Charlie Miller: Stopping Cars Being Hacked Instead of Hacking Them

16 Oct 2019

Charlie Miller: Stopping Cars Being Hacked Instead of Hacking Them

The last day of Arm TechCon opened with Charlie Miller talking about Experiences with and Views on the Future of Driverless Cars Technology. Charlie has appeared in Breakfast Bytes before in Automotive Security: A Hacker's Eye View. He, along with Chris Valasek, are probably most famous for taking control of a Jeep while a Wired journalist was in it. They turned the radio on full-volume, turned on the windscreen washers, and eventually kllled the engine. Later, they drove it (slowly) off the road into the ditch. You've probably seen the video from 2015 when it was first revealed, but if not, here it is again:

These days Charlie works for Cruise (owned by GM) where he is a security architect. These days he is tasked with stopping this kind of thing rather than starting it.

He started with his views on the "levels" of autonomous driving. At Level 2 (and 2+), the driver is responsible. Tesla will nag you if you don't put your hands on the wheel regularly. GM has a camera that looks at your eyes to make sure you are not sitting in the back seat. For Level 3, the car controls all the elements and the driver only has to take over after emergencies.

Level 4 is what Charlie said "I have been working on." He characterizes the status as "nearly there now". Level 4 only works in certain areas since it depends on detailed maps, perhaps only in good enough weather, and so on. For the most part there is a safety driver, but Waymo had just announced the day before that some rides in Arizona will no longer have them. Level 5 is:

the Holy Grail of autonomous. Nobody is actually working on this, but this is where we eventually want to end up.

Where we are now is that Waymo has driven 4 million miles with their fleet. That means they have seen many more strange events than you will ever see in your lifetime. Uber has driven 2 million miles. Charlie's employer Cruise has driven 4 million miles. He warned that it is not just the number, it is where the miles are, too. There is a big difference between a million miles in Montana and a million miles in New York City.

Currently, self-driving cars are really expensive. You can't buy one, but if you could it would be $100-200K. The big differences are the sensor suite, especially lidar, and the computers in the trunk. Elon Musk and Tesla are famous for saying that lidar is a dead end, but Charlie says "I think it is telling that all Level 4 cars use lidar right now." However, as I wrote recently in Sensor Fusion and ADAS in TSMC Automotive Processes, a big question is whether radar is getting better faster than lidar is getting cheaper.

Above is the basic hardware setup. When I first heard of CAN I thought it stood for Car Area Network, but actually the C stands for Controller. But CAN is the network that is used in pretty much all modern cars for communication between the electronic control units (ECUs). For the self-driving technology, Ethernet is used, so there has to be a bridge, that blue box in the bottom "Eth-CAN". CAN is used to control the brakes, steering, and acceleration, so that is the network that needs to be secured. One important part of the technology, at least for now, is a display showing what the car can see. This gives the passengers confidence that everything is working correctly.

Charlie talked about the Jeep. There was an over-the-air service for the car, and that allowed them to scan and get control of the radio. However, the radio doesn't have access to things like the steering, so they had to attack another component from the radio, at which point they could control the brakes and steering. Other hacks that other security experts have talked about involved Bluetooth to the CD player, and then eventually to the brakes. Or internet to the CD player, to the Ethernet gateway, to the CAN. Charlie reminded everyone that no car has ever actually been hacked except in these research attacks.

The most worrying attacks, he said, are long-distance remote attacks that get physical control. The problem is that you can do it from anywhere, and you can attack the whole fleet at once. "We need to make sure they don't happen."

The next most worrying are short-distance remote attacks using things like Bluetooth, WiFi, or the wireless tire pressure monitoring systems that all cars have today. You have to be within something like 30 yards of the vehicle. It is localized, so at most you can attack a handful of cars.

Then there are physical attacks, through things like the diagnostic port that all cars have. This is worrisome but "we don't worry about them nearly so much since they don't scale, and they require hardware components."

There is a lot of academic research on sensor attacks, such as confusing vision processors or jamming GPS. One headline was "Jamming GPS signals is illegal, dangerous, cheap...and easy." But Charlie pointed out that we don't use GPS in self-driving cars, it is not nearly accurate enough. Very detailed maps are used instead.

There are some advantages in securing a self-driving car that you can't do in a regular car. For a start, you can't just go and buy them:

Waymo, Uber, Cruise...we own all the cars, we can track them wherever they go, and we have a lot more information about what is going on. Moreover, every night they come home to the garage, and we can update all the firmware without needing to do it over the air (OTA). We can make physical attacks harder. By law you have to have a diagnostic port, you have to be able to open the hood. But we can make it so there is no diagnostic port, and lock the hood. We take advantage of these things because we can. But that's the only bright side.

A lot of what is done in a car is the same as is done to secure a small network:

Jeep allowed inbound connections. We only allow outbound.
We store all the keys in trusted hardware.
Cars have less traffic than a regular network with people streaming video, playing games, listening to music, so attacks stand out and are much easier to detect.
There is more awareness. "I attacked that Jeep like 100 times and it never phoned home to say something weird is going on."

Charlie wrapped up by encouraging security researchers: hack more cars, publish papers, push the limits, share everything. "If one self-driving car company gets hacked, it will affect the whole industry, so we are freely sharing what we learn to make cars as secure as possible."

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.

Tags:

Breakfast Bytes Blogs

Charlie Miller: Stopping Cars Being Hacked Instead of Hacking Them