While we have plenty to celebrate in averting the possible end of the world with the Iran nuclear agreement and the Sun giving us a few cold decades to slow down climate change, one deadly scenario, driverless cars, continues to creep up on human society. Taking away control of the road from humans should make it safer for everyone. For most people it is easy to imagine a world where there is no road rage (since presumably computers will never get mad at each other), no drunk, drugged, or fatigued drivers, a world where cars politely let each other merge and use less fuel as an automated traffic control system lets them weave in and out at constant speed without needing to brake or accelerate. Anyone who has ever driven in parts of Europe where staying on the proper side of the road and crossing on green are considered optional would appreciate this concept of driverless traffic. Even here in the San Francisco Bay Area where people are much more polite than in DC area or New England, we still get plenty of drivers who change lanes without looking. In theory, driverless cars would make this a safer world if not for that big elephant in the room, car security. We keep touting our technological achievements and connecting every type of device to the Internet without pausing to consider the sinister aspects.
Here is why enabling driverless cars is a catastrophe waiting to happen:
- Offensive security is easier to implement than defensive
- Software bugs
- Human error/laziness
As much as people want to believe in the safety of our electronic devices we can never be 100% protected. There is no solution out there that will protect you, no firewall, no intrusion detection/prevention system, no anti-virus/anti-malware program. All we can do as security professionals is to try to make it harder for the attacker by combining different layers, but our protection can never be full-proof. Defenders have to be right every single time while an attacker has to succeed only once. Our network devices are built upon thousands of other programs and every single one of them has to be designed and implemented with security in mind to be full-proof and even then there could be workarounds the original designers had never anticipated. "A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense." We may be able to infiltrate impossible networks and bring down nuclear reactors with the Stuxnet virus, but we cannot protect ourselves, as seen with the recent OPM hack.
For cars to be secure we must assume car manufacturers will test all their systems and eliminate all bugs from their design and code. If you think successful companies do this well, just look at the Apple Maps launch disaster or even the occasional Google Maps and Waze bugs. We have already seen plenty of security issues with cars and they are not even driverless yet, from a virus that affected a Formula One sports car, to Tesla Model S security issues, to the biggest of them all, the complete security blunder of the Fiat Chrysler fleet where hackers could take full control of their 1.4M vehicles. The more technology is added to cars the more chances of something not working correctly and then that something will get exploited by for-profit hacking companies like the Hacking Team, who could then offer such zero-day exploits to the highest bidder, like Al-Qaeda or Islamic State.
Even if car companies patch such security holes right away, it would still require drivers to bring vehicles to their dealerships to get patched, and this is where human carelessness comes in. We are all lazy. No one wants to take time off of work or play time with kids to sit in a dealership for some software bug upgrade. Of the 1.4 million people, whose Jeeps got hacked, how many do you think have gotten this fixed already? If previous security incidents are any indication, less than half would bother with the fix as the biggest security vulnerability to date has shown us, where close to half of Heartbleed-vulnerable servers remained unpatched for months. This would leave us with 700,000 remotely controlled killing machines waiting for the right hacker to strike.
So what can we do?
We can learn how to drive stick shift and switch to older car models without all those techie bells and whistles in hopes that simpler cars like simpler phones can make a comeback. We can also ask for federal mandates to good design practices for car manufacturers so that critical systems are never connected to Internet-facing components like entertainment systems and on-board Wi-Fi. If there are different layers of control and no direct communication between them it will be harder for attackers to breach them just like having separate houses that share no common walls as opposed to one big house with a shared walkway to all rooms. Unfortunately, driverless cars will always need to connect to the Internet for directions so they will always be susceptible. Which leaves us with the last option, taking manual control of the vehicle the way Arnold does in Total Recall...