At the end of the 19th century, an event occurred in Europe that changed almost the entire course of world history. Messrs. Daimler and Benz created the world's first self-propelled stroller powered by a gasoline engine. The car gave people the ability to quickly and cheaply move from point A to point B. This led to the complete displacement of horses from the streets of cities by road transport over the next forty years. But both then and now the main control unit of self-propelled carts is the driver – a representative of the primate order of homo sapience. But biological evolution has poorly adapted people to be an active driving system. We perceive the world 'by eye', not always correctly assessing the distance to someone else's car or a light pole. People fall asleep while driving, because we cannot consciously control this process. Our brains tend to downplay the dangers of drunk driving. If we are very excited, then the level of concentration on the road situation may fall below critical. All this leads to the fact that about nineteen thousand people died on the roads of Russia in 2017 – this is more than a tank division of the Russian Federation.
Cars in the computer age
With the dawn of the computer age, vehicle manufacturers have been able to simplify the control of their four-wheelers with digital devices. They help the driver make a decision and sometimes even take control of the car, for example, when parking automatically. Motor vehicles are increasingly turning into a computer on wheels. Computing systems are becoming more powerful every year, algorithms are getting smarter, and the day is not far off when the autopilot will be able to replace the person behind the steering wheel of a car. Cars will be able to independently exchange information, read the traffic situation in real time using video cameras, radars, lidars and a geolocation system (for example, GPS or GLONASS), build a traffic pattern and direct the car at an optimal speed from point A to point B along the most profitable route . The autopilot will not fall asleep, will not be drunk, it strictly maintains the speed limit on the road and has time to react to a child who unexpectedly ran out onto the road. At the same time, the passenger in the driver's seat will enjoy the latest masterpiece of the Russian film industry, bought completely legally, on the micro-LED display of his smartphone. An idyll, and more!
This beautiful picture is spoiled by only one fact: programs and computer components that are created by people are imperfect. There is no software without bugs. Unfortunately, testing can not fully reveal software errors, some of them are detected during vehicle operation. From time to time, these errors creep out on the road in the form of, for example, a cruise control gone crazy – the forerunner of autonomous vehicle control systems. Or an autopilot system that kills the owner of the car or an accidental pedestrian, even if he violates the traffic rules. The story of the experimental Uber car, which ran over a pedestrian at the moment when the driver, lulled by calmness, devoted all his attention to the events taking place in his smartphone, and not the traffic situation. Similarly, with the incidents with the Tesla autopilot: at the moment when the autopilot made a mistake, the driver, who truly believed in the triumph of science and technology, occupied his attention with the smartphone screen. This is a property of human nature, nothing can be done about it. Yes, after investigating the incident, the manufacturer usually releases a new version of the program that needs to be installed on the car's on-board computers. Some manufacturers do it the old fashioned way, in authorized service centers, but the most progressive ones can already independently download and install software updates via the Internet. But it's not at all a fact that, having corrected one problem, the programmers did not add a couple of new ones. Therefore, new versions pass all types of testing that are possible, including on real cars, which takes a lot of time.
What one person builds can be broken by another – after all, breaking is faster, easier and cheaper than building. We have all heard about constantly found, fixed and re-found vulnerabilities in the software of all companies without exception. The software that runs in your four-wheel friend is no exception. In 2015, cybersecurity researchers Charlie Miller and Chris Vlasek publicly demonstrated remote hacking of a Cherokee jeep via the on-board infotainment system Jeep – Uconnect. The hackers were able to take control of the computerized gearbox and brakes. A year later, the same researchers were able to hack into the Cherokee's on-board computer system using a hand-assembled hardware device installed in a dedicated port under the dashboard. By giving their own control signals through their device, the hackers were able to completely take over control of the car, including steering and speed control. Attackers can attack GPS receivers used by self-driving vehicles from a distance of up to 50 meters, forcing their navigation systems to re-route the way the attackers want. Another potential scenario is the installation of software into the car with a special tab that is triggered by some condition. And that is convenient: he sold self-propelled carts to a potential enemy, and then once – and everything, the on-board software is erased, and the car does not drive at all, since the steering wheel has long been transmitting the force to the wheels not through hydraulics, but through a microprocessor controlled by the on-board firmware. No firmware – no control.
It is impossible to stop progress, self-driving cars are a matter of the very near future. Such cars will be more economical, more convenient, safer both for drivers and for people around them. But new technologies entail an inevitable increase in the number of challenges to which security specialists will have to answer, including its cyber-related areas. Unfortunately, the current approach to cybersecurity for autopilots for cars is based on the principle of 'find a bug – fix the source – release an update – install an update'. The problem with this approach is that attackers will be able to attack all the machines that are vulnerable, up to the installation of a new, patched version of the onboard software on the machines, which will take a significant amount of time to release. Moreover, this approach will not be able to do anything with intruders who install their hardware devices into the control systems of the car. In the scenario of my feature film, the villain-hacker implements precisely this vector of attack on the target car of the protagonist, controlled by the autopilot – and the passengers of the attacked car find themselves in a position where they are completely powerless to oppose anything to this. There is no doubt that cybersecurity professionals will work with car and driving software manufacturers to find a way out of this situation. I believe that new technological approaches will soon be implemented to ensure the cybersecurity of self-driving road transport connected to the worldwide network. In the meantime, even after turning on the autopilot, do not take your hands off the steering wheel and watch the road, okay?