Security Expert Says Protecting Driverless Cars From Hackers Is Hard
Monday, April 17, 2017
Wired Magazine recently interviewed Charlie Miller, an automobile security expert, about the security of driverless cars. You may remember Miller. He and an associated remotely hacked a moving Jeep vehicle in 2015 to demonstrate security vulnerabilities in autos. Miller later worked for Uber, and recently joined Didi.
"Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says Miller, who spent years on the NSA’s Tailored Access Operations team of elite hackers before stints at Twitter and Uber. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them…If a bad guy gets control of that, it’s going to be even worse."
The article highlights the security issues with driverless used by ride-sharing companies. Simply, the driverless taxi or ride-share car is unattended for long periods of time.. That is a huge opportunity for hackers posing as riders to directly access and hack driverless cars:
"There’s going to be someone you don’t necessarily trust sitting in your car for an extended period of time,” says Miller. “The OBD2 port is something that’s pretty easy for a passenger to plug something into and then hop out, and then they have access to your vehicle’s sensitive network."
The article also highlights some of the differences between driverless cars used as personal vehicles versus as ride-sharing (or taxi) cars. In a driverless personal vehicle, the owner -- who is also the inattentive driver -- can regain control after a remote hack and steer/brake to safety. Not so in a driverless ride-sharing car or taxi.
Do you believe that criminals won't try to hack driverless (ride-sharing and taxi) cars? History strongly suggests otherwise. Since consumers love the convenience of pay-at-the-pump in gas stations, criminals have repeatedly installed skimming devices in unattended gas station pumps to steal drivers' debit/credit payment information. No doubt, criminals will want to hack driverless cars to steal riders' payment information.
What are your opinions of the security of driverless cars?
I am in accord with Mr. Miller that driverless, a.k.a., autonomous, vehicles are highly susceptible to being hacked for any purpose by anyone, and so they are a dangerously insecure modes of transportation, which could, among other things, also steal one's payment information.
But what I want to know is whether Uber, Google, and their ilk will treat their driverless vehicles as employees or contractors. And do they see any difference between a human driver and a driverless vehicle? I think that under the law, a driverless vehicle will be deemed to be its owner's machine for purpose of determining legal liability, but I can easily see at least Uber arguing that it's driverless vehicles would be contractors.
Posted by: Chanson de Roland | Monday, April 17, 2017 at 03:47 PM