FIRST DRAFT

Throughout time, automobiles have transformed from complete mechanical systems in

their earliest form to now being complex computer systems that control the different mechanical

elements. With new technological innovations, however, comes a certain level of insecurity and

possible danger. Today, with the automotive market transforming faster than a consumer is able

to educate themselves, consumers should be cautious about purchasing vehicles with these

modern computer systems because research has shown that these new technologies are open to

outside dangers such as hacks or system tampering.

Hacking, whether on purpose or accidental, could be caused by anyone with

programming or hacking knowledge. While not all hacks will be malicious in intent, they could

come a wide range of sources. As explained by David Fagnant, computer hackers, disgruntled

employees, terrorist organizations, or hostile nations all have the ability to gain access to an

individual car or a fleet of automobiles and possibly cause collisions or other traffic disruptions

(Fagnant, 2013).

To better introduce the insecurity that comes with modern automobiles, look at the

research done by Charlie Miller and Chris Valasek, who remotely killed a Jeep Cherokee and

took control of some of the technological systems on the car (Greenberg, 2015). Another instance

of dangers to modern automobiles was demonstrated by Jonathan Petit, who with just forty-three

dollars and laser pointer was able to confuse and defeat an autonomous automobiles LIDAR

sensors (Muoio, 2016). These researchers demonstrated that the act of a menacing hack into a

cars systems was not difficult, which should cause concerns for consumers of similar

technologies.
 Vehicles become vulnerable when they are connected to the internet, which can include

the high-end cars that have the mobile Wi-Fi hot spots, as well as cars with basic functionalities

that include navigation or Bluetooth capabilities. Miller and Valasek proved through their testing

that the computers within these cars could be hacked remotely, and then they could laterally gain

access to more mission critical systems (Koscher, 2010). In modern cars, rather than having

mechanical connections in systems such as steering, accelerating, or braking, everything is

electronically connected in a drive-by-wire system. This type of connection creates an

opportunity for hackers to take control and steer, accelerate, and brake a car from a remote

location (Greenberg, 2015).

With drive-by-wire systems, consumers should be concerned about the safety of

connected and autonomous vehicles. As demonstrated by Miller and Valasek and their research

on the Jeep Cherokee, they were able to bring the car to a complete stop on an interstate

highway, which could cause a much larger chain of events to occur. Upon the conduction of

more research, Miller and Valasek were able to determine that with access to the braking system,

they could also disable the breaks all together, which would be devastating in stop-and-go traffic

situations.

As this connected technology has progressed, cars have become more autonomous,

meaning that there is less input required from a driver as the car relies more and more on

technology and connectivity. The present version of the autonomous vehicle technology consists

of hundreds of sensors around a car as well as cameras pointed in every direction which will

inform a car of its surroundings. However, the technology is projected to progress to a point in

which cars are able to fully communicate with one another in what is known as vehicle-to-

vehicle communication, or V2V. Cars will also have the ability to communicate with
infrastructure in a vehicle-to-infrastructure communication, or V2I. Both of these types of

communication will greatly improve the efficiency of the roadways, reduce traffic, and increase

the safety of drivers and pedestrians (Mahmassani, 2016).

Researcher Jonathan Petit also conducted research on how to intercept these types of

communications (Muoio, 2016). Petit set up sniffing stations which were able to pick up

signals that cars were sending each other or sending to infrastructure. These stations could not

only interpret what the signals were, but also locate where they were coming from. One station

that was placed in a highly populated area was able to pick up the location of a security vehicle

with seventy-eight percent accuracy.

This information creates privacy concerns for the public because drivers wont know who

has access to their location or private information. Currently, privacy rules have not been created

to protect the operators of a connected vehicle, but a consumer should be able to ask themselves

some questions. A consumer, before buying a car with connected abilities, should ask about who

will have access to the data created by their car, how said data will be made available, and how

the data will be used (Fagnant, 2013).

