Weekly Brief: Cyber Hackers see Easy Pickings with AV Tech

Prices at the pump spiked across the US last week, as a cyber attack on a major oil pipeline forced its owner, Colonial Pipeline, to temporarily shutdown all of its operations.

The attack was coordinated by a gang of ransomware rogues named the DarkSide. They targeted Colonial Pipeline’s business network and held the company hostage by threatening to leak 100GB of sensitive data on the Internet. The company is said to have caved under the pressure and reportedly paid DarkSide a 75 bitcoin ransom, which is worth nearly $5M.

The ordeal highlighted how susceptible the US’s outdated infrastructure is to cyber attacks and served as a cautionary tale for the sort of mayhem cyber attackers could wreak on the automotive industry at large. The consequences could reach far beyond more expensive gas prices at the pump. Modern cars are computers on wheels. I recently purchased an electric vehicle. The salesman at the dealership boasted that my vehicle featured 60 computers beneath the hood. That’s impressive. It’s also a vulnerability. Cyber attackers could target individual vehicles or whole networks of vehicles to obtain valuable data, win corporate ransoms, extort individuals and carry out terrorist attacks.

The rise of self-driving vehicles could exacerbate the threat. Both Waymo and Cruise have applied for a permit from the California Department of Motor Vehicles to operate a commercialized robo-taxi service in California, Reuters revealed last week that. Waymo hopes for San Francisco to be its first big expansion beyond the suburbs of Tucson, Arizona. Cruise hopes for San Francisco to be the launching pad for its commercialized robo-taxi service. The City by the Bay is thus lined up to be the first major battleground in the oncoming robo-taxi wars.

Neither company has provided a precise time frame for when it plans to launch its San Francisco service but Cruise’s CEO, Dan Ammann, revealed last week that General Motors will begin production of a new driverless shuttle in 2023. The vehicle is named the Origin and is unabashedly autonomous. It comes with no steering wheel, no pedals and no manual controls. Speaking at the Future of the Car virtual conference, Ammann said that operating a commercial service within the next two to three years “sounds reasonable to me” and added that “when the Cruise Origin begins production and goes into high volume, that’s when you’ll see things really start to take off”.

Any robo-taxi forecast should be taken with a grain of salt. “Two to three years” in AV argot is “five to ten” in everyday English. It is safe to assume, however, that fleets of robo-taxis will become increasingly common in American cities over the coming decade. As they do, they’ll represent a dramatic paradigm shift for the transportation sector. They’ll also pose a cyber-security safety risk.

Waymo, Cruise and other self-driving outfits are aware of the threat and have invested in cyber-security solutions. Waymo, for example, has isolated each AV’s on-board maps and its core driving functions from outside communication, so that hackers can’t access them through wireless connections and external systems. Still, vulnerabilities are always lurking somewhere. Last week a Waymo self-driving shuttle got so confused by a couple of orange traffic cones that it came to a halt in the middle of moving traffic and refused to move. When a backup crew showed up, the vehicle got even more confused and blocked three-lanes of traffic. If a couple orange cones can do that, imagine what a DarkSide hacker could do.

Leave a comment

Your email address will not be published. Required fields are marked *