A Critical Design Fault in Connected Transportation

While I spend a lot of time looking at our technological future in the normal course of events anyway, I dove deeper than usual these last couple of days. Did nothing else and I came away gobsmacked in both good and bad ways.

The world of artificial intelligence is exploding with innovation. Like the Valeo technology that can ‘see’ through the vehicle in front of you – and that includes tractors pulling loaded van trailers – to show you the road and the traffic ahead. Really. The vehicle ahead becomes essentially invisible. I came across that just as I realized I’d better get writing, so I didn’t pursue it. But I’ll presume that this is a product of connected-vehicle development and that the vehicle to the rear links to the forward car or truck’s cameras and sends an image back to be displayed on the follower’s screen. Kinda weird, but oh so useful.

That may be a little way out, but long before we start using autonomous vehicles, we already have very computerized trucks and cars that are increasingly connected to wide-area communications networks — making them part of the Internet of Things (IoT). And critically, the mechanisms that control their acceleration, steering, and braking can be overridden by computers and software.

“The troubling issue for industry technologists is that these vehicles’ safety-critical systems are being linked to the Internet without adequate security and with no way to disconnect them in the event of a fleet-wide hack,” notes a recent report entitled ‘Kill Switch’ by the non-profit Consumer Watchdog.

“This is a dangerous combination, as it creates the potential for hackers to take control of vehicles remotely. Unlike other ‘connected’ technologies in which hackers can only steal information or money, hacked cars have the potential to cause property damage and death. Whereas the military and aviation industries carefully avoid connecting dangerous machines to the Internet, the auto industry has yet to learn this lesson.

“Millions of cars on the Internet running the same software means a single exploit can affect millions of vehicles simultaneously. A hacker with only modest resources could launch a massive attack against our automotive infrastructure, potentially causing thousands of fatalities and disrupting our most critical form of transportation.”

The report talks only about connected cars but the issue obviously involves our trucks as well. And in age where cyber warfare is very real – look at the last election for a mighty disturbing example – there are huge risks in here. Really huge.

One seemingly outlandish example is that hackers could, unless we prevent it, organize so-called ‘BotNet armies’ of connected vehicles banding together to cause havoc. Malevolent gangs of cars are one thing, but imagine what a swarm of evil 80,000-pounders could do.

I know, you’ll dismiss that as paranoid codswallop, but I promise you, there are lots of very serious software engineers and techie nerds who envision the possibility of exactly that sort of mayhem.

“Viruses can spread vehicle-to-vehicle,” the Consumer Watchdog report says. “Malicious Wi-Fi hotspots can infect any susceptible vehicle that passes within range. Cars can be infected with ‘sleeper’ malware that wakes at a given date and time, or in response to an external signal, resulting in a massive co-ordinated attack.”

Its conclusion is a simple and straightforward fix that should be done ASAP.

“To protect the public, carmakers should install 50-cent ‘kill switches’ in every vehicle, allowing consumers to physically disconnect their cars from the Internet and other wide-area networks,” the report urges. “Otherwise, if a 9/11-like cyber-attack on our cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. Mandatory ‘kill switches’ would solve that problem.”

Obviously, it also says future designs should isolate safety-critical componentry from infotainment systems connected to the Internet or other networks.

I’ll buy that.