3D Imaging System in Driver-less Cars Can Be Hacked

google-driverless-car1

The laser navigation system and sensors of driverless cars can be easily exploited by hackers as they can trick them into getting paralyzed thinking about a probable collision with another person, car or hurdle.

Lidar 3D Imaging System is vulnerable to hack attacks. It is a system used by autonomous vehicles to create an image of the surroundings and navigate through the roads. However, research reveals that a cheap low-power laser attack lets hackers trick this system into thinking that something is blocking their way and forcing the vehicle to slow down, stop and/or take elusive action.

Driverless-Car-hack

The University of Cork’s Computer Security Group’s former researcher Jonathan Petit identified this vulnerability of the well-known laser powered navigation system while trying to discover the cyber vulnerabilities of self-directed vehicles.

Petit’s research will be presented at the Black Hat Europe security conference that is due in November this year. He explained that the combo of a pulse generator and a low-power laser let him record encrypted or non-coded laser pulses emitting from the high-profile Lidar system.

These pulses can later be replicated with a laser to produce fake objects that can easily trick a driverless car into thinking that there is an obstacle present at the front.

While speaking to IEEE Spectrum, Petit stated:

“I can take echoes of a fake car and put them at any location I want. And I can do the same with a pedestrian or a wall. I can spoof thousands of objects and basically carry out a denial-of-service attack on the tracking system so it’s not able to track real objects.”

He further added that the primary basis of the vulnerability lies in the fact that some driverless cars have poor quality input systems. This means such cars can make wrong decisions if these are fed incorrect data of surrounding environment and/or the road.

“If a self-driving car has poor inputs, it will make poor driving decisions,” said Petit.

However, one wonders that Lunar laser ranging technology is the most expensive and technically advanced one that is currently available in the market, then how can these commit mistakes?

In response to this, Petit says that autonomous cars can be hacked easily and cheaply as

“You can easily do it with a Raspberry Pi or an Arduino. It’s really off the shelf.”

The research reveals that driverless cars are not fully reliable and have inherent security related issues regardless of the fact that the technology has been cleared after being tested on UK roads.

We can comprehend that excessive insertion of connected technology into vehicles nowadays is making our cars prone to risks and threats from hackers.

History of vulnerability in vehicles: 

In this Black Hat USA 2015 session, two security researchers namely Charles Millerand Chris Valasek will gave a presentation about their discoveries related to the security vulnerability they found in the on-board infotainment system of all the vehicles manufactured by Fiat Chrysler Automobiles, leaving more than 470,000 vehicles vulnerable to these similar hacking attempts.

Using this vulnerability, both of these hackers managed to remotely take control over the vehicle, which allowed them to manipulate the vehicle’s brakes, acceleration, entertainment system and what not.

Another hacker demonstrated how hackers could locate, unlock and start GM cars with a hacked mobile app and how to hack Corvette with a text message.

During the same the DefCon and BlackHat security conferences researchers also exposed how hackers could easily exploit the vulnerabilities found within the Megamos Crypto to start the vehicle without any key, and the vulnerability could be exploited within 60 minutes!

 

 

 

Credit: 

Car Hacking | Report reveals security flaw in immobilizers

Over 100 models at risk from wireless attacks; study was hidden for two years

A security flaw in Volkswagen, Volvo and Fiat cars could allow hackers to remotely start and steal vehicles without having a key, a report has revealed.

The report, titled ‘Dismantling Megamos Crypto: Wirelessly Lock-picking a Vehicle Immobilizer’, was recently released after a Volkswagen court injunction blocking its publication was lifted after two years.

Cars are only supposed to start if the key is present in the car. But the report says anti-theft systems on some models can be hacked – allowing the car to be simply driven away.

Report authors Roel Verdult, Flavio Garcia and Baris Ege wrote: “We were able to recover the key and start the engine with a transponder-emulating device. Executing this attack from beginning to end takes only 30 minutes.”

The hackers were able to eavesdrop on the signals sent between the cars’ immobilizers and their keys.

Cars from Porsche, Ferrari, Audi, Bentley, Lamborghini and Alfa Romeo are among those that use the same transponders that the experts hacked.

Car hacking: could it happen to you?

The researchers are calling for their findings to be taken into account by car companies that use radio-frequency identification (RFID) technology, so necessary security measures can be put in place. But unlike a recent security flaw discovered on the Tesla Model S, the latest security risk cannot be fixed by a simple software upgrade.

The researchers who uncovered the flaw believe their findings should be made public and used as an incentive for car manufacturers to increase their cyber-security efforts.

The manufacturers, on the other hand, prefer to keep the discussion under wraps.

Volkswagen Group of America, along with 12 other car manufacturers, is lobbying for car technology to fall under the protection of the Digital Millennium Copyright Act in the US. If successful in its efforts, research of this nature would become illegal.

In a statement, Volkswagen said: “In this connection, Volkswagen does not make available information that might enable unauthorized individuals to gain access to its vehicles.

“In all aspects of vehicle security, be this mechanical or electronic, Volkswagen goes to great lengths to ensure the security and integrity of its products against external malicious attack.”

 

You can download the full report here

 

 

Credit: Simon Davis