Schlagwort-Archive: autonomous system

Securing Driverless Cars From Hackers Is Hard, according to Charlie Miller, Ex-NSA’s Tailored Access Operations Hacker

Securing Driverless Cars From Hackers Is Hard. Ask the Ex-Uber Guy Who Protects Them

Two years ago, Charlie Miller and Chris Valasek pulled off a demonstration that shook the auto industry, remotely hacking a Jeep Cherokee via its internet connection to paralyze it on a highway. Since then, the two security researchers have been quietly working for Uber, helping the startup secure its experimental self-driving cars against exactly the sort of attack they proved was possible on a traditional one. Now, Miller has moved on, and he’s ready to broadcast a message to the automotive industry: Securing autonomous cars from hackers is a very difficult problem. It’s time to get serious about solving it.

Last month, Miller left Uber for a position at Chinese competitor Didi, a startup that’s just now beginning its own autonomous ridesharing project. In his first post-Uber interview, Miller talked to WIRED about what he learned in those 19 months at the company—namely that driverless taxis pose a security challenge that goes well beyond even those faced by the rest of the connected car industry.

Miller couldn’t talk about any of the specifics of his research at Uber; he says he moved to Didi in part because the company has allowed him to speak more openly about car hacking. But he warns that before self-driving taxis can become a reality, the vehicles’ architects will need to consider everything from the vast array of automation in driverless cars that can be remotely hijacked, to the possibility that passengers themselves could use their physical access to sabotage an unmanned vehicle.

“Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says Miller, who spent years on the NSA’s Tailored Access Operations team of elite hackers before stints at Twitter and Uber. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them…If a bad guy gets control of that, it’s going to be even worse.”

At A Computer’s Mercy

In a series of experiments starting in 2013, Miller and Valasek showed that a hacker with either wired or over-the-internet access to a vehicle—including a Toyota Prius, Ford Escape, and a Jeep Cherokee—could disable or slam on a victim’s brakes, turn the steering wheel, or, in some cases, cause unintended acceleration. But to trigger almost all those attacks, Miller and Valasek had to exploit vehicles’ existing automated features. They used the Prius’ collision avoidance system to apply its brakes, and the Jeep’s cruise control feature to accelerate it. To turn the Jeep’s steering wheel, they tricked it into thinking it was parking itself—even if it was moving at 80 miles per hour.

Their car-hacking hijinks, in other words, were limited to the few functions a vehicle’s computer controls. In a driverless car, the computer controls everything. “In an autonomous vehicle, the computer can apply the brakes and turn the steering wheel any amount, at any speed,” Miller says. “The computers are even more in charge.”

An alert driver could also override many of the attacks Miller and Valasek demonstrated on traditional cars: Tap the brakes and that cruise control acceleration immediately ceases. Even the steering wheel attacks could be easily overcome if the driver wrests control of the wheel. When the passenger isn’t in the driver’s seat—or there is no steering wheel or brake pedal—no such manual override exists. “No matter what we did in the past, the human had a chance to control the car. But if you’re sitting in the backseat, that’s a whole different story,” says Miller. “You’re totally at the mercy of the vehicle.”

Hackers Take Rides, Too

A driverless car that’s used as a taxi, Miller points out, poses even more potential problems. In that situation, every passenger has to be considered a potential threat. Security researchers have shown that merely plugging an internet-connected gadget into a car’s OBD2 port—a ubiquitous outlet under its dashboard—can offer a remote attacker an entry point into the vehicle’s most sensitive systems. (Researchers at the University of California at San Diego showed in 2015 that they could take control of a Corvette’s brakes via a common OBD2 dongle distributed by insurance companies—including one that partnered with Uber.)

“There’s going to be someone you don’t necessarily trust sitting in your car for an extended period of time,” says Miller. “The OBD2 port is something that’s pretty easy for a passenger to plug something into and then hop out, and then they have access to your vehicle’s sensitive network.”

