Communication Breakdown

Vehicle to vehicle communication in autonomous cars promises to unlock  more safety and efficiency in our transportation. However, not without more risk. In this blog post we will discuss three types of vulnerabilities that result from inter-vehicle communication.

Vulnerabilities

Ad hoc Authentication

Vehicle to Vehicle communication will be over wifi, but not like the kind in your home. In your home, you have routers and access points, all behind a security wall to prevent unauthorized users. In this scene, your phone connects to the wifi via an access points, and then requests are made to the wider Internet by forwarding packets along a path of routers. However this model does not extend to the world of self-driving cars. Autonomous vehicles use something called an ad hoc wifi network, where instead of having routers and access points, each member of the wifi network forwards data along for others in the network.

This poses a number of challenges. First, you must verify the identify of the other vehicle, so that you know you are speaking to a friendly car on the road and not a attacker somewhere else. Second, you must trust the data you are receiving from the friendly vehicle, and make sure it is not misinformation or a virus.

The first problem has been solved to a certain degree. Researchers from Xerox were able to devise an encryption protocol that could be used on untrusted ad hoc networks, so that you have a secure connection to the device you intended to reach. This means that even if intermediate points try to alter the data, they won’t be able to do it without invalidating the messages.

The more challenging problem however, is trusting the data you are receiving. What if the other vehicle is malfunctioning and mis-reporting its location, or even mis-reporting its intentions? What if the other vehicle is purposefully misreporting data in order to manipulate or even endanger the surrounding traffic?

The success of AV communication currently relies on trusting other users, and for some, that won’t be enough.

Radio Jamming

We just discussed how inter-vehicle communication is based on an ad hoc wireless network. Specifically, inter-vehicle communication has been allocated the 5.9Ghz band by the IEEE (Institute of Electrical and Electronics Engineers), a standards committee the electronics and computer technology field.

The deliberate interruption of radio signals is typically called radio jamming, and is curiously easy to do. If a malicious user tunes a transmitter to the 5.9Ghz range used by AVs and simply transmits random noise with enough power, then it is impossible for receivers to discern genuine information, and network communication shuts down completely.

(Courtesy MIT Senseable City Lab)

Consider an intersection where AVs are passing through without stopping because they are able to communicate and always pass through gaps. Much like this diagram suggests. What if a malicious actor placed a radio jammer at this intersection? The incoming vehicles would have no way to trust the information they had previously and would be forced to abandon their plans, possibly with catastrophic consequences.

It’s worth mentioning that the use of radio jammers is seriously illegal and offenders are struck with heavy fines and criminal sanctions, including prison. However, the risk is real. This transition between knowledge and mystery is dangerous, and the simplicity with which it can be compromised is unnerving.

This attack involves interrupting vehicle-to-vehicle communication, but as we will see, you don’t need to shut down communication to compromise the vehicle.

Internet of things attacks

The Internet of Things (IoT) is a term thought up to describe the interconnectedness of the devices we use every day. This connectedness has brought huge benefits, but also great risks. Consider the attack on Dyn, an internet management company, in 2016. It’s thought that nearly 100,000 devices participated in the attack, the majority of which were “smart” devices like fridges and TVs, that had been hacked. These devices were hacked so easily because they all shipped with factory default passwords, so once one device was compromised, any similar device was comprised with it.

Imagine if all of the cars in the world were suddenly vulnerable, and could be used to launch DDoS attacks like in the Dyn attack. This means AVs would be used to involuntarily target other vehicle, but far worse, it means the hackers would be able to disable the vehicle, or turn it into a weapon.

Chris Valasek and Charlie Miller speaking at BlackHat 2015, a cyber-security conference, after hacking a Jeep Cherokee (https://threatpost.com/slide-shows/scenes-from-black-hat-2015/)

Consider the incident where two cyber-security engineers were able to hack a Jeep remotely. The exploits ranged from small nuisances like turning on indicator lights, to potentially life threatening, like depleting braking power, or killing the engine. This is an attack on a standard car, without an AV features. As AV becomes standard, the amount of code running on each vehicle with grow, from an estimated 100M lines of today, to some incredible number in the future.

This added complexity will introduce vulnerabilities in critical AV systems unless we can find a way to secure our vehicles.

The Future

Autonomous vehicles are coming. Maybe now, maybe in 100 years, but before they do, security risks like the ones we talked about need to be addressed.

Perhaps this will involve a rethink of how we build Internet-connected systems, or some way to regulate and monitor vehicles to prevent malicious actors, or maybe code can written such that it is impervious to malware, but if the past is any indicator of the future, then we are a long way away from that.