The hunt for security flaws in self-driving cars steps up a gear Posted on : Jan 29 - 2020

To deploy connected cars to the roads, developers need to make sure that vehicles are safe from cyberattacks. And the challenge is still great.

Last week, seven projects in the UK dedicated to developing tools that will improve cybersecurity in self-driving vehicles received a grand total of £1.2 million ($1.56 million), or about £171,500 ($222,847) each, to boost their research – a sum partly funded by the government's Centre for Connected and Autonomous Vehicles (CCAV).

Speaking at a conference in London, the deputy head at CCAV Catherine Lovell pointed to the recent investment as an example of the government's renewed efforts to deliver on the UK's vision for the future of mobility: to have roads populated by connected, autonomous and reliable vehicles – and, crucially, vehicles that are safe from the growing threat of cyberattacks.

"When we talk about safety," she told ZDNet, "we need to think about the new types of risks involved as well. Cyberattacks caused by vulnerabilities or unreliability are part of security as a whole, and are a key priority for us."

The cyber risk that comes with connecting cars to the internet has long been identified as a threat that shouldn't be underestimated. From remote hacking to disabling or controlling a vehicle, to the risk of companies or nation states surveying our every move, cyberattacks on autonomous cars could have disastrous consequences.

As early as 2015, researchers figured out that they could compromise a connected-car system to remotely control a Jeep and send it off the road. That was just before car hackers, the following year, managed to take control of the car's brakes. Then researchers found that bugs in some vehicle systems would let them disable security features, and in some cases access the vehicle's location and user information.

A recent study from consulting firm Zenzic, in fact, showed that cyber resilience would be the most significant technical challenge that needs to be solved if the UK is to successfully deploy self-driving cars on roads by 2030.

For all these reasons, a few years ago, the UK government published a set of guidelines for car manufacturers, designed to ensure cybersecurity standards in the automotive sector. They included recommendations ranging from how to store and transmit data, to the need to create resilient systems that would respond appropriately in the case of sensor failure.

Those guidelines are also part of the government's latest code of practice for autonomous vehicle trialling, which states that manufacturers are responsible for managing "data security" as well as "the risk of unauthorised data access". View More