Taken from the August 2020 issue of Physics World. Members of the Institute of Physics can enjoy the full issue via the Physics World app.
Cars that drive themselves may one day improve road safety by reducing human error – and hopefully deaths by accidents too. However, the hardware and software behind the technology opens up a range of opportunities to hackers, as Stephen Ornes finds out
Researchers have demonstrated they can even hack cars on a motorway from the comfort of their own home. (Courtesy: iStock/Jae Young Ju)” alt=”Motorway traffic” />Motorway mayhem Researchers have demonstrated they can even hack cars on a motorway from the comfort of their own home. (Courtesy: iStock/Jae Young Ju)”>Motorway mayhem Researchers have demonstrated they can even hack cars on a motorway from the comfort of their own home. (Courtesy: iStock/Jae Young Ju)
But it still didn’t convince automakers to change anything, Vivek says. In 2012, using a grant from DARPA (the research and development arm of the US Department of Defense), Miller and his colleague Chris Valasek, also now at Cruise Automation, demonstrated how to hack a 2010 Ford Escape and a 2010 Toyota Prius. The hack, like the first one in 2010, required physical access to the car. Toyota responded with a press release noting that it was only concerned about wireless hacks.
“We believe our systems are robust and secure,” the Japanese car giant stated.
In 2014, again using a DARPA grant, Miller and Valasek upped the game. They analysed computer information on a range of cars, looking for one with ample attack surfaces and a fairly simple network structure to allow for widespread mayhem. They settled on a 2014 Jeep Cherokee.
In what’s become one of the most famous hacks of cars, in 2015 they showed how, from the comfort of home, they could take control of the car while it was driving on a highway. Then, to add terror to nightmare, they scanned other nearby cars and found that 2695 vehicles on the road, at the same time, had the same vulnerability. Hacking them all, simultaneously, would not have been difficult.
“In many ways, this was the worst scenario you could imagine,” Miller wrote in 2019. “From my living room, we could compromise one of any of 1.4 million vehicles located anywhere in the United States.”
Safety in the rearview mirror
In the aftermath of the 2015 hack, which was well-publicized, Jeep issued a software patch for its Cherokee. That same year, other groups of white-hat hackers found ways to take control of GM vehicles and disable the brakes of a Corvette. In March 2016 the Federal Bureau of Investigation issued a warning – the first – about the cybersecurity risk to cars.
Back at Huddersfield, Parkinson says he’s seen advocacy groups, government agencies and even some carmakers start to address hacking as a high-profile risk. But the supply chain for making a car is long and complicated, and manufacturers often enlist other companies to build technological features. Cars from Tesla, Audi, Hyundai, Mercedes and others rely on software developed by third parties, which may enlist dozens – if not hundreds – of coders to contribute to the final project. As with other connected devices, the rush to get a gadget to market can railroad efforts to make it safe.
“Functionality takes priority over security because that’s what sells,” says Parkinson. And even if carmakers do address problems as they arise, he says they’re doing so in a reactive manner rather than anticipating problems – and solving them – before the car hits the pavement.
Vivek, in Georgia, says that notable hacks in the past have exposed risks to individual cars, but researchers are still trying to grasp how a multi-car hack might unfold in a real-world situation. He and colleagues from the Georgia Institute of Technology, where Vivek was a postdoc, set out to model a worst-case scenario in which hackers disabled many Internet-connected vehicles at once.
There’s a rich tradition of physicists taking a hard look at traffic. For at least two decades, researchers have been studying traffic flow as a many-body system in which the constituent particles interact strongly with each other. (This is easy to see during rush hour, as the slowing or accelerating behaviour of one car affects those behind it.) They’ve modelled the conditions under which traffic jams form, shown how jams are similar to shock waves described by nonlinear wave equations, and predicted interventions (like keeping ample space between cars) that could boost fuel efficiency. One traffic model, called the Intelligent Driver Model (IDM), simulates drivers who obey equations of motion.
In their work, Vivek and his colleagues used IDM and other models to simulate traffic as an active-matter system including two kinds of “particles” – some driven by humans, and some driven autonomously. They also gave the car-particles the ability to switch lanes, and the motion of individual cars was governed by equations known to accurately represent the real-world conditions of traffic. For lane changing, they integrated a framework that allowed a car to switch lanes if that resulted in the car getting closer to its programmed speed.
Before they introduced hacking into the experiment, they validated the set-up by running simulations on a three-lane road using varying speeds and densities of cars; finding that the results matched observed patterns that emerge on real-world roads. Then, they ran simulations to see what behaviours would emerge as different fractions of cars simply stopped moving as a result of a widespread hack, targeting the cars at random.
