Autonomous vehicles (AV) are becoming mainstream in our society. Globally there’s an ongoing development and testing of autonomous vehicles in several countries, setting the stage for widespread adoption of self-driving cars.

It is projected that, by 2025, there will be 8 million autonomous or semi-autonomous vehicles on the road, and by 2030, more than 18 million. The estimated autonomous vehicle market is $54 billion, with an anticipated tenfold increase over the next 5–7 years.

When it comes to safety on the roads, autonomous vehicles can play a significant role in saving lives and preventing injury. Human error is the cause of 94% of serious crashes. By removing the “human factor” in driving, autonomous vehicles may have huge safety benefits. Overall, the emergence of autonomous vehicles presents an exciting and promising future.

However, the high level of interconnectivity and technical complexity of autonomous vehicles exposes them to numerous potential threats. These vehicles share sensitive data to help improve traffic conditions and increase safety. All these attributes make autonomous vehicles extremely attractive targets for cyber-attacks.

Autonomous Vehicles Briefly Explained

Autonomous vehicles are a complex combination of sensors, algorithms, automotive systems, infrastructure, and high-speed communications seamlessly interacting to make decisions in milliseconds to navigate the car from point A to point B safely.

SAE International (Society of Automotive Engineers) defines six levels of driving automation. The US Department of Transportation has also adopted these SAE levels. Below are brief descriptions of each level.

  • Level 0 – No automation; all major systems are human-controlled.
  • Level 1 – Includes automated systems, such as cruise control or automatic braking.
  • Level 2 – Partial driving automation, but human intervention is still needed.
  • Level 3 – Conditional automation and environmental detection; human override still necessary.
  • Level 4 – Officially driverless vehicles. Can operate in self-driving mode in limited areas and speeds, but legislative and infrastructure limitations restrict full adoption of these vehicles.
  • Level 5 – Full vehicle autonomy; no legislative or infrastructure restrictions limitations and no human interaction required. Testing of fully autonomous vehicles is currently ongoing in several markets globally; however, none are currently available for the public yet.

There are various designs for autonomous vehicles, but the most common components normally include advanced software enabling artificial intelligence, navigation systems, advanced driver assistance system (ADAS) sensors, cameras, radar, and LIDAR (Light Detection and Ranging). Additional supporting infrastructure includes:

  • Wi-Fi networks.
  • Roadside computing units.
  • Vehicular cloud services.
  • Dedicated short-range communications (DSRC).
  • Vehicle-to-vehicle (V2V).
  • Vehicle-to-infrastructure (V2I).
  • Other vehicle-to-everything (V2X) systems.

The AI systems of an autonomous vehicle are working non-stop to recognise traffic signs and road markings, to detect vehicles, estimate their speed, to plan the path ahead. Apart from unintentional threats, such as sudden malfunctions, these systems are vulnerable to intentional attacks that have the specific aim to interfere with the AI system and to disrupt safety-critical functions.

A malicious actor can potentially exploit numerous vulnerable points to cause misdeeds. Gaining access to even the most mundane control unit, such as the entertainment system, will enable a hacker to pretty much access any part of the vehicle. To raise awareness, security researchers have conducted demonstrations to show how vulnerable autonomous vehicles are:

  • 2015 – Ethical hackers demonstrated how they could hack a 2014 Jeep Cherokee (Level 2 vehicle) to control it from their homes remotely. Furthermore, they discovered over 2500 other vehicles contained the same vulnerability.
  • 2017 and 2018 – Researchers hacked into several different Tesla models.
  • 2019 – An anonymous hacker cracked over 7,000 iTrack accounts and over 20,000 Protrack accounts to track commercial fleets via GPS. This enabled the hacker to track vehicles in several different countries, shut down the engines, and access user information.
  • 2019 – Ethical hackers accessed a Tesla Model 3 computer in only a few minutes by hacking into the vehicle’s onboard entertainment system browser.
  • 2020– The same researchers that hacked the Tesla vehicles successfully installed malicious code in a Lexus NX300.

Like other connected devices on a network, some of the common attack vectors of autonomous vehicles include man-in-the-middle (MitM), side-channel, denial-of-service (DoS), unauthorized software modifications, and compromised privacy, among other threats. A well thought-out end-to-end approach to cybersecurity is necessary due to the complexity of the autonomous vehicle ecosystem and people’s safety concerns.

This systematic validation of AI models and data is essential to ensure that the vehicle always behaves correctly when faced with unexpected situations or malicious attacks.  The Autonomy Association is partnered with regional cyber security companies in Phoenix and NASA to leverage research outcomes from the ASU smart city efforts to publish recommendations to cities around the world.  Assured autonomy is the key to wide scale release of these systems in society and the goal to provide secure outcomes using the Phoenix Arizona region is helping to achieve this goal for the world.

The autonomous vehicle industry should embrace a security by design approach for the development and deployment of AI functionalities, where cybersecurity becomes the central element of digital design from the beginning. Autonomy Association open source platforms will be an important tool to enable civic preparedness that reinforces security inci­dent response capabilities to handle emerging cy­bersecurity issues.  Autonomy Association is partnered with Phoenix based Arizona State University to research how to secure mobile edge compute, smart city sensor mesh, and to improve the security posture of autonomous vehicles.