Google's Driverless Cars Are Plum Cyber-targets

Google is building two-passenger prototypes that don't have steering wheels, accelerator pedals or brake pedals in an effort to bring the self-driving small electric cars to market. But what about safety?

The vehicles are currently being built but the internet giant has been testing self-driving cars since 2009, helping incorporate some of the technology (such as laser sensors and radar) into Lexus SUVs and the Prius from Toyota. According to Chris Urmsen, director of the self-driving car project at Google, it’s now moving to the prototype stage through partnerships with automotive suppliers and manufacturers.

“We’re now exploring what fully self-driving vehicles would look like by building some prototypes; they’ll be designed to operate safely and autonomously without requiring human intervention,” he explained in a blog. “Our software and sensors do all the work. The vehicles will be very basic—we want to learn from them and adapt them as quickly as possible—but they will take you where you want to go at the push of a button. And that's an important step toward improving road safety and transforming mobility for millions of people.”

The positives are obvious: humans are unreliable, easily distracted and have vastly slower reaction times than software. With a computer brain at the wheel, driving will also be more efficient, translating to environmental and economic benefits. But with technology this complicated,there are inevitable bugs.

A recent episode of HBO comedy Silicon Valley showed a main character being offered a lift in an autonomous vehicle; his initial tech-fueled delight gives way to terror as the car changes its destination seemingly on its own, and takes itself to be loaded into a shipping container bound for an island that straddles the International Date Line.

In a more plausible scenario, these kinds of connected cars are the next target for cyber-criminals.

“Google’s autonomous car may sound like the smartest piece of tech to hit the automotive market, but without the appropriate security in place, it’s the equivalent of leaving your keys in the ignition while you pop in the shop,” said Antoine Rizk, vice president for global go-to-market programs at Axway, in a comment to Infosecurity.

He added, “By handing the control, or in this case the steering wheel, over to our cars people could not only be putting their lives in the trust of their vehicles, but they’ll also be making themselves an open target for potential criminal attacks. If hackers are able to remotely start up and drive cars, there’s the potential for them to drive away with thousands of pounds worth of cars without ever being present at the scene of the crime; a challenge that may seem too tempting to resist for many.”

Wil Rockall, director in KPMG’s cyber security team, added that while the move will clearly herald improvements in road safety (no more drunk driving!), the potential for nuisance attacks, like ‘spam jams’ and hacker-driven congestion, is significant too.

“For all the positives, the industry will need to be very alert to the risk of cyber manipulation and attack,” he told Infosecurity. “Self-drive cars will probably work through internet connectivity and, just as large volumes of electronic traffic can be routed to overwhelm websites, the opportunity for self-drive traffic being routed to create ‘spam jams’ or disruption is a very real prospect.”

But that’s not all: there’s room for acts of terror too, from abductions to large-scale destruction. “Imagine what would happen if a criminal organization obtained control of a fleet of cars, which they could use to block traffic, hamper access to airports, collide with police cars and so on,” Rizk said. “To enjoy a smooth ride to driverless success, Google must instil trust in the public as well as society as a whole, assuring the world that they are implementing the necessary security measures from the word go. Failure to do so could result in security breaches with far more serious consequences than having your personal information stolen.”

Rockall noted that in any driverless car, manual options must be built in. “The industry takes safety and security incredibly seriously,” he said. “Doubtless, overrides could be built in so that drivers could shut down many of the car’s capabilities if hacked. That way, humans will still be able to ensure their cars don’t route them on the road to nowhere.”

All of that said, we should prepare for the idea to become reality. “We’re planning to build about a hundred prototype vehicles, and later this summer, our safety drivers will start testing early versions of these vehicles that have manual controls,” Google’s Urmson said. “If all goes well, we’d like to run a small pilot program here in California in the next couple of years. We’re going to learn a lot from this experience, and if the technology develops as we hope, we’ll work with partners to bring this technology into the world safely.”

It's also worth keeping in mind that self-driving cars are just the tip of the Jetsons-like tech that Google is developing, so the safety lessons learned here will be invaluable going forward. 

"Over the past decade, Google has expanded out from their search business into a variety of other verticals including email, cloud data storage, maps, web analytics, wearable technology, driverless cars and a zillion other secret projects they are working on in unmarked warehouses out in Silicon Valley," noted Leigh Drogen, an investment analyst at Estimize.

What’s Hot on Infosecurity Magazine?