The potential dangers created by connected vehicles as well as the lack of privacy that

comes with any type of connectivity makes the purchase of a modern automobile a risky

endeavor. Through the history of automobiles, the biggest risk associated with driving were those

created their operators, humans. Now, with the removal of the biggest flaw of the car, bigger

concerns have risen to the surface and present problems which have not yet been addressed by

the departments and organizations whose primary purpose is to protect consumers from said

dangers. With this new technology rolling off the assembly line direct to consumers through
companies like Tesla and Uber, the government has not had time to create new regulations or

deal with the ethical issues of autonomous and connected vehicles.

Consumers, who should be educated before making any purchase, should not invest in a

product that has not yet been tested or regulated by an overarching board, which in this case is a

government association such as the National Highway Traffic Safety Administration or the

United States Department of Transportation. Today, according to the website of the Department

of Transportation, the only regulations that have been created deal with how to properly test

vehicles, which proves they are behind in the regulation of such vehicles.

Works Cited

Fagnant, Daniel J., and Kara Kockelman. Preparing a Nation for Autonomous Vehicles:

Opportunities, Barriers and Policy Recommendations. Transportation Research Part A:

Policy and Practice, vol. 77, July 2013, pp. 1415.

Koscher, Karl, et al. Experimental Security Analysis of a Modern Automobile. 2010 IEEE

Symposium on Security and Privacy, 2010.

Mahmassani, Hani S. "50th Anniversary Invited Articleautonomous Vehicles and Connected

Vehicle Systems: Flow and Operations Considerations." Transportation Science, vol. 50,

no. 4, 2016, pp. 1140-1162, http://uncc.worldcat.org/oclc/6854283062.

Muoio, Danielle. Self-Driving cars are prone to hacks - and automakers are barely talking about

it. Business Insider, 15 Dec. 2016.

Petit, Jonathan, and Steven E. Shladover. Potential Cyberattacks on Automated Vehicles. IEEE

Transactions on Intelligent Transportation Systems, Sept. 2014, pp. 111.

 SECOND DRAFT

Connected Cars and Their Various Vulnerabilities

Automobiles have transformed from complete mechanical systems in their earliest form

to now being complex computer systems that control various mechanical elements. With new

technological innovations, however, comes a certain level of insecurity and possible danger.

Today, with the automotive market transforming faster than a consumer is able to educate

themselves, consumers should be cautious about purchasing vehicles with these modern

computer systems because research has shown that these new technologies are open to outside

dangers such as hacks or system tampering. Certain dangers of car connectivity that a consumer

should educate themselves about are the vulnerabilities created by having a car that is connected

to a broad internet network, the hacking potential of intra-vehicular networks, and the openness

created by the networks shared by cars and infrastructure.

Hacking, whether on purpose or accidental, could be caused by anyone with

programming or hacking knowledge. While not all hacks will be malicious in intent, they could

come a wide range of sources. As explained by David Fagnant, computer hackers, disgruntled

employees, terrorist organizations, or hostile nations all have the ability to gain access to an

individual car or a fleet of automobiles and possibly cause collisions or other traffic disruptions

(Fagnant, 2013). This means that anyone with a computer and a grudge can harm those who

oppose them, whether that be an infamous terrorist organization targeting a nation with views

different than their own, or an employee who was just recently fired pursuing an attack on her

former boss or fellow employees. The process of hacking, through the history of computing

technology, has become easier to figure out for anyone, meaning that everybody is vulnerable to

the possibility of a hack into their automobile.

 To better introduce the insecurity that comes with modern automobiles, look at the

research done by Charlie Miller and Chris Valasek, who remotely took control of a Jeep

Cherokee and took control of some of the technological systems on the car (Greenberg). The

systems they took over included the radio, the windshield wipers, and the braking system, which

they demonstrated by bringing the Jeep to a complete stop on a busy interstate. Another instance

of dangers to modern automobiles was demonstrated by Jonathan Petit, who with just forty-three

dollars and laser pointer was able to confuse and defeat an autonomous automobiles LIDAR

sensors (Muoio). These researchers demonstrated that the act of a menacing hack into a cars

systems was not difficult, which should cause concerns for consumers of other modern cars that

contain computers with the ability to connect to a broader network.

