{"id":26429,"date":"2019-04-12T10:00:24","date_gmt":"2019-04-12T14:00:24","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=26429"},"modified":"2019-09-24T10:25:31","modified_gmt":"2019-09-24T14:25:31","slug":"autofuture-today","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/autofuture-today\/26429\/","title":{"rendered":"Auto future, today"},"content":{"rendered":"

Originally published in Eugene Kaspersky\u2019s blog<\/a><\/em><\/p>\n

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car<\/a>, I want to return to the automotive theme for this post, because a new chapter in the ~250-year history of the automobile<\/a>\u00a0is coming up. It\u2019s a biggie in itself, but there\u2019s also a security aspect of this new chapter that\u2019s even bigger. But I\u2019m getting ahead of myself. Time to engage reverse and go over this biggie first \u2026<\/p>\n

Of late, the headlines have been pretty interesting regarding the modern automobile \u2014 plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads<\/a>, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel<\/a>, and KAMAZ has come up with a driverless electric mini-bus<\/a>. Google<\/a>, Yandex<\/a>, Baidu<\/a>, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines<\/a> go against the grain, but they are mere exceptions, it seems.<\/p>\n

And just recently I was at the food-processing plant of\u00a0Barilla<\/a> (our client, btw) in Italy and saw more automation than you can shake a spatula at: The automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks \u2014 which aren\u2019t yet automated but soon will be \u2026<\/p>\n

So, self-controlled\/self-driving vehicles are here already \u2014 in some places. Tomorrow, they\u2019ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly according to a set of rules, has a little chance of\u00a0degradation of productivity<\/a>. Therefore, cars won\u2019t just travel within the prescribed speed limits, they\u2019ll do so faster, safely, comfortably, and, of course, automatically. At first there\u2019ll be special roads\u00a0 for driverless vehicles only, but later entire cities, then countries, will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?<\/p>\n

With that out the way, now comes the interesting bit \u2014 the reason for so many words in this here post. Let\u2019s go!<\/p>\n

\"\"<\/a><\/p>\n

Actually, I think we all understand how bright the driverless future is. Here, though, I\u2019d like to look further than the horizon \u2014 and also under the hood. Automatic automobiles \u2014 that is, true auto<\/em>mobiles \u2014 are just one aspect of the approaching industrial revolution. Everything becoming automated will affect the whole paradigm of personal transportation, including approaches to ownership and usage, associated standards, traffic rules, and, of course, cybersecurity.<\/p>\n

\u201cSmartmobiles\u201d (a meme is born!) will create the biggest industrial network \u2014\u00a0V2X, or Vehicle to Everything<\/a>\u00a0\u2014 in the world. Through this network, smartmobiles will be able to communicate with one another to help each other out: If an ambulance is speeding along with its siren blaring, cars will get out of the way in good time so the ambulance can get to where it\u2019s going and save people as fast as possible. Looking for a parking space (as well as the actual parking of the car) will become routine automation. Cars will warn each other about the need to brake for bumps or potholes in the road. Traffic jams will lessen because certain cars will be sent along alternative routes, and so on.<\/p>\n

The development of driverless technologies and car sharing (CaaS \u2014 Car as a Service) could, within decades, turn the automotive world upside-down. Owning a car will become for many old-fashioned and unnecessary (for others it may remain a status symbol). But that\u2019s natural when you see the alternative: When you can call up a car to arrive at your door when you want, with all personal settings already set up (music, seat position, temperature, etc.), to drive you along the optimal route in the shortest time \u2014 and when you don\u2019t have to buy or service the car \u2014 the car will become a peripheral device for your mobile phone!<\/p>\n

Indeed one could go on fantasizing on this theme for ages.<\/p>\n

But I\u2019ll now turn this discussion in a different direction \u2014 as you\u2019ve probably guessed already, a cybersecurity direction\u2026<\/p>\n

\"\"<\/a><\/p>\n

I\u2019m sure that while reading this post, many among you will be thinking: \u201cBut it\u2019s all unsecure!,<\/em>\u201d \u201cit\u2019ll be hacked before you know it!<\/em>\u201c,<\/em> or even \u201cthere\u2019s no way I\u2019m getting in a car like that!<\/em>\u201d\u00a0And you\u2019d be right once<\/a>, twice<\/a>, even three times<\/a>. Just look, for example, at the market for IoT devices: In the race for ever-improved functionality, manufacturers ignore security<\/a>. But with IoT devices, cybersecurity negligence can lead to loss of data, privacy violations, and bricking of devices. With driverless cars, it can lead to loss of life.<\/p>\n

Regarding the latter, at least car manufacturers understand this \u2014 and it\u2019s why our cars still haven\u2019t become fully \u201csmart\u201d yet. Manufacturers may make awesome kit, but cybersecurity isn\u2019t their thing. Most carmakers limit themselves to \u201csandboxes\u201d to isolate cars\u2019 electronics \u2014 much like they do with applications in iOS. But to get totally effective and awesome protection there\u2019s no way of getting round specialization \u2014 seeking out folks who do cybersecurity for a living \u2014 and who do it reeeaaally well.<\/p>\n

But some manufacturers have shown some. I know of cases where a security researcher contacted a car manufacturer to offer his services to address a problem he\u2019s identified, but the manufacturer says there\u2019s no problem, thanks anyway. So the researcher demonstrates a few simple scenarios leading to a total hack of the computer system of a \u2014 while it\u2019s moving (!!), from the car running beside it (!!!). Only then does the manufacturer take the researcher seriously. But this is the way it is with security of so-called smart cars: it\u2019s so weak as to be a gift to hackers:<\/p>\n