Permanently plugging that port is illegal under federal regulations, Miller says. He suggests ridesharing companies that use driverless cars could cover it with tamper-evident tape. But even then, they might only be able to narrow down which passenger could have sabotaged a vehicle to a certain day or week. A more comprehensive fix would mean securing the vehicle’s software so that not even a malicious hacker with full physical access to its network would be able to hack it—a challenge Miller says only a few highly locked-down products like an iPhone or Chromebook can pass.

“It’s definitely a hard problem,” he says.

Deep Fixes

Miller argues that solving autonomous vehicles’ security flaws will require some fundamental changes to their security architecture. Their internet-connected computers, for instance, will need “codesigning,” a measure that ensures they only run trusted code signed with a certain cryptographic key. Today only Tesla has talked publicly about implementing that feature. Cars’ internal networks will need better internal segmentation and authentication, so that critical components don’t blindly follow commands from the OBD2 port. They need intrusion detection systems that can alert the driver—or rider—when something anomalous happens on the cars’ internal networks. (Miller and Valasek designed one such prototype.) And to prevent hackers from getting an initial, remote foothold, cars need to limit their “attack surface,” any services that might accept malicious data sent over the internet.

Complicating those fixes? Companies like Uber and Didi don’t even make the cars they use, but instead have to bolt on any added security after the fact. “They’re getting a car that already has some attack surface, some vulnerabilities, and a lot of software they don’t have any control over, and then trying to make that into something secure,” says Miller. “That’s really hard.”

That means solving autonomous vehicles’ security nightmares will require far more open conversation and cooperation among companies. That’s part of why Miller left Uber, he says: He wants the freedom to speak more openly within the industry. “I want to talk about how we’re securing cars and the scary things we see, instead of designing these things in private and hoping that we all know what we’re doing,” he says.

Car hacking, fortunately, remains largely a concern for the future: No car has yet been digitally hijacked in a documented, malicious case. But that means now’s the time to work on the problem, Miller says, before cars become more automated and make the problem far more real. “We have some time to build up these security measures and get them right before something happens,” says Miller. “And that’s why I’m doing this.”


Delphis Self Driving Car

Do you know Delphi (or Formerly Delphi Packard)? It is one of the biggest worlds automotive suppliers, just like Magna (formerly Magna Steyr).

Here is the great story that outlines, why the next five years in automotive engineering will dramatically change the whole picture, how we see cars and what will be the next big thing in automotive driving.


„Google gets most of the attention when it comes to self-driving cars. And when it isn’t getting all the love, people focus on the efforts of premier automakers like Audi and Tesla. But the autonomous vehicle that makes human driving a quaint pastime may well come from an auto industry stalwart many people have never heard of: Delphi.

Delphi is one of the world’s largest automotive suppliers and has been working with automakers almost as long as there have been automakers. And it’s got a solid history of innovation. Among other things, it built the first electric starter in 1911, the first in-dash car radio in 1936, and the first integrated radio-navi system in 1994. Now it’s built a self-driving car, but it won’t be sold to the public. This robo-car, based on an Audi, is a shopping catalog for automakers. The car is contains every element needed to build a truly autonomous system, elements Delphi will happily sell.

In other words, it’s an off-the-shelf autonomous system that could help automakers catch up with Google.

The Jump Forward

Delphi has a long history in passive safety systems—things like airbag deployment electronics—and began the progression to active safety that strive to prevent rather than merely mitigate crashes. Delphi got in the game in 1999, when Jaguar used Delphi’s radar system in the adaptive cruise control first offered on the 2000 XKE. Today, Delphi offers a range of active safety systems, from automatic emergency braking to blind spot detection to autonomous lane keeping.


Until now, those systems have operated independently of one another. Delphi wanted to make them work together. “The reality of automated driving is already here,” says John Absmeier, director of Delphi’s R&D lab in Silicon Valley. “It’s just been labeled mostly as active safety or advanced driver assistance. But really, when you take that one step further and marry it with some intelligent software, then you make automation. And you make cars that can navigate themselves.”

That marriage has come through a partnership with Ottomatika, a company spun out of Carnegie Mellon’s autonomous vehicle research efforts to commercialize its technology. Delphi provides the organs—the sensors and software for controlling the car. Ottomatika adds a central brain and nervous system—the control algorithm to bring all the data from sensors into one place and tell the car what to do. The result is Delphi’s Automated Driving System, a name so boring you’ve likely already forgotten it.

