Experts warn: Criminals could hack into self-driving cars to steal them, launch terror attacks or commit fraud
By oliviacook // 2023-10-10
 
Experts warn that self-driving cars are vulnerable to tech-savvy hackers who could bring cities to a standstill, commit deadly terror attacks, steal cars remotely or carry out "cash for crash" fraud. "You could have the safest vehicle, the highest cybersecurity and the tightest control of privacy data and still be wide open for bad actors to load the vehicle up with explosives, punch in coordinates, shut the door and send the vehicle to its destination," said James Niles, president of Orbit City Lab. Autonomous vehicles could potentially allow criminals or terrorists to use them as lethal weapons without putting their own lives at stake. A hostile nation can employ tech-savvy hackers to command large numbers of vehicles on U.S. roads to suddenly accelerate, turn hard to the right and flip over, probably killing many passengers and clogging freeways with junked cars. The Sun reported that drones could be used to drop explosives on innocent bystanders or a lone-wolf terrorist can load explosives into an autonomous vehicle and program it to drive into a targeted building or public space. Insurers warned that hacked vehicles could be driven remotely and could lead to incidents, such as the terror attack outside the Palace of Westminster on March 22, 2017. Six people died and at least 50 people were injured when a car sped up, mounted the pavement and began hitting pedestrians indiscriminately.

Vulnerabilities of self-driving cars that hackers can exploit

Self-driving cars require electronic brains and network connections to function. That opens up vulnerabilities hackers can exploit. The controller area network (CAN) bus is a  vehicle's "central nervous system," said Steve Lobello, owner of S&A Security in Chicago. The CAN bus is a message-based electronic system that allows the vehicle's electronic control units (ECUs) to communicate with each other. Modern automobiles can have up to 100 ECUs communicating with each other, each holding information that is relevant to other parts of its network. It can also be used with "telematics" – technology that captures important information about operations, bus driver behavior, safety and vehicle health. "You can pretty much do things, such as gain access to a vehicle’s main frame, delete and reprogram new keys and just basically speak to the vehicle in less than a minute," Lobello said. GPS systems already embedded in many cars can be spoofed into thinking they are someplace they are not. Vehicle-to-vehicle communication could spread cyber-infections. Over-the-air system upgrades could deliver malicious codes. Streaming video and audio entertainment systems could provide another pathway into the car. The more gizmos, gadgets and electrical controls you have in your vehicle, the more vulnerable it becomes to hacking.

CAN bus attacks

Here are some examples of CAN bus attacks. (Related: National Crime Agency: Car hacking tech linked to sudden vehicle thefts in the UK.) Tire pressure sensor hijack. Tech-savvy car thieves can hack your tire sensors and send false tire pressure readings to lure you into stopping your car and create opportunities to attack you and then run off with your vehicle. Onboard diagnostics hack. Anyone can buy exploit kits online that use the onboard diagnostics port, which virtually every modern vehicle has, to replicate keys, send false error codes and even program new keys to use for stealing your vehicle. "Cash for crash" frauds. With incredibly fragile systems, the Motor Insurers' Bureau (MIB) in the United Kingdom raised concerns that automated driving systems (ADS) could be hacked and re-set to leave false and misleading data trails. Externally controlled autonomous vehicles could be used for fraud incidents where the perpetrator sets up a road traffic accident to make a fraudulent claim against another party's insurance. (Related: Self-driving vehicle legislation held up by the question of who to blame in a crash.) For instance, in a hit-and-run scenario, a hacked ADS could leave data indicating that the vehicle was at the scene of an accident, when in fact it was nowhere near, thus pinning the blame on an innocent party. Watch this video about driverless cars being a new challenge to cybersecurity. This video is from the Daily Videos channel on Brighteon.com.

More related stories:

Car theft has been effectively decriminalized in London as less than 1% of London car thieves face any legal repercussions. Study: TikTok trend of hotwiring certain car models linked to surge in car thefts in U.S. cities. Data privacy concerns raised as analysis finds China-based developers were responsible for TikTok’s code. Sources include: SFChronicle.com The-Sun.com BBC.com iCompario.com Samsara.com Komando.com ThisIsMoney.co.uk Brighteon.com