Cars Get Smarter and So Do Hackers.
Cars are getting smarter and there are plans to make them even smarter in the very neat future. Maybe smart is the wrong word but cars of the future will be connected to the internet and to each other, passing information back and forth.
All of this is to provide a safer, better consumer experience right? True but with every innovation there are new challenges. The challenge for connected vehicles is cyber security. How can we ensure ease of communications and connection without leaving ourselves open to hackers? It is possible in a world of interconnected cars that someone could take over the control of the vehicle or steal personal data on the driver and driving habits. In Australia this has become the topic of experts and academics.
How Australia acts today will determine the security and safety of driverless cars, autonomous vehicles and intelligent transport systems in the future, with Queensland University of Technology (QUT) academics warning there is a risk of in-vehicle cyber attack without appropriate safeguards.
QUT information security expert Dr Ernest Foo presented his paper at the 2015 Australasian Road Safety Conference titled Security Issues for Future Intelligent Transport Systems, highlighting the need to protect the future smart car.
The three-day conference was hosted by QUT’s Centre for Accident, Research & Road Safety – Queensland (CARRS-Q) on the Gold Coast.
“When talking about the car of the future we are talking about connected vehicles, vehicles that exchange information to facilitate warnings and improve on-road safety,” Dr Foo said.
The connection could be as simple as alerting a driver of an impending crash or as complex as allowing driverless cars on our roads.
For vehicles to connect there needs to be a secure system to allow the safe transfer of information.
Public key infrastructure is a security system that is already used to facilitate the safe transfer of information such as banking details.
Without a secure system there is the potential for vehicles to receive misinformation or more critically for car hackers to maliciously take control of a vehicle.
Dr Foo said public key infrastructure was a combination of hardware, software, people, policies and procedures to create, manage, distribute, use, store and revoke digital certificates that supply public key encryption.
He said to date Australia had no guidelines to control public key infrastructure for intelligent transport systems.
“While the US and Europe have developed public key infrastructure guidelines, our research has found these guidelines have limitations when used in safety-critical vehicle environments,” he said.
The sheer amount of vehicles to be connected poses safety concerns, along with privacy, security and scalability under different traffic scenarios.
Dr Foo said public acceptance of connected and autonomous vehicles would depend on appropriate levels of security, and users’ trust in a new intelligent transport system was crucial.
“The proposed systems in the US and Europe are too complex and pose potential risks for security and privacy flaws,” he said.
What we need to be doing in Australia is developing a system that offers an acceptable level of privacy, security and autonomy, while being flexible enough to work effectively in a complex environment.
About the Research
The 2015 Australasian Road Safety Conference is the result of a successful merger of Australasia’s two premier road safety conferences: the Australasian College of Road Safety Conference, and the Australasian Road Safety Research, Policing and Education Conference.