An article on cybersecurity in autonomous driving

There is a scene in "Fast and Furious 8" where hackers find a vulnerability in car chips and take control of cars parked on the roadside and in garages. No matter how the drivers try, they cannot control the vehicles, and all cars obey the hackers' orders to "drive automatically." When I first saw this scene, I was shocked. Although it was an artistic rendering, I couldn't help but wonder, would this scene really happen in real life?

On June 22, a NIO car rushed out of the headquarters building in Shanghai Jiading Innovation Port. According to the official response of NIO, this was an accident (not caused by the vehicle) (Related reading: NIO car rushed out of the Shanghai headquarters building, 2 test drivers died). But after reading the relevant reports of this incident, I feel that this is somewhat similar to the scene in "Fast and Furious 8". After the popularization of autonomous driving, will the scene in "Fast and Furious 8" really appear?

Self-driving cars mainly sense the traffic environment through the installation of hardware such as lidar, millimeter-wave radar, and on-board cameras, and obtain more traffic information with the support of intelligent network technology. The software system analyzes and makes decisions based on the traffic information obtained, allowing self-driving cars to complete travel tasks independently. Among them, software, as a decision-making layer, is equivalent to the human brain, and plays a very important role in whether self-driving cars can drive safely. Under the framework of self-driving, the concept of software-defined cars is also recognized by more and more people.

As the final form of automobile development, the concept of autonomous driving is becoming clearer. Therefore, more and more OEMs are paying more and more attention to the empowerment of intelligence when designing cars. In the process of publicity, they also focus on introducing advanced driver assistance systems, and even compare the intelligence of cars with the level of autonomous driving as a publicity focus to consumers. The realization of automobile intelligence relies more on the support of electronicization and informatization, so the discussion of smart car safety has gradually become a hot topic.

On January 11, 2022, a hacker from Germany tweeted that he had successfully controlled more than 25 Tesla cars in 13 countries. In short, he could remotely unlock the doors of Tesla cars, open the windows, start them keylessly, adjust the air conditioning mode and temperature, etc. This has caused people to discuss the security of smart cars again. As advanced driver assistance systems account for more and more of the weight of cars, the requirements for car software are becoming more and more important, and the importance of the network to smart cars is also increasing. Smart car network security is mainly reflected in the following aspects.

Unstable factors caused by OTA upgrades

With the popularity of OTA, car software upgrades have also gotten rid of the previous model of offline upgrades at maintenance companies. Just park the car in an environment with a good network to automatically complete the software upgrade. OTA is over-the-air download technology. The concept of car OTA upgrades was first mentioned and realized by Tesla. OTA is a technology that remotely manages mobile terminal devices and SIM card data through the air interface of mobile communications. It is a method of distributing new software, configurations, and even updating encryption keys to devices. After years of development, OTA technology has become very mature. Compared with sending the vehicle to a maintenance company for offline upgrades, the emergence of OTA has brought new possibilities to the development of automobiles and saved car owners more time.

However, with the development of OTA, car OTA upgrades have gradually become mainstream, gaining recognition from more and more new car-making forces, and becoming a touchpoint for many car owners to contact the high frequency of car intelligence, but its disadvantages have gradually become prominent. On January 29, 2019, a NIO car owner posted on WeChat Moments that when driving a NIO car to the intersection of Chang'an Avenue in Beijing, the car popped up a message that the system could be upgraded. After the driver put the car in P gear and clicked the upgrade, the car suddenly went black and could not operate normally. During the upgrade, the vehicle did not move and the windows could not be rolled down until the system upgrade was completed more than an hour later. The occurrence of this incident has raised questions about car OTA upgrades. For car owners, OTA upgrades can save time going to maintenance companies, but OTA upgrades at inappropriate times will undoubtedly bring more troubles to car owners.

The emergence of car OTA upgrades has also made smart cars become like smart phones, from a single travel tool to an intelligent device that integrates travel hardware and smart hardware. However, like smart phone OTA upgrades, car OTA upgrades also bring more uncertainties. The overall OTA architecture includes three parts: OTA cloud, OTA terminal, and OTA design object.

