Charlie Miller claims thieves can hack self-driving cars remotely

Posted Nov 14, 2016 by Claudio Buttice
During the ARM TechCon event in Santa Clara, Calif, Charlie Miller, a known security engineer at Uber, claims that next-generation thieves can steal an AI-driven driverless car remotely by hacking its software.
A Toyota Prius modified to operate as a Google self-driving car.
A Toyota Prius modified to operate as a Google self-driving car.
Steve Jurvetson
Self-driving cars are one of the most anticipated technological advances of the last decade. Nothing will make us feel like we're living in a futuristic world like the one we saw in Scott's famous Blade Runner movie, than driverless cars controlled by their own artificial intelligence. However, Uber's famous security expert Charlie Miller advised car manufacturers to not underestimate the potential safety issues of their new driving software.
The idea that a software-controlled machine could be “possessed” by a group of hackers is not a remote fear or the synopsis of a sci-fi thriller. Just a few weeks ago, on October 21, a devastating cyberattack that took the form of a distributed denial of service attack (DDoS) temporarily shut down some of the largest websites and services on the Internet such as Twitter, Paypal, Amazon and Netflix. A few days later, it was discovered that the hackers targeted a significant amount of webcams manufactured by a Chinese company as well as many other “Internet of Things” devices. Global security experts raised the alarm since many of the most common digital devices used today by millions of users such as routers, webcams and even the best gaming monitors, often lack adequate security systems to prevent hackers from accessing them. Due to various inherent basic security errors that make them vulnerable, the devices could be co-opted into a network made up of millions of hacked devices called the “Mirai” botnet. This malicious software is a malware that can control a computer system and enlist it into a large army of remotely controlled bots used in DDoS attacks. Once the attack command is sent, the sheer amount of devices is so vast that they could literally flood any target service with way more traffic than anyone could cope with.
But how hard is to hack a car's computer system? Miller and his colleague Chris Valasek already proved that this feat was actually possible even without a full self-driving platform to control the vehicle. They started back in 2011 by simply controlling a car's windshield wipers and brakes by accessing its electronic systems, and took the nex step in 2014 by hacking a Cherokee Jeep. After the manufacturers recalled 1.4 million vehicles from the market, Miller and his friend compromised that same car's network again by hacking its OnStar security system with a Sprint smartphone. Just like laptops and desktop PCs, any digital device attached to the main system may represent a potential vulnerability, especially those that a user may opt to install or add later. Eventually, the various companies will find a solution to the various exploit and fix them, but as Miller said, it's often much simpler and cheaper to hire a security engineer before bad things happen.