While most new cars are now part of the Internet of Things (IoT) ecosystem, autonomous cars are more complex and require more code than cars that are driven by humans. All code contains an expected rate of error, or a bug rate. The more code, the more autonomous cars are at risk of cybersecurity threats.
Recently a Tesla Model 3 was hacked as part of the manufacturer’s cybersecurity contest badged Pwn2Own. Hackers accessed a vulnerability in the car’s web browser, hacked the code, and displayed a message on the infotainment system. It’s one thing to demonstrate a vulnerability within the approved confines of a test, but what would such an attack look like in reality?
It is not out of the realm of possibility for hackers to gain control of the code that helps run a self-driving vehicle. This makes an investment in the proper underlying code protection an easy decision by the C-suite at auto makers – not to mention the many other protections that can be put in place.
Auto makers and their suppliers are aware of the cybersecurity risks of autonomous vehicles and are taking a three-pronged approach to developing vehicle security. The first layer of security deployed by auto makers is a series of firewalls that separate subsystems within the vehicle. If one subsystem of the vehicle is compromised, the firewall prevents the hacker from gaining access to other vehicle subsystems. For example, if the hacker cracked the code for the infotainment system, that would not guarantee access to the door locks or ignition.
The second layer of protection is the ability to quickly update software via the cloud. Right now, companies testing pilot programs are at an advantage with autonomous vehicles. Fleet managers can deploy and update cybersecurity patches using cloud-based services to help fortify the automotive software systems. Tesla, for example, uses software updates to fix bugs and vulnerabilities. However, legacy auto makers such as Ford, Honda and Toyota aren’t currently able to upgrade most software systems via the cloud. Ford and General Motors have announced plans in the next four years to have their new vehicles equipped with security systems that can receive cloud-based software updates.
The third layer of vehicle protection uses artificial intelligence to detect deviations in the behavior of the vehicle systems. This enables auto makers to quickly detect cyberattack attempts before they create significant damage.
It is not a question of if autonomous vehicles will be a part of everyday life, but when will they be fully integrated into public life. Car makers and third-party security providers will heavily rely on the assistance of cybersecurity innovators that can give the underlying code the attention and protection it demands to ensure the safety of both passengers and pedestrians on the roads of tomorrow.
Asaf Ashkenazi, chief strategy officer, Verimatrix
