The connected car promises to improve our travel experience and create new markets and businesses, but it will go nowhere if no one trusts it.
No matter how great the potential to improve our lives, connected vehicles will have to be considered virtually foolproof before the market is viable. There are already people in places like and who are using autonomous ride-sharing services, but it is unclear whether the wider populace will trust the technology enough for the market to flourish quickly.
One way criminals can disrupt trust in connected vehicles is by hacking traffic lights. According to a 2014 study, many existing traffic lights are already connected to the Internet, and many of those connected traffic lights allow hackers to control the lights, according to a 2014 report.
In fact, many of the radio connections that link the traffic lights together are unencrypted and use default logins. This could allow a thief to create a path by turning some lights green or a criminal to create disruption by making the lights change rapidly.
Red light, green light
Different countries are experimenting with giving vehicles more information about traffic lights. For instance, in the U.S., Frisco, Nevada is giving certain vehicles access to information about when the traffic lights are going to change. Singapore is giving its citizens more control over the lights by giving them cards that allow them more time to cross the road (see the video below) and the Dutch have an app called “crosswalk,” which help the elderly cross the road. While all of these steps can improve the general welfare, they threaten to make the system more vulnerable to cyber attacks.
Road signs represent another target for hackers even when they are not connected to the Internet. A criminal could print pictures and/or add stickers to stop signs so cars misinterpret them as speed limit signs and they can use the same trick to make cars think turn right signs were stop signs. In fact, if you use tape to write “LOVE HATE” on a Stop sign, current connected car technology will misclassify the sign 66.67 percent of the time.
Luckily, the researchers discovered this works only if the hacker knows what algorithm the car’s vision system uses to understand which signs they are seeing. Companies can also solve this problem by adding sensors to signs, which can make it easier for cars to recognize the signs even when they are defaced or it is raining, or snowing. However, it will take years to add sensors to all of these signs, and even then there is the risk the signs’ sensors could be altered or spoofed.
Putting signs in context
There are ways around this problem as well, such as making sure the autonomous vehicle software takes context into consideration. For instance, context would let a vehicle know there are no stop signs on highways. Mapping programs can include signage information in their programs to help connected vehicles recognize if it is detecting a false road sign. We need to ensure the vehicles, the signage, and the traffic lights are secure from hacking, as well as the connections that bind it all together.
Most people are aware that connected vehicles have computers, but many are not cognizant that they are also connected to the Internet, and thus require access to technologies such as Wi-Fi and 4G LTE. Even if the connected vehicle will not need access to those particular technologies, their descendants will have to be secure.
The KRACK vulnerability, which makes it possible for hackers to read and steal data through flaws in some Wi-Fi security protocols, demonstrates that we need to secure our networks at the most basic level, not just at the level of the cars and the computers they contain.
A group of European academics showed how several classes of attacks against fourth-generation “Long Term Evolution” (LTE) mobile communications networks can either locate LTE devices or deny LTE devices access to network services altogether. We are lucky that academic white hats are discovering these flaws so they can be fixed before criminals can use them.
Similarly a group of Chinese researchers found a vulnerability and demonstrated how people can use a 4G vulnerability to listen in to peoples’ phone calls. A different Chinese group showed how black hats can use fake LTE towers to downgrade a phone’s LTE connection to a 3G connection and finally to the far more vulnerable 2G connection. If it is possible to downgrade networks into less powerful forms, it will be more difficult to secure a vehicle’s cyber security environment. To build trust in the connected car, we need to not just make our cars and our signs secure, we need to secure the networks as well.
Building trust is nothing new
We need to remember that no device is born in a vacuum. If early car manufacturers had not been able to convince the public that cars are safe and dependable, our roads would still be populated by horse-drawn carriages and bicycles. Building trust in the connected vehicle market is much more complicated than the challenges faced by innovators such as Ford, Daimler and others, because it also requires trust in the infrastructure and the robustness of its cyber security measures.
[ Related: Why Autonomous Motorcycles are Destined for the Road ]
The market will develop more slowly if people do not trust the connected vehicles to tell the difference between a truck and the sky, or a stop sign and a speed limit sign. In our modern world, the public is not the only entity that has to be convinced that connected technology is safe. Insurance companies have the power to influence the market by refusing to insure connected vehicles.
Many states in the U.S. such as Massachusetts require vehicles to be insured. The success of the self-driving ride-sharing services in cities such as Pittsburgh and Singapore will reflect in part how much the public trusts autonomous vehicles to drive them and therefore may signal how quickly the market will grow.