Are Driver-less and Interconnected Vehicles Safe from Malicious Hacking?

Are Driver-less and Interconnected Vehicles Safe from Malicious Hacking?

By Xenon Solutions team:  1834 hrs. GMT, 26th January 2021.

It was reported, and we quote, that “ Fluoroacetate, a team of “White Hat” hackers participated in the Pwn2Own 2019 hacking competition in Vancouver, Canada organized by Zero Day Initiative. The team members, Amat Cama and Richard Zhu, managed to hack into the infotainment system of a Tesla Model 3 which has connected car capabilities.

 The car was hacked through its browser and displayed a message on its infotainment system.  This demonstration showed that the team members were capable of placing an executable file in the cars’ computer system and thus be able to manipulate some of its functions at will.  A Tesla spokesperson stated then that the company would be releasing a software update in the coming days to address the issue” [1].

“Periodic software updates from the developers improve the cyber-security capabilities as code design weaknesses are discovered through testing and from the successes of hackers to infiltrate the same. 

Recently, a pop-up message to download an update came onto the screens of companies and government staff using a software called SolarWinds. Thousands of staff members downloaded the app.

Unfortunately, SolarWinds did not know that their companys’ software update had been hacked and a secret code embedded in the same for activation at a later stage.

This secrete code stayed dormant for some time in computers. It activated itself after a few weeks inside many computer networks in governments and other organizations in the Middle East, Europe, Asia and North America. 

The undetected malicious code then let its agents/developers that it was in place through a signal via the internet. From then onwards, the agents were able to copy vast amounts of communication data between companies and governments.

The treasury, commerce departments and national intelligence agencies were hacked in some countries. 

Private organizations and governments are now hastily trying to limit the damage caused by this hack, first by disabling SolarWinds products in their systems.

This cleaning up process and installing safety measures to safeguard against similar attacks in future may take many years to be completed” [2]

Some people have hitherto thought that there are institutions in government that are impenetrable due to their robust systems.

We ask, is there any a remote possibility of developing cybersecurity features that cannot be hacked?

“The expansion of “The Internet of Things will greatly increase the number of devices and applications that need to be protected. These include smart houses, a host of smart devices like doorbells, vending machines, CCTV cameras, printers, power plants, industrial machinery, etc.

As 5G connectivity rises, these devices will be spread over bigger geographical areas and hence complicate the problem.

Some scientists are highly spirited about the benefits AI will have in improving cybersecurity and, with an equal measure, other scientists are appalled by the sheer difficulty of shielding oneself completely when malicious hackers also use AI” [3].

In 2019, it was reported that “a scientist in Scotland helped to develop the world’s first encryption system that is ‘unbreakable’ by hackers

A new chip stores data as light which is then scrambled differently every single time information is sent onwards.

They said that a global team, including scientists from the University of St Andrews, had achieved “perfect secrecy” by creating a chip that effectively generates a one-time-only key every time data is sent through it.

They concluded that “the new technique is absolutely unbreakable” “[4].

We ask again, is this really possible?

Agencies and banks have been worrying about the problem of encrypted information being easily accessible in the future when the prevailing issues with quantum computers are solved. 

Further, in 2017 it was reported that “China has successfully sent ‘hack-proof’ messages from a satellite to Earth for the first time.”

“The Micius satellite beamed messages to two mountain-top receiving stations 645 km (400 miles) and 1,200 km away. The messages were protected by exploiting quantum physics, which says any attempt to eavesdrop on it would make detectable changes.

Optics on the Chinese satellite protect messages with entangled photons - sub-atomic particles of light manipulated so that some of their key properties are dependent on each other.

Laws of the quantum realm dictate that any attempt to measure these key properties irrevocably changes them. By encoding a key to encrypt data using entangled photons, it becomes possible to send messages, confident that they have reached the recipient free of interference.

Ground-based encryption systems have a maximum distance of 200 km over which messages can be sent securely because the fiber-optic cables through which they travel gradually weaken the signals.

Repeater stations can boost distances but that introduces weak points that attackers target to scoop up messages.

Using satellites avoids some limitations that ground-based systems introduce into quantum communication.

Data transmission rates possible with satellites are about 20 orders of magnitude more efficient than fiber-optic cables, Jianwei Pan, lead scientist on the Chinese project commented” [5].

We ask yet again, why do human beings always postulate that they have reached the pinnacle of a particular technology and that no one will ever improve on it since it has no inherent weaknesses? Is there a possibility that scientists in decades to come will make comments like “those guys back then thought that they had scratched the surface of physics when they discovered the quantum phenomena”? Do we have the capability, as human beings, to discover fully and control all aspects of, say, atoms and such like? 

How many times do we need this premise to be proved false for us to believe that there is nothing technological made by human beings that can be foolproof? Isn’t there always an inherent weakness in such “robust” systems at the data/code entry point before transmission that can always be compromised?

We are happy that all this research is going on and hope that driver-less cars will reduce the carnage we witness on the roads every day but let us not delude ourselves that these systems of interconnected vehicles will be completely safe.  

As stated above in relation to the recent hack, it will be all too easy to decide which type of malicious executable files will commence their work after infiltrating particular vehicles, or of a host of vehicles, at any one single instant.

We welcome comments on the views expressed in this article.

 

References;

[1].         https://eandt.theiet.org/content/articles/2019/03/security-researchers-hack-and-take-home-tesla-model-3/

https://www.forbes.com/sites/daveywinder/2019/11/10/samsung-galaxy-s10-hacked-twice/#28e632405bd7

           [2].         https://www.geekwire.com/2020/hacked-hacked-heres-hack-scale-better-understand-solarwinds-cyberattacks/

https://www.bleepingcomputer.com/news/security/solarwinds-releases-updated-advisory-for-new-supernova-malware/

 https://www.forbes.com/sites/louiscolumbus/2021/12/27/dissecting-the-solarwinds-hack-for-greater-insights-with-a-cybersecurity-evangelist/?sh=2a12cb4123ec

https://www.cnn.com/2020/12/16/politics/us-government-agencies-hack-uncertainty/index.html

           https://www.bbc.co.uk/news/technology-55318815

          https://www.bbc.co.uk/news/world-us-canada-55265442

         [3].         https://www.forbes.com/sites/louiscolumbus/2019/11/24/10-predictions-how-ai-will-improve-cybersecurity-in-2020/#68e5d7686dd7

           

         [4].         https://www.independent.co.uk/news/uk/home-news/quantum-computing-hackers-unbreakable-encryption-communications-a9256401.html

         [5].         http://www.bbc.com/news/technology-40885723

Comments

frconor@gmail.com 5 months ago

v interesting, thx

The Email address and the Nation/Country/State will not be published. Required fields are marked as *


Michael 5 months ago

There is very little published in the media about the safety of such vehicles from hacking!

The Email address and the Nation/Country/State will not be published. Required fields are marked as *


Marty 5 months ago

A hacker could actually be driving your self-drive car. Let that sink in ;-)

The Email address and the Nation/Country/State will not be published. Required fields are marked as *


sadihabana 5 months ago

Excellent article! Brings to mind the statement that any system can be hacked. Software development especially in IoT needs to be in tandem with IT security; just like you can't build a secure house without study doors and grills on windows. A suggestion is to make the code open source so that the community can be actively involved in ensuring code security. Compromization of self-driving cars can have far reaching ramifications and should not be taken lightly!

The Email address and the Nation/Country/State will not be published. Required fields are marked as *


Add a comment The Email address and the Nation/Country/State will not be published. Required fields are marked as *