Cork, Ireland - Disruption is a wonderful form of progress; look at Uber and Air BnB, disruptive forces and great businesses.
And if you think these companies' shake-up of the taxi business and the hospitality industry were disruptive, wait for the autonomous car. But, according to a leading international security expert, the driverless car risks introducing chaos rather than disruption, that mother of innovation.
Driverless cars have enormous potential for positive change on the roads, with human behaviour being to blame for most problems - driving under the influence of drugs or alcohol, road rage and speeding to name but a few.
Imagine that it was just you and lots of calm, efficient automatons doing the school run in the mornings, no stressed mums pointing fingers at you or rushed dads cutting in front of you, no minibus taxi drivers making your life a misery. In fact, you might as well send your own little monsters to school in a driverless car too. Sounds like positive change, progress even.
Not so fast, says Jonathan Petit, a research fellow in the computer security group and the mobile and internet systems laboratory at Ireland's University College in Cork.
“Autonomous cars will enable a new range of cyber crimes, “ he predicted.
It’s not just technical boffins who are imagining driver-less cars doing all the driving, even taking the kids to school. But, warned Petit, criminals could stop the car, kidnap your children and demand a ransom.
Imagine the struggle with your conscience: spend a fortune on a holiday or to get the kids back? You might fancy the holiday (you put them in a driver-less car after all), but society and/or grandparents might demand a different outcome.
EVASIVE ACTION
Petit said hackers could also easily trick self-driving cars into thinking that another car, a wall or a person is in front of them, potentially paralysing it or forcing it to take evasive action.
He said criminals could hijack an autonomous car remotely, bypassing all safety systems designed to prevent a collision and make the car crash into a building, or even run over a human target without having any casualties on the criminal side.
An attack could be launched remotely by hijacking the car's computer or from metres away using a small, cheap laser and a computer. In a paper that Petit will be presenting in November at the Black Hat security conference, the world's premier conference on information security, he describes how he used a laser light and a Raspberry Pi, a low cost, credit-card sized computer, to spoof fake objects and cause the automated vehicle to trigger a “minimum risk condition”, bringing it to a graceful halt at the side of the road.
Automated cars use laser ranging systems known as lidar, which - much like radar - use spinning lasers usually mounted on top of a car to map surrounding areas. But, Petit's paper shows, hackers can use a low-power laser to fool the lidar into detecting echoes of fake objects, such as pedestrians, cyclists, other cars, or buildings.
Petit describes how he used easily available tools to trick the car from up to 100 metres away, bringing it to a halt or tricking it into taking evasive action such as turning away from spoofed objects.
“I can spoof thousands of objects and basically carry out a denial-of-service attack on the tracking system so it's not able to track real objects,” Petit said. “I don't think any of the lidar manufacturers have thought about this or tried this.”
The inherent connectivity in an automated vehicle adds other risks too. Connectivity will range from cellular connection to the cloud for remote diagnostics or software updates to vehicle-to-vehicle communication for safety-related applications such as collision avoidance or traffic efficiency applications.
These connections risk leaking sensitive and private information that can be monitored or collected for the purposes of blackmail or to track a vehicle and/or passenger's movements.
NOT READY
So will mums and dads ever be able to sleep in on a school day, safe in the knowledge that the car is delivering the children safely to school? Petit says his work has demonstrated the need for deeper research into security and privacy of automated and connected vehicles before their deployment on public roads is seriously considered.
We are not ready for automated automotives, it seems. But the truth is that right now motoring, which increasingly combines human fallibility and computer 'hackability', is less than perfect, even for those who don't have to do the school run.
In February, Edward Markey, US Senator for Massachusetts released a report, “Tracking and hacking: security and privacy gaps put American drivers at risk”, revealing that many modern cars had integrated wireless technologies such as Bluetooth and even wireless internet access, yet the industry had not addressed the dangers of hacker infiltration into vehicle systems.
The report also detailed the widespread collection of driver and vehicle information, without privacy protections for how that information is shared and used.
“Drivers have come to rely on these new technologies,” said Markey, a member of the US Senate's Commerce, Science and Transportation Committee, “But unfortunately the automakers haven't done their part to protect us from cyber-attacks or privacy invasions.
“Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”
Markey took up the fight after studies, not unlike Petit's recent research on driverless vehicles, showed how hackers could access the controls of vehicles and cause them to suddenly accelerate, turn, brake and so on (see video below) . So the research must continue - as must the school run.
ANA