Phys. Rev. E 100 012316)”>
When an Internet-connected vehicle is disabled (blue) other vehicles must navigate around the obstacle. If multiple vehicles are disabled simultaneously it can quickly disrupt traffic flow on a whole network of roads. (Phys. Rev. E 100 012316)” alt=”figure 1″ />Phys. Rev. E 100 012316)”>1 Percolated congestion When an Internet-connected vehicle is disabled (blue) other vehicles must navigate around the obstacle. If multiple vehicles are disabled simultaneously it can quickly disrupt traffic flow on a whole network of roads. (Phys. Rev. E 100 012316)
In their initial analysis, the researchers tried to determine what would happen if connected cars were all disabled at the same time. In classical models of flow, at least two phenomena lead to congestion. One is clogging, where a small number of particles might stop moving but interactions with other particles produce a gradual slow-down. (In traffic, this can be seen when a car breaks down near the side of the road.) It’s a phenomenon of movement. The other is percolation, a geometrical phenomenon in which some large block simply prohibits motion all at once.
Vivek and his colleagues found that if only 10–20% of cars stop moving during rush hour, half of Manhattan would come to a standstill. The disruption was more like percolation – sudden and geometric – than like clogging. Vivek says the sudden blockage would not only inconvenience drivers; emergency services like fire engines, ambulances and police cars wouldn’t get through either. Most of the scenarios he’s studied, in fact, ultimately lead to a situation where hacked cars stop moving and become major traffic obstacles (figure 1).
His team has continued to run more complicated simulations, like tracking how the effects – even of smaller numbers of hacked cars – change over time. “What we’re finding now is a little more complicated,” he says. “We already knew that just a few vehicles can cause a traffic jam. But now we see that a much lower percentage can cause a significant effect. Even with just 5% of cars hacked, a five-by-five grid could be gridlocked within 15 minutes.”
But he’s also expanded his work to find efficient interventions that could reduce the risk or quickly remedy a hacked-car scenario. For example, Vivek and his collaborators have found that if connected cars in an area don’t all connect to the same network, and instead connect to smaller, more localized networks, then the work of a would-be hacker would increase dramatically.
Spotting a hack
A hack can take many forms, and Vivek says experts likely haven’t found them all. A car with an infected computer might share malware or a virus with another connected car via Bluetooth, wireless or a cell phone connection. Or it might hack the manufacturer’s computer, since connected cars (self-driving or not) regularly download software updates and patches. A hacker might use a centrally located hotspot – which cars use to connect to the Internet – to breach many cars at once. And as with personal devices, malicious software can be unknowingly invited to a car by someone who downloads an unsecured app from the car’s browser.
Parkinson says there’s another risk just waiting to be exploited. For the most part, the people who buy and drive cars with self-driving technology simply don’t understand how they work, which means they won’t recognize the warning signs if something’s gone wrong. “We need to help users understand what normal behaviour looks like,” he says. Over the last few decades computer and mobile-phone users have learned to recognize situations when their devices or data may be compromised – the same thing needs to happen for drivers, Parkinson explains, because in the wrong hands a car becomes a weapon. “The driver may not have time to react to a hack,” he says. And because they open up new surfaces of attack, technologies designed to improve the experience can actually make it more dangerous. He compares the advent of these cars to the introduction of autopilot features in aeroplanes.
Xem thêm: lulu mua 8
“We actually gave pilots more things to be responsible for,” he continues. “They really have to understand the system and be able to take control.” But that’s a high hurdle to expect from every buyer and user of an autonomous car. “Computers understand the code and translate inputs to outputs, but computer code is not optimized for humans to read.”
Meanwhile, benevolent hacks of autonomous cars continue to pile up. Keen Security Lab, which is owned by the Chinese technology giant Tencent, remotely took over a Tesla Model S in 2017 and a Tesla Model X in 2018. In March 2020 the company announced it had also uploaded malicious code into the computer of a Lexus NX300. The 2020 Pwn2Own competition was supposed to include an automotive hack event, but it was scrapped when the conference went online because of the COVID-19 pandemic.
As cars approach autonomy, says Vivek, risks will multiply. Some experts predict that nearly 750,000 autonomous-ready cars will hit the roads in the year 2023, which means they’ll be vulnerable to attack. That represents, by some estimates, more than two-thirds of cars on the road, riddled with attack surfaces both known and not. “If it can be hacked,” says Vivek, “it will be hacked.”