\"\"<\/a><\/p>\n

So \u2014 yeah, you get it. To have superior cybersecurity for smart cars, manufacturers need to work with others. Some understand this, which is encouraging, but some go one further and work with others on joint development of technologies to come up with real solutions. One example: our joint project with AVL<\/a> to create the Secure Communication Unit<\/a>\u00a0(SCU<\/a>)), which protects communications between car components and the computer that\u2019s controlling them all.<\/p>\n

\"\"<\/a><\/p>\n

In simple terms, the SCU is a module controlled by our Secure OS<\/a> that protects a car from hackers and malware. In it are several interesting patented inventions (three patent applications in the U.S. (US16\/120,762; US16\/058,469; US16\/005,158), and three in Europe (EP18194672.4, EP18199533.3, EP18182892.2)), which cover a special gateway that gets embedded in the computer system of the car. The gateway analyzes data about the operation of the electronic blocks and also network activity, and indicates any anomalies it finds that could be a sign of a cyberattack, unsanctioned intervention, or technical fault. The analysis uses a database of rules that describe different attack scenarios, plus plenty of machine-learning technologies. So, in short, it\u2019s a smart hardware filter customized for smart cars.<\/p>\n

The filtration rules are developed together with the automaker, and if the rules are triggered the gateway can block dangerous actions and send a notification to the owner. Thus, should the Miller-Valasek hack<\/a>\u00a0have been attempted on a protected car, it simply wouldn\u2019t have worked \u2014 and Fiat Chrysler wouldn\u2019t have had to recall 1.4 million Jeeps<\/a>! (I can\u2019t begin to think how much financial and reputational damage that did to the company.)<\/p>\n

There\u2019s more: Just supposing a sophisticated cyberattack were to get around our protection (there\u2019s no such thing as 100% protection, remember?), the manufacturer would be able \u2014 within hours, or a day, tops \u2014 to quickly patch the vulnerability via the SCU, without needing to wait for a new patch for the car. And such quick application of a solution on all vulnerable cars \u2014 remotely, from Alaska to Zimbabwe \u2014 is almost as important as the initial protection which should not normally even be gotten around.<\/p>\n

I mentioned use of machine learning. Well, it\u2019s constantly going on in the background, taking note of the telemetry in the electronic blocks and analyzing it with machine-learning algorithms in the cloud to uncover unknown cyberattacks. But there\u2019s a bonus \u2014 actually, several: This journal can be used as a recorder of events for wider application. For example, folks buying used cars will be able to look at the true \u201cmedical history\u201d of a car. Or, in case of a crash, drivers will have evidence of what really happened. Car parts being replaced and repair works can be monitored too, and so on and so forth. In a nutshell, it\u2019s always nice knowing what\u2019s happened under the hood of your car.<\/p>\n

Skeptics might ask what happens if a bad actor rips out the SCU and reprograms it. After all, mileage tampering still happens. Come on, please. We\u2019re a cybersecurity company! That\u2019s the first thing we thought about. Tampering with the SCU is simply impossible given the secure architecture.<\/p>\n

Mathematical proof:<\/p>\n

Data is signed with technology that\u2019s in some ways similar to blockchain: Each new block of data is encrypted with a key with dynamic metablocks (date, time, etc.) and hereditary characteristics from the signatures and key of the previous<\/em> block. In the simplest arrangement, restoring the chain of keys is possible only with knowledge of the very first key, which is generated by a trusted \u201cblack box\u201d and installed by the automaker. In other words, it guarantees the authenticity of data, and that data can be used, for example, for monitoring manufacturer guarantee conditions, ecology readings, or the sleep and rest of professional drivers, or for calculating insurance premiums on the basis of how well a driver drives. The data it collects could even be used as evidence in court.<\/p>\n

So, you see, we\u2019re big into automotive security. However, it\u2019s not only protecting vehicles into which we\u2019ve diversified in recent years. In fact, no other traditional competitor of ours has gone so deep into solutions outside traditional antivirus. We protect critical infrastructure<\/a>, embedded systems, and IoT<\/a>, and provide a wide range of threat intelligence services<\/a>\u00a0\u2014 and that\u2019s in addition to our own secure OS<\/a>, mentioned above, which, by the way, isn\u2019t a mere cosmetic adaptation of a desktop antivirus (like \u2026 hmmm\u00a0\u2026 best not point fingers:) but a specialized technology that we created from the ground up with specific spheres of application in mind. No wonder\u00a0 this market is growing faster than any for us: In 2018, our non-endpoint sales rose 55%<\/a>. Indeed, I\u2019m sure that the future lies in creating scalable, multidimensional ecosystems of cybersecurity technologies for building a truly cybersecure world, ecosystems that will move us from the paradigm of cybersecurity to one of \u201ccyberimmunity,\u201d treating the causes, not the symptoms.<\/p>\n","protected":false},"excerpt":{"rendered":"

Eugene Kaspersky’s thoughts on security and safety of self-driving cars.<\/p>\n","protected":false},"author":13,"featured_media":26439,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2684],"tags":[651,3525,72,1786],"class_list":{"0":"post-26429","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-special-projects","8":"tag-cars","9":"tag-cyberimmunity","10":"tag-eugene-kaspersky","11":"tag-self-driving-cars"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/autofuture-today\/26429\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/cars\/","name":"Cars"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/26429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=26429"}],"version-history":[{"count":11,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/26429\/revisions"}],"predecessor-version":[{"id":28771,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/26429\/revisions\/28771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/26439"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=26429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=26429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=26429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}