Security gurus get behind wheel of driverless car debate Security experts have already waded into the UK government's consultation into self-driving technologies. The two month session comes against a backdrop of increasing concerns about connected cars. Infosec vendors argue security needs to be considered alongside other issues such as changes to driving regulations (the Highway …
True, but they're focusing on self drive as it's in its infancy and the best time to get people thinking about consequences while they're developing they're automated driving system. Bringing up the Jeep hack is just a very good example of how cars today are being hacked, so sweeping the issue under the carpet shouldn't be an option.
Right now if you owned a Jeep that was hacked and caused you to crash, you'd probably find yourself fighting with your insurance provider who are refusing to pay as the car was hacked and in their language modified so your insurance is null and void. Fighting with the manufacturer who will say claim from the insurance company/it must be your fault our cars are great and can't be hacked. As well as anyone you may have had the misfortune to hit. If they get nowhere with your insurance they'll mount a private prosecution and it's goodbye money/house/car/family.
The people in the article are saying sort this scenario out before automated cars are available, rather than automated cars have problems current cars don't.
You're correct, the Jeep wasn't self-driving so the only options were limited to 'keep it running' or 'make it stop'.
Are you really sure you want to add 'steer into oncoming traffic', 'drive off a cliff' or 'head for the nearest crackhouse so we can rob you blind' to the list of choices? If I can think of these, and I'm a law-abiding citizen, you probably won't want to think about what the bad guys would come up with...
>You're correct, the Jeep wasn't self-driving so the only options were limited to 'keep it running' or 'make it stop'.
>>Are you really sure you want to add 'steer into oncoming traffic', 'drive off a cliff' or 'head for the nearest crackhouse so we can rob you blind' to the list of choices?
If a hacker had full control of all the modules in a modern, human-driven car, the brake modules could be used to cause a catastrophic accident, since each wheel can be controlled independently.
There is a non connected watchdog in the ESP unit. It monitors the power to the valves and if it sees an abnormal signal pattern it cuts power to the valves so they return by springs to connecting the brake master cylinder to the callipers in the tradditional way.
You might still be able to cause a catastrophic accident, but you can't just lock up one wheel by putting the brake on full and let it happen. Your brake application pattern has to avoid the watchdog.
>They're right to be concerned, but this isn't a self driving issue...
As acknowledged in the last two paragraphs of the first page:
The security issues applicable to cars arise from their connectivity rather than whether or not they are self-driving, according to some experts.
"I think the security issues come from not air gapping the car rather than the degree of autonomy," independent technologist and entrepreneur Ken Tindell told El Reg.
Of course many of the components of self driving cars have been in place for ages - such as 'stability control' braking systems that apply different braking to different wheels if the vehicle feels it is about to tip over (if I remember the driver's manual to our Transit van correctly - it's not a particularly modern Transit, either).
Having worked in the Automotive electronics industry for many years, I can tell you how this will play out.
1. Car manufacturers will reject any insurance situation for self-driving cars where the manufacturer is 100% liable. There have been similar insurance situations discussed in the past (ex: liability for defective airbags) and in many countries some liability laws could allow the plaintiff to actually own the car manufacturer under certain very extreme and emotional situations. Example: A pregnant woman trusts her self-driving car to take her to the hospital, car malfunctions/hacked/etc, woman and fetus die, father sues and jury awards him all of Europe.
2. Insurance companies will refuse to insure a car where liability cannot be easily determined. For example, in the U.S. if you rear-end someone you are immediately liable, even if the first car stops short. Easy assignment of liability is more important than justice.
Personally, I doubt that self-driving cars will ever be allowed on the road for these and other reasons. In short, the financial danger to big business is too great.
Bill G, Governor of California J. Moonbeam has already signed into law the right for self-driving cars to operate on California public roads. No conditions at all other than the car meets current crash standards. It the wild west until some laws are formulated to regulate and qualify models allowed on the road. I swear he's not taking his meds regularly.
Munro does acknowledge that the problem is not limited to self driving in the article. "Munro commented: "Let’s look at the possibility of a viral/worm attack (that could affect say a broad range of vehicles that share a component or OTA mechanism). Is it likely? I’m not sure, but the impact of such an attack would be systemic – not one car, but lots and lots of cars.""
My concern is not only with self driving.. A hacker could connect to a car and disable the brakes while someone is speeding along. Or they could do that same thing with multiple cars. Imagine the scene if someone disabled the brakes and jammed the throttle open on multiple cars along a stretch of motorway. While some drivers may be able to wrestle with the handbrake (assuming that remains a manual system) and at least slow the car down, not everyone will, so there would still be a bad pile up, possibly with many deaths.
Autonomous driving systems are just one more system they could hack.
I think we are at an important juncture in artificial intelligence here. Who is responsible for the actions of the AI? The AI itself cannot be held responsible as it has no concept of the results of it's actions. Who is responsible? The Manufacturer (after all there may be fixable defects in the software or hardware running the AI)? The driver (after all, they may have installed something that causes a defect in the AI)?
My own personal view is that the Manufacturer should be responsible. My reason? Companies often only support a new device or software version for a couple of years. This is annoying but sort of acceptable for computers, mobile phones etc. These devices will not kill people if they are hacked or go wrong (unless there is an electrical fault, but this is unlikely to be triggered by a hack). Cars *can* kill people if something goes wrong, and they are hacked.
