secure. Just like housework, security is never \u2018done\u2019 \u2013 you need to continually repeat the process of vacuuming and dusting as it will be back next week.<\/p>\n<p>This same logic applies to securing the increasingly advanced technology in cars today. A <a href=\"https:\/\/securelist.com\/on-the-iot-road\/91833\/\" target=\"_blank\" rel=\"noopener\">recent audit<\/a> by Kaspersky of connected car devices revealed several security issues, including the option to manipulate signals from the tire monitoring system and, alarmingly, the ability to open vehicle doors using the alarm system.<\/p>\n<h2>Collaborating for a secure future<\/h2>\n<p>Undoubtedly, autonomous cars \u2013 like the Uber you\u2019ve just ordered \u2013 are just around the corner for motorists. So what does this mean for the automotive industry?\u00a0 \u2018Safety first\u2019 is not just a buzzword \u2013 it\u2019s essential to consider at the design stage. Just relying on software upgrades that are connected to the car\u2019s hardware to mitigate risks will not work in the era of IoT when absolutely everything is digital and connected. Devices need to be secure by design, and at the point of manufacture.<\/p>\n<p>Collaboration between smart car manufacturers and cybersecurity experts is essential to establish standards in this emerging discipline. For example, <a href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-avl-partnership\/16949\/\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky collaborated with manufacturer AVL<\/a> to create a Secure Communication Unit (SCU) to secure communications between car parts, and between connected cars and infrastructure. This is a true secure-by-design software that will protect people, both on and off the road.<\/p>\n<p>There are still many unanswered questions and unconsidered scenarios, which regulators, the industry and society as a whole need to ascertain before we can start to consider loosening the reigns on bringing autonomous cars safely to our roads.<\/p>\n<p><em>This article was first published in March 2019, SC Magazine.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The future of driving is here. Although we don\u2019t yet have flying saucer cars, autonomous vehicles are already on our roads. David Emm asks, are they safe?<\/p>\n","protected":false},"author":2522,"featured_media":44030,"template":"","coauthors":[3495],"class_list":{"0":"post-28291","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-future-tech","7":"emagazine-category-opinions","8":"emagazine-tag-autonomous-vehicles","9":"emagazine-tag-internet-of-things"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cybersecurity-autonomous-vehicles\/28291\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/cybersecurity-autonomous-vehicles\/20332\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/28291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/44030"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=28291"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=28291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}