Autonomous Vehicle Vulnerabilities

Version	Summary	Created by	Modification	Content Size	Created at	Operation
1		Aristeidis Karras	--	1669	2023-08-17 14:41:37	\|
2	format correct	Wendy Huang	Meta information modification	1669	2023-08-18 05:43:34	\|

This entry is adapted from the peer-reviewed paper 10.3390/jcp3030025

Autonomous vehicles (AVs), defined as vehicles capable of navigation and decision-making independent of human intervention, represent a revolutionary advancement in transportation technology. These vehicles operate by synthesizing an array of sophisticated technologies, including sensors, cameras, GPS, radar, light imaging detection and ranging (LiDAR), and advanced computing systems. These components work in concert to accurately perceive the vehicle’s environment, ensuring the capacity to make optimal decisions in real time. At the heart of AV functionality lies the ability to facilitate intercommunication between vehicles and with critical road infrastructure—a characteristic that, while central to their efficacy, also renders them susceptible to cyber threats. The potential infiltration of these communication channels poses a severe threat, enabling the possibility of personal information theft or the introduction of malicious software that could compromise vehicle safety.

autonomous vehicles vulnerabilities attack vectors hardware onboard diagnostic engine control unit

1. Introduction

The advent of autonomous vehicles (AVs) represents an important progression toward the development of intelligent transportation systems. This development prepares the way for the emergence of brand-new opportunities to improve mobility, environmental sustainability, and other related sectors of transportation. As a result of the development and progression of this technology, a rising focus has been placed on fully autonomous vehicles, also known as FAVs. FAVs represent the most advanced form of vehicular automation. In terms of the Society of Automotive Engineers (SAE) categorization, full autonomy corresponds to level 5, which denotes complete driving automation. Vehicles at this level are engineered to handle all aspects of dynamic driving tasks under all conditions. They are capable of independently operating, even when faced with challenging road and climatic circumstances. The onus of safe operation under every driving condition is entirely on the vehicle’s systems, requiring no human intervention. These vehicles have been developed to be capable of handling all parts of dynamic driving activities on their own, even when faced with difficult road and climatic circumstances. The utilization of accurate, trustworthy, and dependable sensor technologies is essential to their functioning. A conceptual representation of the functional architecture of these FAVs can be viewed in Figure 1.

Figure 1. Autonomous vehicle overview.

Autonomous vehicles, despite their potential to revolutionize transportation, are not immune to the growing complexity of cyber threats due to their dependence on advanced digital technologies ^[1]. Potential hackers may exploit these cyber vulnerabilities, creating a threat to the safety and privacy of individuals, regardless of whether they are motivated by malicious goals or simple curiosity ^[1]. Detailed analyses of these cyber threats can be discovered on informative platforms such as HackerNoon ^[2].

The following sections highlight some of the prominent attack vectors that could potentially compromise the integrity of autonomous vehicles:

Key fob hacking: Remote vehicle access and ignition made possible by key fob technology can be compromised. By using devices to strengthen the signal transmitted by a vehicle’s key transponder, hackers can gain unauthorized entry and even remotely start the vehicle ^[3].
Control area network (CAN) bus attacks: The CAN bus, which operates as the electrical network that connects the various electronic control units (ECUs) within a vehicle, is an attractive target for hackers. By exploiting vulnerabilities in the CAN bus, hackers can take control of fundamental vehicle functions such as braking and steering ^[3].
Entertainment system hacking: Given its connection to the CAN bus, a vehicle’s entertainment system can provide a back door for hackers, which, once breached, could potentially grant a hacker full control over the vehicle’s systems ^[3].
Adversarial machine learning techniques: Autonomous vehicles rely heavily on machine learning algorithms to interpret sensor data and make operational decisions. By employing adversarial machine learning techniques, such as evasion or poisoning attacks, hackers can manipulate sensor data, causing the vehicle to make faulty and potentially hazardous decisions ^[4].
User data theft: Considering the plethora of user data stored in autonomous vehicles, these vehicles become prime targets for cyber criminals. A hacked vehicle can lead to significant privacy violations and impose safety risks to the driver and others on the road.
Remote vehicle hijacking: In a potentially dangerous scenario, hackers might gain remote control of a self-driving car, causing passengers to experience difficulty.
Denial-of-service (DoS) attacks: The launching of DoS attacks against the vehicle’s systems could lead to system shutdown or failure.