The manufacturer must publish the official guide to maintenance, and garages carry liability insurance against bad repairs.
Like they currently do.
For a rather large example in another industry, look at commercial aviation. Airframe and engine manufacturers can and have been held liable for incidents - whether anyone was actually hurt or not.
Could be a good way to steal 100's of cars in one go.1. Find a vulnerability in a particular make of self driving car.
2. Deploy malware to all those cars
3. Set the malware to automatically drive all those cars to a specified location
In between one and two, make a demand for a large Bitcoin ransom to be sent or else. Add 2.5 if the moola isn't forthcoming by disabling a load of cars on a medium usage highway with the threat of doing the same on a major highway during Friday rush hour.
Done right and it will take more than an OTA patch to get rid of the malware. I shudder to think of the auto dealerships when hundreds or thousands of cars are all brought in at the same time for a cleansing.
For the existence of "self-driving" cars to not end in a nightmare of civilization collapse, the whole industry needs to be handled in the same way airline planes are.
In other words, we need a Car Transport Authority just like we have an Air Transport Authority, with the same process and the same clout when it comes to immobilizing a car series that is not up to snuff.
Until we have that, the whole situation will be an unending game of chaotic security whack-a-mole, and insurers will run for the hills.
I see the potential for endless controversy here.
Assuming that in-car software will require updating at intervals who will be responsible if an incident is the result of a bug that's been fixed but not installed?
Will car owners be obliged to install an update even if it includes features they might not find desirable such as automatic detection of motoring misdemeanours or phone-home movement tracking?
Maybe I should have become a lawyer.
"Will car owners be obliged to install an update even if it includes features they might not find desirable such as automatic detection of motoring misdemeanours or phone-home movement tracking?"
They already do that. The fly by wire accelerator on my car has changed it's behaviour since the service before last. It used to have a normal "kick" on first applying it but had resistance near the floor that took extra effort to really floor it. Now it's got almost no kick at first press and the resistance to discourage flooring it has gone. No one told me that was going to happen before it went in for its service, no one told me after the service that things had changed. I had to go back in to the garage and ask what was "wrong" with my car when the accelerator felt so different.
Yeah, thats some very saddening news from Nice.
For sure, one can imagine automated or semi automated trucks in five years time that are incapable of running people over - but then, if someone was determined enough, they might be able to disable those systems.
Alternatively, would the police in the future be able to remotely stop any human-driven vehicle? (though of course last night's tragedy occurred too quickly for such measures)
The best way to handle it would seem to be no-fault insurance required for anyone owning/operating an autonomous vehicle, with that insurer dealing with the manufacturer of the car to recover for accidents deemed to be their responsibility through a software error or manufacturing defect. There will be many years with autonomous vehicles sharing the road with human driven vehicles, and human driven vehicles will be responsible for most accidents (because they won't allow the autonomous vehicles on the road until they can demonstrate a clearly superior driving record)
The rates you'd pay would depend on the 'driving record' of the car you own, similar to how today the rates you pay depend on your own driving record. Someone who has tickets and accidents on a regular basis pays a lot more than someone who hasn't had either this decade. The same would be true in the autonomous world, if you bought a car with a "poor" driving record relative to others you'd pay more. That would be one of the things you'd take into account when buying a car, just like gas mileage and repair/reliability.
I could see insurance becoming usage based - someone "drives" an autonomous car 100,000 miles a year is a higher risk than another totaling only 5,000 miles a year.
Self-Driving Cars will continue to make bone-headed moves like trying to drive under trucks.
The regulators are likely going to set standards that'll need a whole new approach.
That'll delay the whole thing by about ten years.
The Google approach, limiting them to creeping around at 25mph maximum, is a perfectly feasible approach. But it might be faster to just walk.
"The Google approach, limiting them to creeping around at 25mph maximum, is a perfectly feasible approach. But it might be faster to just walk."
In many cities, getting up to 25mph can be quite an achievement that requires marking with a celebration.
IMO, Google have got the right idea. Small, relatively cheap, electric "city cars" that are not expected not capable of going faster than 25-30mph might be the best way to "prove" self-driving cars. On the other hand, it could be better to have self-driving cars which will only engage self-driving mode on motorways but not on anything more complicated.
As system integrator, the buck stops with the vehicle manufacturer. They bear the ultimate liability for deficient vendor components, from airbags to autopilots, and if a vendor (like Takata) goes bankrupt, the carmaker gets shafted. Carmakers would be wise to limit the total complexity of their vehicles to a level they can manage. Hint: that means less automation, not more.
I don't understand why carmakers and governments are so gung-ho on self-driving cars. If governments change the laws to protect carmakers from their rightful liabilities, when things go south we the taxpayers will get shafted by the mother of all bailouts.
Around these parts, a I recall, manufacturers are required to continue to provide parts of service for a model up to ten years after its introduction. For mainstream/popular models this can easily extend another decade. How does that play in the universe of drive-by-wire? Can I reasonably expect the manufacturer to keep patching current on my "classic"? And, if not, does that mean the firmware should be released or otherwise made available to third parties who may want to support it? Or on another level, are there sufficient standards in place that I can rip out the old no-longer-supported box and replace it with something current/supported?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
