Car companies are designing self-driving vehicles that can thwart hacks by having a reduced surface attack area, relying on encrypted internal communications and using their own mapping, according to top researchers.
“It would be a tragedy if someone could steer the car when someone is in it,” Chris Valasek, a security architect at Cruise Automation, said during the Black Hat conference in Las Vegas. Valasek described the strategy to protect autonomous vehicles from hacks as “security through obscurity.”
Valasek presented the research along with Charlie Miller, who also works for Cruise Automation.
Although there is no truly autonomous vehicle on the road today, researchers hope one will appear soon. Currently, some cars are able to drive in a confined area under a set of approved circumstances.
But in 2015, Chrysler recalled 1.4 million Jeep SUVs after Miller and Valasek demonstrated they could hack the vehicle.
The Department of Transportation said in 2016 that it was working on how the agency should respond to vehicle hacks. Until it has a plan to respond to automotive cyberattacks, the government “may not be in a position to quickly and effectively respond should a threat materialize,” the report said.
Miller and Valasek said that any hack on an autonomous car is likely to come by an outside signal as opposed to alteration of the system code.
Autonomous vehicles do not use GPS to navigate, which protects against instances where the location service can be hacked. Instead, current autonomous vehicles can only drive on pre-approved routes where stop signs and speed limits are pre-loaded on the map. It means that even if a stop sign is pulled out, the car would halt anyway.
Previous car hacks have exploited on inbound connections, so Miller and Valasek have simply eliminated any unnecessary connections the car receives. In addition, when data is sent from component to component inside the vehicle, the team has worked to encrypt the data.
A challenge for autonomous vehicles is that even if the navigation system is secure, the underlying car must be protected as well.