Since car OTA upgrades provide smart cars with upgraded installation packages through the cloud, whether in the data transmission link or the software update link, it is possible to cause damage to car functions, personal privacy, and even personal safety. Car OTA upgrades are like couriers delivering goods. There may be packet loss and replacement, which will cause car OTA upgrades to fail to download installation packages or incomplete software package downloads. Since it is mainly downloaded through the cloud, it also provides hackers with more opportunities.

The failure of car OTA upgrade is different from that of mobile phone OTA upgrade. The failure of car OTA upgrade may affect the safety of the driver and passengers. For these reasons, the OTA upgrade of many cars is more reflected in entertainment software upgrades rather than functional upgrades.

Functional safety defects caused by code promotion

The control of smart cars is different from that of traditional vehicles in that more and more functional controls are integrated into the domain controller. More operations on the car are not controlled mechanically, but through written codes. As the number of intelligent functions of cars increases, the degree of integration and complexity continues to increase, and the proportion of accidents caused by functional safety is gradually increasing. The so-called functional safety refers to the unreasonable safety risks caused by failures of the electronic control system.

The massive amount of code makes the control logic of various car functions more and more complicated, and also adds more uncertainty. Zhou Hongyi, chairman of 360 Group, said: "In the future, the indicator for measuring cars will no longer be horsepower, but computing power. In the future, each car will be a mobile computing center, and the direct consequence is that the code will increase exponentially. Today, it may be tens of millions of lines of code, and in the future, autonomous driving may require 300 million to 500 million lines of code. Any faults and loopholes may cause the car to fail. If a mobile phone or computer crashes, it can be restarted, but if a car crashes, it is a matter of life and death. If we copy the traditional ideas of solving the security of mobile phones and computers to the automotive field, it will definitely not work. A higher level of security protection is needed."

Cybersecurity risks brought by vehicle-road collaboration

With the development of smart cars, the concept of vehicle-road collaboration is recognized by more and more people. Through the cloud, information can be exchanged between vehicles, roads, people and other traffic participants. This will allow drivers and vehicles to obtain more traffic information and thus avoid hidden risks.

However, as vehicle-road collaboration becomes more popular, its risks are gradually emerging. The realization of vehicle-road collaboration requires that roadside information interaction equipment is always online and the network needs to be unobstructed at all times. When vehicle-road collaboration becomes popular, a large amount of roadside information and vehicle information will be transmitted to the cloud, which brings higher requirements for network security. If the information transmitted to the cloud is tampered with, the driver and the vehicle will obtain incorrect traffic information, which will cause incorrect judgment of the driving environment, which will bury more safety hazards.

Similar to car OTA upgrades, vehicle-road collaboration also brings more possibilities for hacker intrusion. By invading a car through vehicle-road collaboration, it is very likely that scenes similar to those in "Fast and Furious 8" will appear, making the vehicle out of control, which may cause large-scale traffic accidents and threaten social security and personal safety.

Privacy leakage caused by information collection

With the emergence of smart cars and the popularization of autonomous driving, drivers and passengers can complete entertainment and shopping needs in the car, which will bring the ultimate service experience to drivers and passengers. There is no need to consider how to choose the best driving route. They can also choose the best service provider when they have needs such as dining and watching movies in self-driving cars. Many needs will be met in self-driving vehicles, but the large amount of information collection may make information leakage possible. At that time, privacy security may become a hot topic of discussion.

The emergence of autonomous driving will undoubtedly make travel more convenient, but it will also bring hidden dangers to network security. If we don't pay attention, the scene in "Fast and Furious 8" may become real one day in the future. Therefore, while promoting the implementation of autonomous driving, it is essential to strengthen the research on network security. What do you think about the network security of autonomous driving? Welcome to follow the forefront of intelligent driving and leave a message to communicate.