A growing threat: Car hacking

To date, there are no known cases of cyberattacks on government or civilian vehicles in the United States, but law enforcement agencies are certainly aware of the possibility. Before working with State Police, Mission Secure and U.Va. ran tests on an automated Toyota Scion owned by Charlottesville’s Perrone Robotics Inc. Using just a wireless key fob, researchers were able to take control of the Scion’s braking and acceleration.

A recent episode of CBS’s “60 Minutes”also showed how a hacker was able to cause problems to an ordinary sedan being driven by reporter Lesley Stahl. In that demonstration, the hacker used a laptop to take control of the acceleration, braking, windshield wipers and car horn.

Alarming as these possibilities are, Horowitz said that cybersecurity for physical systems already has a huge advantage that is lacking in the security for information systems. Physical systems are capable of far fewer functions, so it is much easier to recognize when they are exhibiting “illogical behavior.”

Examples of this illogical behavior would be continued acceleration while slamming on the brakes or automatic windshield wipers that turn on when there is no rain. It is immediately apparent that there is a problem, so the next steps are to correct the malfunction and identify its source.

This is where Mission Secure’s patent-pending Secure Sentinel device comes in. It acts as a monitor that drivers can trust and is extraordinarily secure compared to the system it is guarding.

Horowitz said that the purpose of the device is twofold. “First, save the driver in the car,” he said, “and second, let’s figure out who did it and how we can find them.”

The platform will do this by simultaneously monitoring potential areas for attack and alerting the driver of any incoming issues. Further tests will determine the most efficient way to alert the driver, but Horowitz said it may start out as something as simple as a horn blast. Once any consequences of an attack are stopped, the system will then begin forensic work to track where it came from.

The Virginia State Police will use their own experience to help researchers identify the most likely points of attack.

“We’re trying to figure out what we call the ‘most likely and consequential’ cyberattacks that could occur,” Drescher said.

The release notes that the State Police have provided two police cruisers to be used as test subjects for the research, one each of the standard Ford and General Motors models they use. Researchers will test them for vulnerabilities on an escalating scale starting with the most basic and working their way up to more sophisticated attacks.

“We’re starting with common tools,” said Ed Suhler, Mission Secure’s co-founder and vice president of implementation. “We want to see what your average IT person could accomplish and then work our way up from there.”

Right now, there is an information gap between the fields of mechanical engineering and computer science. By looking for ways to bridge that divide, the research team hopes to better prepare Virginia for the future of automated vehicles. This commitment from the governor’s office means more law enforcement personnel could be trained and educated on the overlap between physical systems and cybersecurity.

“As a population, we’re not prepared yet,” Horowitz said. “Luckily, nor are the attackers quite yet.”