informa
News

Miller & Valasek: Security Stakes Higher for Autonomous Vehicles

Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.

No '80s-era Adidas tracksuits. No video of a hacked Jeep Cherokee slowing to a crawl from 70 mph on a highway after losing its acceleration power. No steering-wheel hijacked Jeep stuck in a muddy ditch. This time, famed car hackers Charlie Miller and Chris Valasek came purely as defenders - rather than hackers - of automobile security.

Valasek and Miller, now both principal security architects for autonomous-vehicle manufacturer Cruise Automation, at Black Hat USA last week mapped out the key issues surrounding securing this new generation of driverless cars, based on their past three years working in the self-driving vehicle industry collectively for Uber, Didi Chuxing, and now Cruise, of which General Motors is a majority owner.

"We have a unique perspective ... we've done a bunch of car hacking," Miller said in an interview in Las Vegas prior to his and Valasek's presentation. "In the last three years, it's all been all about protecting" cars from attack, he says.

His and Valasek's 2016 hack of the Jeep Grand Cherokee steering at speed was at least physically defendable, he says: Such a remote attack on an autonomous vehicle would not be. "The moment we turned the steering wheel, we [the driver] had a shot at resisting the attack. But in the future, there's not going to be steering wheels and brakes, so you're completely reliant on the car to drive itself," Miller says of autonomous cars. "So the stakes are even higher."

The goal of their driverless car security work, they say, is not about sniffing out the most or least hackable self-driving cars, but to make hacking them too much work for an attacker to bother doing. "[It's] how to make the ROI [return on investment] so low for an attacker that it's not worth doing," Valasek explains.

Among the devices they're helping secure are the tablets that serve as the human interface to the autonomous vehicles. Reducing the potential attack surface found in many of today's modern driver-run cars is a goal: if Bluetooth is unnecessary, it shouldn't be included, for example.

"There's always going to be vulnerabilities in code. So if you don't need something, take it out," Miller says. If the vehicle needs Bluetooth, for instance, it should have as few ways as possible to take data from the outside world to the car, he says.

Ethernet is the communications network infrastructure of choice for autonomous vehicles, the researchers say. And the key is isolating connected components from components that control the vehicle. "For example, the communications module should not have a direct connection to the CAN bus and should not be the same as the main compute module. Likewise, the tablets should be isolated as much as possible from more trusted components of the vehicle," Miller and Valasek wrote in a white paper they published last week.

Autonomous vehicles do come with some inherent advantages security-wise: since they're owned and deployed by a service in many cases, that provider also handles monitoring and maintenance of its fleet. The cars return to a garage each day where they get checked or fixed, and their software can be updated, while traditional cars rarely get software updates.

If a problem is detected in a self-driving car, it can be remotely powered down, or returned to the garage. In addition, the vehicles come with custom communications modules rather than a standard Web interface.

Threats

Among the possible remote threats to an autonomous vehicle, they say, are attacks on: the listening service in its communications module; remote assistance features; and on the infotainment system, for example. An attacker also could target the vehicle's fleet management service, or its software update service.

On the local side, Wi-Fi, Bluetooth, and tire pressure-monitoring systems could be targeted, as well as sensors in the vehicle. But Miller and Valasek say the biggest concern is a remote attack that could result in an attacker physically controlling the vehicle.

"We know what to do. We know what's on the line," Valasek says of their security work.

"It doesn't matter if it's Cruise, Waymo, or Uber - the hack of a driverless vehicle is bad for everybody," he says. "We want to share our thought process here. We don't want anyone to have incidents."

The new security advancements being forged in autonomous cars likely will trickle down to traditional driver cars, too. "Once [security] is in the firmware, it will be easy to do in regular cars," Valasek says.

Meanwhile, Cruise has not yet rolled out its autonomous vehicle models nor has it provided a timeframe for the release.

"We're the pre-flight [security] check," Valasek says.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

Recommended Reading: