Autonomous Ridesharing – Security Concerns

The Internet of Things (IoT): thermostats, espresso machines, …Volvos? Like it or not, self-driving cars are quickly becoming a reality, with auto manufactures and tech companies alike fervently (and suddenly) working to outdo each other in this field. This new division of technology creates unique challenges guaranteed to plague us all. And with companies racing to release self-driving rideshare vehicles, an entirely new set of concerns emerge.

In order to keep up with competition, traditional vehicle manufacturing companies are shifting their focus towards the production of autonomous vehicles. And with that shift comes responsibilities that extend beyond physical safety.

The introduction of autonomous ridesharing requires lateral thinking on behalf of security professionals, for as long as the cybersecurity industry has existed, research has primarily been focused on stationary devices. While modern security concerns concentrate on the loss of data, autonomous vehicle security shifts to a loss of life. Furthermore, new elements arise when we introduce moving vehicles accessed daily by anyone with a ridesharing app on their phone. After all, solely considering traditional security risks could result in something critical being overlooked.

In addition, manufactures of self-driving cars are buzzing about vehicle-to-vehicle (V2V) communication. V2V allows autonomous cars to communicate with each other in order to improve both the ride experience and rider safety. For example, if an autonomous vehicle encounters something blocking a roadway, it can alert others so they can be prepared. However, as the number of connected autonomous vehicles increases, the attack surface also expands. If this connected network were to get into the hands of a hacker, terrorist, or a rival nation state, cities could be brought to a standstill, or worse, an entire fleet of cars could be turned into weapons.

And what about ransomware? Could a rider entering an autonomous ridesharing vehicle after a malicious user, face a dangerous situation in a car that has been reprogrammed to run red lights or one that refuses to unlock until they pay a ransom? While these sequences of events seem like something out of a science fiction movie, it’s not impossible to consider this might become a reality. No online system can ever be 100% secure, and if even the thought of a vulnerability exists, it will inevitably be exploited.

So what is to stop an attacker from manipulating settings internally or externally on ridesharing vehicles? Will they be programmed to react to or report tampering? While it is impossible to expect the security industry to keep up with the risks, threats, and vulnerabilities it faces on a daily basis, this obligation greatly increases when lives are at stake. Hiring the top security professionals in the industry should be on the forefront of the minds of autonomous auto manufacturers.

Lucky for Uber, they quickly hired the two security professionals responsible for last summer’s memorable remote Jeep Cherokee hack. Perhaps insight such as this will give them an advantage against attackers looking to disrupt this industry—or maybe not. Self-driving cars may be an entirely different beast. Only time will tell.

Learn More:
https://www.researchgate.net/publication/266780575_Potential_Cyberattacks_on_Automated_Vehicles