The extensive range of potential attack vectors underscores the imperative to enhance cyber security measures in autonomous vehicles. A compromised vehicle becomes a significant threat to all road users, necessitating immediate rectification of these vulnerabilities for public safety ^[1]. To fully understand the scope of these vulnerabilities, it is necessary to delve into the hardware aspects, specifically focusing on critical components such as the onboard diagnostic port (OBD) and the engine control unit (ECU).

2. Hardware Vulnerabilities: Onboard Diagnostic Port (OBD)

The onboard diagnostic (OBD) port, a critical component in modern vehicles, provides a critical gateway to gathering diagnostic information. These vital data include an array of performance metrics and potential system faults, which the port communicates directly to the electronic control unit (ECU) via the controller area network (CAN) bus. Typically, the OBD port interface is a compact device akin to a standard USB drive, usually situated beneath the dashboard near the driver’s seat. This interface can be connected to external computational devices, either via physical tethering or wireless connectivity, facilitating bidirectional data transfer between the vehicle’s ECU and the connected device.

This communication system can have various applications. For example, it can be used to orchestrate cars as discussed in ^[5] or to analyze the effects of an onboard unit on the driving behavior of cars in connected vehicle flow, as detailed in ^[6]. With the emergence of advanced technologies, the OBD port can also be leveraged for more sophisticated tasks, such as suppressing selfish node attack motivation in vehicular ad hoc networks through deep reinforcement learning and blockchain, as proposed in ^[7], or assessing the trust level of a driverless car using deep learning techniques, as investigated by ^[8]. These innovative applications highlight the critical role of the OBD port in enhancing the functionality and safety of autonomous vehicles.

Zhang et al. ^[9], in their work, illustrated the vulnerabilities inherent in this system by successfully breaching multiple automobile models through the OBD port. The potential consequences of such breaches are severe, extending to remote control of the vehicles, highlighting the urgent need for robust security measures within OBD port systems.

Once an external device is linked to the OBD, it gains the ability to send and receive data to and from the vehicle’s ECUs. Such an open connection can be exploited to introduce malicious payloads into vehicle networks. This threat was further underscored by W. Yan’s research ^[10], which demonstrated the feasibility of manipulating data packets to initiate such attacks. In addition to posing a direct threat to vehicle operations, such vulnerabilities also carry potential ramifications for intellectual property theft. Criminal organizations could leverage these security gaps to steal proprietary information relating to suppliers’ and original equipment manufacturers’ (OEM) production processes. This not only enables the production of counterfeit parts but also breaches driver privacy by exposing sensitive information such as driving habits.

In response to these threats, countermeasures have been proposed by various researchers. Yadav et al. ^[11] introduced a defense mechanism that combines the seed key protocol with a two-way authentication method and a timer method. This approach seeks to enhance security by making the seed and key values more difficult to decrypt. Likewise, Oka and Larson ^[12] proposed the use of cryptographic techniques to authenticate messages on the CAN, thus limiting the transmission of unauthorized data.

However, despite these efforts, a comprehensive and foolproof solution to secure OBD port systems remains elusive. This area of research is still in its first steps and requires further in-depth investigation. This is particularly true in the context of emotionally intelligent autonomous vehicles, where ensuring the security of the OBD port system is fundamental to maintaining the operational integrity of these vehicles and protecting the privacy of their users.

3. Hardware Vulnerabilities: Engine Control Unit (ECU)

The engine control unit (ECU) plays a vital role in the orchestration of a vehicle’s functionalities, acting as the central processing entity for a range of control functions within an automotive system. By interpreting, analyzing, and managing a myriad of electronic signals, the ECU oversees critical operational aspects of vehicles, including fundamental features such as the core braking system.

Various studies have underscored the vulnerability of ECUs to sophisticated infiltration strategies. The work of Vallance ^[13] is particularly instructive, revealing how intruders can exploit the onboard digital audio broadcasting radio as an entry point to gain unauthorized access to ECUs. Upon breaching this boundary, malicious attackers have the capacity to manipulate the CAN (controller area network), a critical communication highway that interconnects different vehicular subsystems. Such disruptions can have profound implications, potentially compromising the core functionalities of the vehicle and thereby posing significant safety risks.

