ANN ARBOR – A new report published by University of Michigan's automated vehicle testing facility, Mcity, lays forward several security vulnerabilities that must be overcome before automated and connected vehicles can become widely adopted.
In the report, titled "Assessing Risk: Identifying and Analyzing Cybersecurity Threats to Automated Vehicles," researchers imagine three scenarios in which self-driving vehicles show signs of security attacks.
First, an automated vehicle veers off its navigation route, takes its driver to a desolate road, pulls over and stops.
Second, when the driver calls his or her vehicle to come to a store, and instead receives a ransom message demanding a $100 bitcoin transfer in return for the vehicle.
Third, a self-driving vehicle won't move from the driveway, since it senses it's been hacked and the driver's home has been preprogramed as its safe destination.
Sounds like something out of a movie, right?
(Photo: Steve Alvey, Michigan Engineering)
This would be the reality for vulnerable security systems on automated vehicles.
Mcity researchers have created what they call the Mcity Threat Identification Model, which could help industry and academic researchers better understand potential threats.
"Cybersecurity is an overlooked area of research in the development of autonomous vehicles," said Andre Weimerskirch, lead author of the paper, who leads Mcity's cybersecurity working group and is also vice president of cybersecurity for Lear Corp. "Our tool marks not only an important early step in solving these problems, but also presents a blueprint to effectively identify and analyze cybersecurity threats and create effective approaches to make autonomous vehicle systems safe and secure."
Along with the new technology of advanced mobility comes new security risks, and researchers believe the tool is the first of its kind.
The new model outlines a framework for considering: the attacker's skill level and motivation; the vulnerable vehicle system components; the ways in which an attack could be achieved; and the repercussions, including for privacy, safety and financial loss. - Mcity
But while the idea of one's car being hacked is terrifying, so is the thought that one's personal home network can also be accessed through the car's system.
"It might seem convenient for an autonomous car that gets within 15 minutes of your home to automatically turn on your furnace or air conditioner, open the garage and unlock your front door," the researchers write. "But any hacker who can breach that vehicle system would be able to walk right in and burglarize your home."
Public networks that will connect with driverless vehicles include roadway sensors, traffic signals, cameras, the electricity grid and the financial networks that process parking payments and tolls.
"Without robust, fool-proof cybersecurity for autonomous vehicles, systems and infrastructure, a viable, mass market for these vehicles simply won't come into being," said Huei Peng, Mcity director and the Roger L. McCarthy professor of mechanical engineering. "Funding this kind of research is a critical part of Mcity's mission to help break down barriers to widespread deployment of connected and automated vehicle technology."