It still seems science fiction: getting to work in a self-driving car, which drops you off at the door and then makes its own way to the parking lot (or to juice up if it’s an electric car with the battery running low), coming back to pick you up at the end of the working day. Such a scene still seems to lie in the future, but as William Gibson memorably said: ‘The future is already here – it’s just not distributed evenly’. In some cities of northern Europe and the western seaboard of the United States there are already some autonomous cars running on the road in test phase alongside conventional cars and drivers. Here in Spain, however, legislation does not allow it yet and we won’t see them on our roads for some time to come.
Technology has not yet reached a sufficient level of maturity for carmakers (and car owners) to activate self-driving systems; the knock-on effect of this immaturity is mistrust. Drivers are still wondering if the car, on a damage-limitation principle, might suddenly decide to throw itself down an embankment with the “driver” inside to avoid crashing into a broken-down school bus on the side of the road. This worst-case scenario could never in fact happen. Three streets before coming up against the bus our car would have been warned of the incident by roadside balises (that’s right: smart-cities also have a lot to say in this issue of the connected car). Information will also have been sent to the bus and to cars in the vicinity, telling them to simply avoid this route.
But safety is not the only qualm. There is also security. At the moment it’s pretty hard for a cybercriminal to break into a normal car unless by forcing the lock or tapping into one of the vulnerabilities of today’s smart keys, which are liable to relay station attacks. But what will happen when the car is permanently connected to internet, receiving data that could be processed in nanoseconds? We’ve already seen connected-system vulnerabilities that enabled a couple of researchers to override the braking system of a Cherokee Jeep, causing it to career off the road into roadside hedges. We’ve also seen how Keen Lab researchers found a remotely hackable vulnerability in a Tesla Model S (which runs, incidentally, on Linux) and calmly made off with it. We ourselves in our CONCYVE connected-car laboratory have managed to trick the navigator of our test vehicle with a simple, 30-dollar GPS antenna and laptop. Had it been in autonomous mode we would then have been able to steer it to a hazardous destination or simply take it off the road.
Does this mean the connected car is not safe or secure?
This safety-security confusion doesn’t arise in English, precisely because the two terms “safety” and “security” exist, but in Spanish the same word “seguridad” has to cover both cases, mixing things up a bit. Connected cars are in fact much safer than today’s cars since they cut out the human factor, are more ecofriendly and will create fewer traffic problems and, of course, fewer road accidents. In terms of security, however, carmakers need to take the new connected-car risks onboard due to the very fact that they are connected. Right from the design phase they need to liaise with cybersecurity experts to help them out in this task.
This is proving to be a stiff challenge for carmakers. They now need to bring security experts into their safety departments and get them “talking to each other”. Sometimes this is no easy task. (We cybersecurity experts can be a bit “quirky” at times.) But the truth is they are now learning apace. A few days ago Vancouver hosted Pwn2Own, a cybersecurity conference in which Tesla offered a Model 3 as reward for any hacker capable of cracking system security. This event was epoch-making. It was the first time a carmaker had ever taken part in a security and hacking conference. This suggests there is some light at the end of the tunnel, with due importance now being given to information security as well as road safety. In the coming months we’ll see if other manufacturers join in initiatives of this type and collaborate with cybersecurity experts to improve vehicle security. It’s always better to do this from the start rather than having to call in a whole batch of vehicles for software updates or patches sent out remotely every time hackers unearth a new vulnerability.
Author: Carlos Sahuquillo
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV