Is it possible to hack and take control of an autonomous car?
Autonomous or semi-autonomous cars (which still depend, at least partially, on the actions of drivers) are increasingly present in projects developed by automakers. The “secret” to attract so much attention lies in the technology that makes them able to accelerate, brake and control the steering wheel on their own, according to the fluidity of traffic.
The system of companies such as Tesla, Volvo and Mercedes-Benz, some of the most popular when it comes to autonomous driving, is made up of several types of software. Precisely because of this, and because we currently know how complicated it is to ensure the safety of connected electronic equipment, the question arises: is it possible to hack an autonomous car and take the wheel? If the answer is based on television series, the answer is yes.
Anyone who has watched the series FBI: The Most Wanted, originally broadcast by CBS All Access, in the United States, and which in Brazil is available on Globoplay, you will certainly remember. In the 2nd episode of season 2, a hacker, driven by a feeling of revenge, invades the electronic system of an autonomous car and causes an accident, which ends with the death of a businessman, his wife and his son. But, and in real life, is a tragic script like the one experienced by the characters in the episode Execute is possible?
Life imitates art ?
searched for one of the most reputable companies when it comes to cyber security. We spoke with Fabio Assoline, senior analyst at Kaspersky, a company that has been in the market since 1997.
And his first response when asked if there is a real danger of autonomous cars being invaded by hackers was worrying. “Yes, because at the moment we see connected cars. It’s not fiction. This can happen, as long as there is vulnerability,” said the expert, who even cited a case that occurred in 2015.
“Hackers broke into a vehicle and managed to control both the accelerator and the brakes. Such an attack puts a life at risk. There is this risk if manufacturers do not carry out the proper tests. Most hire testers precisely to ensure that the product reaches the market as less vulnerable as possible,” he pointed out.
The case cited by the Kaspersky analyst involved a Chrysler Cherokee and was reported by Wired. At the time, at the request of reporter Andy Greenberg, hackers Charlie Miller and Chris Valasek successfully tried to prove that it is possible to hack the system and then take control of autonomous cars. “I was driving at 1024 km/h on the edge of the downtown St. Louis when the feat began to take over,” said the journalist. air conditioning, the radio station, and the windshield wiper, and it followed with the appearance of a photo of them laughing in front of their laptop on the dashboard of Cherokee’s media center. And that was just the beginning.
The hacking technique implemented by the duo allowed an audible warning to be sent to the journalist through the loudspeaker, ordering him to take the highway and “don’t panic, no matter what.” And what happened? A lot, actually.
According to the report published in Wired, hackers even cut the transmission, causing the car’s accelerator to stop working immediately. They also demonstrated that it was possible to remotely cut the brakes (they did this after the journalist had stopped the car safely), track the GPS coordinates and set a destination, and even hijack the steering wheel control — which is only possible if the car has the reverse engaged.
No reason to panic
Despite the traumatic experience lived by the journalist, the Kaspersky security expert pointed out that there is no reason for alarmism, as companies in the sector are extremely concerned and cautious with the elements that make up the security system of autonomous cars. “Of course this is not the kind of knowledge you find massively out there. It’s a very specific knowledge”, Assolini stressed.
According to the Kaspersky representative, to get to the point where the scene from the TV series is repeated in the real world, it would take extra effort on the part of the hacker to take control of autonomous cars. “A cybercriminal who wanted to invade he would have to study the entire vehicle infrastructure, the media, and find vulnerabilities in it. It would not be fiction and, in several researches carried out in the past, it was shown that this scenario is possible”, he concluded.
The position of assemblers
Canaltech also got in touch with some of the main automakers that work with Autonomous cars in Brazil to find out, finally, if there is any real danger of your autonomous car systems being invaded by hackers. And the answers were also aimed at calming current and future consumers of this type of product.
Evandro Bastos, Product Manager at Mercedes-Benz Automóveis, was very clear when defending the safety of the brand’s cars. “It’s not possible to happen like in fiction movies, where a person with a laptop and just a few commands takes full control of any vehicle remotely. Safety for Mercedes-Benz is not something new and it is not limited only to the moment of driving”, he pointed out.
“To take remote control of a vehicle, the hacker would need access to the entire complex internal communication structure of an automobile. Nowadays, even our direct partners and usual equipment, such as cell phone integration, do not have a direct or even indirect port to access these most critical parts of the vehicle architecture. This clearly demonstrates our concern for this type of invasion to continue to occur only on movie screens,” added Bastos.
Mercedes position gained support in the words of Volvo Cars, a Swedish brand that competes with the German and with Tesla in the autonomous car segment:
“Our approach to safety is built around a series of defense objectives where the protection of vehicle occupants and other road users is critical. Therefore, the most vital parts of a car are separated from the systems connected in different domains and safety components, to provide better protection for vital parts such as the accelerator, brakes and steering”, explained the brand in an email sent to the report.
And Chrysler?
Image: Disclosure/Chrysler
Character of the Wired story, Stellantis, the company that owns Chrysler, also took a stand in a statement sent to the site at the time the invasion took place. “FCA [nome do grupo Stellantis antes da fusão com o grupo PSA] is committed to providing customers with the latest software updates to protect vehicles against any vulnerability, and has a program in place to continuously test vehicle systems to identify faults and develop solutions,” he explained.
Subsequently, the company disclosed, on its own website, that it made available a free update for the software of the car victimized by hackers. “Similar to a smartphone or tablet, vehicle software may require updates for enhanced security protection to reduce the potential risk of unauthorized and illegal access to vehicle systems,” commented the automaker.
“A series of best practices, procedures, standards and policies govern FCA’s cybersecurity program”, concluded the company, which because of the “joke” recalled only 1.4 million vehicles to install patches on UConnect panels and entertainment operating systems to increase security and, of course, end the danger of hackers.
With information from Wired, Stellantis, Kaspersky