The potential gravity of such security breaches is further underscored by the observations of Checkoway et al. ^[14]. Their findings indicate that the security measures currently implemented in ECUs are often insufficient in thwarting attempts at unauthorized firmware access or modification. Given that firmware alterations have the potential to completely reprogram a vehicle’s behavior, this vulnerability is of significant concern in the context of public safety. However, their research is not only diagnostic but also offers a path toward remediation. They propose the adoption of an asymmetric cryptographic framework rooted in the use of public–private key pairings. This approach helps to ensure that any firmware introduced to the system originates from a verified and trusted source. In this way, the risk of unauthorized firmware modifications can be considerably mitigated, helping to safeguard against malicious intent.

Despite this, guaranteeing the robustness of ECU security is a difficult task, given the complexity and evolution of cyber security threats. Not only is the scope of possible infiltration techniques a challenge, but so is the depth of possible exploits once access has been gained. The discovery of these latent vulnerabilities requires exhaustive testing and evaluation, utilizing both proven cryptographic techniques and emergent cyber security methodologies.

References

Can Driverless Vehicles Be Hacked? Available online: https://www.hlmlawfirm.com/blog/can-driverless-vehicles-be-hacked/ (accessed on 19 July 2023).
HackerNoon. Available online: https://hackernoon.com/how-to-hack-self-driving-cars-vulnerabilities-in-autonomous-vehicles-jh3r37cz (accessed on 19 July 2023).
Algarni, A.; Thayananthan, V. Autonomous Vehicles: The Cybersecurity Vulnerabilities and Countermeasures for Big Data Communication. Symmetry 2022, 14, 2494.
Kumar, K.N.; Vishnu, C.; Mitra, R.; Mohan, C.K. Black-box adversarial attacks in autonomous vehicle technology. In Proceedings of the 2020 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), Washington, DC, USA, 13–15 October 2020; pp. 1–7.
Santa, J.; Bernal-Escobedo, L.; Sanchez-Iborra, R. On-board unit to connect personal mobility vehicles to the IoT. Procedia Comput. Sci. 2020, 175, 173–180.
Chang, X.; Li, H.; Rong, J.; Huang, Z.; Chen, X.; Zhang, Y. Effects of on-board unit on driving behavior in connected vehicle traffic flow. J. Adv. Transp. 2019, 2019, 1–12.
Zhang, B.; Wang, X.; Xie, R.; Li, C.; Zhang, H.; Jiang, F. A reputation mechanism based Deep Reinforcement Learning and blockchain to suppress selfish node attack motivation in Vehicular Ad-Hoc Network. Future Gener. Comput. Syst. 2023, 139, 17–28.
Karmakar, G.; Chowdhury, A.; Das, R.; Kamruzzaman, J.; Islam, S. Assessing trust level of a driverless car using deep learning. IEEE Trans. Intell. Transp. Syst. 2021, 22, 4457–4466.
Zhang, Y.; Ge, B.; Li, X.; Shi, B.; Li, B. Controlling a Car Through OBD Injection. In Proceedings of the 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), Beijing, China, 25–27 June 2016; pp. 26–29.
Yan, W. A two-year survey on security challenges in automotive threat landscape. In Proceedings of the 2015 International Conference on Connected Vehicles and Expo (ICCVE), Shenzhen, China, 19–23 October 2015; pp. 185–189.
Yadav, A.; Bose, G.; Bhange, R.; Kapoor, K. Security, Vulnerability and Protection of Vehicular On-board Diagnostics. Int. J. Secur. Its Appl. 2016, 10, 405–422.
Oka, D.K.; Larson, U.E. Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks. Int. J. Digit. Crime Forensics 2009, 2, 28–41.
Vallance, C. Car Hack Uses Digital-Radio Broadcasts to Seize Control. 22 July 2015. Available online: www.bbc.com/news/technology-33622298 (accessed on 23 July 2023).
Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; Savage, S.; Koscher, K.; Czeskis, A.; Roesner, F.; Kohno, T. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security, San Francisco, CA, USA, 8–12 August 2011.

© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.

Upload a video for this entry

Information

Subjects: Transportation Science & Technology

Contributors MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to https://encyclopedia.pub/register :

Anastasios Giannaros

Aristeidis Karras

Leonidas Theodorakopoulos

Christos Karras

Panagiotis Kranias

Nikolaos Schizas

Gerasimos Kalogeratos

Dimitrios Tsolis

View Times: 359

Update Date: 18 Aug 2023

Table of Contents

Video Upload Options

Confirm

1. Introduction

2. Hardware Vulnerabilities: Onboard Diagnostic Port (OBD)

3. Hardware Vulnerabilities: Engine Control Unit (ECU)

References