Charlie Miller and Chris Valasek, who are former car hackers, now work for the company Cruise Automation, as principal security architects. Recently, at Black Hat, the two exposed the vulnerabilities that autonomous vehicles pose. In 2016, the pair performed a hack of a Jeep Cherokee while at speed and although an attack of that nature was physically defendable, a remote attack involving a self-driving car would not be. Their work for Cruise Automation is to make the return on investment so low that hackers will not even attempt to follow through with it. They are focusing on securing the tablets that act as the interface, attempting to reduce the potential for an attack. If features such as Bluetooth are not necessary, they should not be added to the vehicle. “If the vehicle needs Bluetooth, for instance, it should have as few ways as possible to take data from the outside world to the car,” Miller says. Aside from Bluetooth, a local threat, remote threats can be just as prevalent. Attacks can be carried out on remote assistance features, the listening service in its communications module, and the infotainment system. Miller and Valasek believe the biggest threat’s lie in the fact that a remote attack could result in an attacker gaining complete control of the vehicle. A positive about these cars is the fact that if a problem is detected, the vehicle can be remotely shut down or returned to its garage since the provider handles the monitoring and maintenance of their fleets.