Work Like a Robot, Drive Like a Nun

The name is lame (even if the unintended acronym, DADS, is pretty funny), but at least Delphi had the sense to pack the tech into a 2014 Audi SQ5, which it chose simply because it’s “really cool,” Absmeier says. (The company changes up its showcase vehicles; earlier this year it rolled into CES with a Tesla Model S and Fiat 500.) At first glance, the car seems stock, but it’s actually covered in high-tech sensors.

A camera in the windshield looks for lane lines, road signs, and traffic lights. Delphi slapped a midrange radar, with a range of about 80 meters, on each corner. There’s another at the front and a sixth on the rear. That’s in addition to the long-range radars on the front and back, which look 180 meters ahead and behind. They’re all hidden behind the bodywork, but the LIDAR on each corner need a clear view. So Delphi put them behind acrylic windows. “We tried to make it look pretty,” Absmeier says. The Audi designer who styled the SQ5 might consider the changed look an affront, but he’s probably not as annoyed as the Lexus employee who sees Google sticking a spinning LIDAR on the roof of the RX450h like a police siren.

To give the computer command of the SUV, engineers tapped into the electronic throttle control and steering, and added an actuator to control the brakes. The interior is essentially as it appears in an Audi showroom but for the addition of an autonomous mode button, which you twist to turn on and push to turn off.


Riding in the SQ5 in autonomous mode felt like being driven around by a nun (or at least like the former nun whose car I’ve traveled in a few times). It’s super conservative, accelerating slowly and braking early. No speeding, even on the highway to match the speed of traffic. (It’s likely this was the first time I was in a car that followed the speed limit on a highway off ramp.) It doesn’t turn right on red, which subjects the test drivers to honking and the occasional middle finger from annoyed humans. These are settings Delphi’s engineers could easily change, but for now they’re playing it safe. Very safe.

The emphasis on caution aside, the car drives remarkably well, even adjusting its position within its lane when neighboring cars get a bit close. In a 30-minute that included side roads, main thoroughfares, and Highway 101, the system faltered just twice. After accelerating after a light turned green, the car hit the brakes suddenly, apparently spooked by a car approaching quickly from the right. Pulling into Delphi’s parking lot, it hit a speed bump without slowing down. (Obstacles that are close to the ground, like speed bumps and curbs, are among the hardest things for the car’s sensors to pick up, Absmeier says.) The human in the driver’s seat, Delphi systems engineer Tory Smith, took the controls just once, to make a quick lane change the car was too timid to execute. That kind of caution is what Delphi wants. “If everything’s working, it should be boring,” Absmeier says. “We want boring.”

The Modular Approach

Google is taking a “moonshot” approach, aiming to put a fully autonomous car on the market within five years. Delphi, despite having developed an impressive system, is more circumspect about the prospect of eliminating the role of humans in the operation of a motor vehicle. “There’s a lot of romantic speculation—hype—around in the industry about that now,” says Owens. “I don’t know when we’ll get there, or if we’ll ever get there.”

And while Delphi likes the idea of one day selling a drop-in autonomous system, Absmeier says that’s not really the point of this project. “The platform enables us to build out all those different components that are required to make an automated driving system in a car, and OEMs can either take the whole package or they can say I want that algorithm and that sensor and that controller, or whatever it is that they need.”

A flexible system is the smart play, Delphi CTO Jeffrey Owens says, because automakers aren’t yet sure exactly what they want to offer. “They don’t know what path they’re gonna go down. They don’t know what governments are going to require, they don’t know what governments are going to not allow. They don’t know what consumers will pay for … They don’t know what insurance companies will incentivize and what they don’t care about. They don’t know what will help them in JD Power and what will hurt them in JD Power.”

That means that whether an automaker is shopping for systems to put in a luxury or bargain car, high volume or low, to meet regulations in the US or China, it can pick and choose the elements of Delphi’s system that it needs. And that’s good for Delphi, which is already in discussions with customers to sell elements from the self-driving platform in the next two years.“