Self-driving Cars: Just another IoT thing waiting to be hacked

The “S” in IoT stands for “Security.”

This from one of the guys who used to work for Uber trying to make sure they won’t be hacked. Charlie Miller on Why Self-Driving Cars Are So Hard to Secure From Hackers | WIRED

A couple of years ago these 2 guys showed how using only a cars internet connection, you could hack the car. Apply the brakes. Speed up. Turn the wheel. All by making use of existing controls in the car: Automated parking,
or collision avoidance or cruise control.

In a series of experiments starting in 2013, Miller and Valasek showed that a hacker with either wired or over-the-internet access to a vehicle—including a Toyota Prius, Ford Escape, and a Jeep Cherokee—could disable or slam on a victim’s brakes, turn the steering wheel, or, in some cases, cause unintended acceleration.

Because the car makers are really interested in offering cool features, but less interested in securing the vehicles against hackers.

Driverless cars – as Uber is hoping to field – are another problem because someone you don’t particularly trust is going to have access to the physical vehicle for an extended period. What shenanigans can they get up to? It turns out a lot. All they have to do is plug something into the On-board Diagnostics port (OBD2)

A driverless car that’s used as a taxi, Miller points out, poses even more potential problems. In that situation, every passenger has to be considered a potential threat. Security researchers have shown that merely plugging an internet-connected gadget into a car’s OBD2 port—a ubiquitous outlet under its dashboard—can offer a remote attacker an entry point into the vehicle’s most sensitive systems. (Researchers at the University of California at San Diego showed in 2015 that they could take control of a Corvette’s brakes via a common OBD2 dongle distributed by insurance companies—including one that partnered with Uber.)

“There’s going to be someone you don’t necessarily trust sitting in your car for an extended period of time,” says Miller. “The OBD2 port is something that’s pretty easy for a passenger to plug something into and then hop out, and then they have access to your vehicle’s sensitive network.”