Over-the-air Software Updates Raise Autonomous Vehicle Safety Concerns

In order to provide a greater degree of functionality as well as safety, cars with even the most basic of autonomous functions would need to have regular software updates. Each time engineers identified a potential issue, there’s a high probability that they would have to push out new code in order to reduce the risk of said issue actually happening while out on the road. This is especially true of the very few real world use cases where totally driverless motor vehicles are actually permitted to operate without an extremely careful level of overwatch.

Since they need to install these safety updates extremely quickly, automakers are already starting to rely on over-the-air update systems. These have been rolled out in large numbers even for traditional cars, which still need more code than ever to control not only their motor functions but also all of the onboard entertainment options that are baked into modern automobiles. Ironically, cybersecurity researchers are warning that there’s a possibility bad actors could hijack these update processes and turn them over to some remote command and control center, which would then have a healthy amount of control over a car.

Updates are a necessary part of life to plug software holes that could act as an attack vector, so it becomes extremely concerning when these updates become an attack vector in their own right. Firms that use robotics for agricultural processes have already started to see this kind of issue become a serious problem. Once someone circumvents the trust of a system, they suddenly have the power to do whatever they would like with it and can therefore interrupt workflows.

When those workflows play out on a real-life highway, however, they can quickly become deadly.

Ensuring Trust in an Update Chain

Seizing control of the actual functioning of an internal combustion engine is surprisingly easy, assuming that said engine is hooked up to a car that receives over-the-air updates over something akin to a 5G cellular network. Engine control units and modules can be compromised simply by intercepting the codes that are used to identify a legitimate update. Once an organization has access to these, they could theoretically execute whatever arbitrary code that they want to.

This could include suddenly causing the automobile’s engine to cease firing, which could be a serious issue while at highway speeds. Even the most conventional of automobiles are filled with various components that could theoretically be networked, which allows the potential for this kind of an attack to flourish even in areas that have strict bans against autonomous technology.

Regardless of the status of a vehicle, it’s likely to have at least some connection between these components as long as there’s some form of in-vehicle wireless connection. One proposal has been to use blockchain-based ledgers to ensure trust between every single link in the chain. Assuming that the security system leaves an updated record in the cryptographic ledger each time it’s done, this would almost be foul-proof. However, there are still problems with this approach owing to the fact that many cryptographic hashing functions have already been broken.

Failed Cryptographic Functions as a Threat Vector

Ronald Rivest‘s famous and innovative MD5 function was unfortunately broken as early as 2008, but there are still a large amount of secure systems that rely on it. This is due in part to the fact that the reference implementation, Unix’s md5sum, is a core utility for GNU/Linux distros and therefore it’s easy for programmers to deploy in their own applications. That’s why it’s so commonly seen as a hashing function for things like login credentials in spite of its relative age.

Developers who continue to pick out these kinds of failed algorithms for inclusion in their software could be adding unforeseen holes in them whether they’re aware of the fact that said hashing functions have been retired or not. Automakers are often under a fair amount of pressure to get vehicles to market, which has unfortunately helped to spur on the adaptation of hashing functions that are tested and mature in spite of the fact that they may no longer be advisable for usage.

Semiconductor industry shortages are only serving to make this problem that much worse.

How a Lack of Semiconductors Encourages a Lack of Security

Over-the-air updates have to be checked out by at least some hashing function in order to ensure that they were issued by the authorities who claimed to send them out. The function selected is probably picked more for performance than anything else. As chip shortages worsen, automakers are likely to opt for hashing functions that can reasonably run on weaker hardware.

General Motors has already elected to cease production of Bolt electric vehicles until the middle of October. This is due to the aforementioned lack of chips. Assuming that vehicles are to be put back into production, it’s likely that weaker off the shelf semiconductor platforms would have to be adopted.

Most of the hashing work is currently done in silicon, but generic chips would probably have to accomplish the same job through an emulation layer. Cybersecurity experts have, nonetheless, come up with some interesting ways to alleviate this issue.

Employing an Outside Security Monitor

It’s important to have an outside auditor in any situation where identity theft impacts the very individuals who are supposed to be trusted. Such an agency would essentially serve as a neutral party and, therefore, quickly find whenever someone had seized control of credentials that didn’t belong to them.

Experts are still concerned that there’s a risk that such an auditor could become compromised in certain situations, but it never hurts to have a second pair of eyes. This is the concept behind open source development, for instance. The large numbers of people all working on a single project together make it far more likely that said project will ship free of bugs.

It doesn’t seem like anyone in the industry is a dedicated automotive security advisor at the moment. That is likely to change as more automakers seek to get their systems squared away in preparation for greater adoption of the technologies they’re marketing. In fact, it might even be looked at as a major business opportunity by some organizations that seek to provide for under-served market segments.