Vehicles become vulnerable when they are connected to the internet, which can include

the high-end cars that have the mobile Wi-Fi hot spots, as well as cars with basic functionalities

that include navigation or Bluetooth capabilities. Miller and Valasek proved through their testing

that the computers within these cars could be hacked remotely, and then they could laterally gain

access to more mission critical systems (Koscher, 2010), such as the drive-by-wire systems used

in a cars ability to brake, accelerate, and steer. This type of connection creates an opportunity for

hackers to take control and steer, accelerate, and brake a car from a remote location (Greenberg).

Having a crucial automotive system be connected to a cars computers creates a much more

dangerous opportunity for hackers, who have the opportunity to create havoc on any passenger

vehicle currently on the roads.

With drive-by-wire systems, consumers should be concerned about the safety of

connected and autonomous vehicles. As demonstrated by Miller and Valasek and their research

on the Jeep Cherokee, they were able to bring the car to a complete stop on an interstate
highway, which could cause a much larger chain of events to occur. Upon the conduction of

more research, Miller and Valasek were able to determine that with access to the braking system,

they could also disable the breaks all together, which would be devastating in stop-and-go traffic

situations.

As this connected technology has progressed, cars have become more autonomous,

meaning that there is less input required from a driver as the car relies more and more on

technology and connectivity. The present version of the autonomous vehicle technology consists

of hundreds of sensors around a car as well as cameras pointed in every direction which will

inform a car of its surroundings. However, the technology is projected to progress to a point in

which cars are able to fully communicate with one another in what is known as vehicle-to-

vehicle communication, or V2V. Cars will also have the ability to communicate with

infrastructure in a vehicle-to-infrastructure communication, or V2I. Both of these types of

communication will greatly improve the efficiency of the roadways, reduce traffic, and increase

the safety of drivers and pedestrians (Mahmassani, 1140-1162). This type of connectivity creates

another form of vulnerability which reduces the amount of privacy for the driver of a passenger

vehicle.

Researcher Jonathan Petit also conducted research on how to intercept these types of

communications (Muoio). Petit set up sniffing stations which were able to pick up signals that

cars were sending each other or sending to infrastructure. These stations could not only interpret

what the signals were, but also locate where they were coming from. One station that was placed

in a highly populated area was able to pick up the location of a security vehicle with seventy-

eight percent accuracy. Today, with personal privacy becoming a hot-topic, the ability for anyone
to gain access to personal locations or other private, sensitive information should concern

potential buyers of a modern car.

This information creates privacy concerns for the public because drivers wont know who

has access to their location or private information. Currently, privacy rules have not been created

to protect the operators of a connected vehicle, but a consumer should be able to ask themselves

some questions. A consumer, before buying a car with connected abilities, should ask about who

will have access to the data created by their car, how said data will be made available, and how

the data will be used (Fagnant 14-15). For example, if a government agency such as the National

Highway Traffic Safety Administration is accessing information to improve the safety and

efficiency of the roadways, then that might be a privacy breach that could be overlooked by a

consumer. However, if the government agency is the Central Intelligence Agency or the Federal

Bureau of Investigation and their primary intent is to spy on private citizens, then the consumer

should seriously consider whether or not the purchase is worth it.

The potential dangers created by connected vehicles as well as the lack of privacy that

comes with any type of connectivity makes the purchase of a modern automobile a risky

endeavor. Through the history of automobiles, the biggest risk associated with driving were those

created their operators, humans. Now, with the removal of the biggest flaw of the car, bigger

concerns have risen to the surface and present problems which have not yet been addressed by

the departments and organizations whose primary purpose is to protect consumers from said

dangers. With this new technology rolling off the assembly line direct to consumers through

companies like Tesla and Uber, the government has not had time to create new regulations or

deal with the ethical issues of autonomous and connected vehicles.

 Consumers, who should be educated before making any purchase, should not invest in a

product that has not yet been tested or regulated by an overarching board, which in this case is a

government association such as the National Highway Traffic Safety Administration (NHTSA)

or the United States Department of Transportation. Today, according to the website of the

Department of Transportation, the only regulations that have been created deal with how to

properly test vehicles, which proves they are behind in the regulation of the connected portions

of vehicles. The NHTSA currently takes new cars through a cyber security laboratory where they

test how vulnerable or closed a cars computer systems are before they become available to the

mass-market (NHTSA).

While no regulations have been created as a result of the evolving automotive market,

solutions have been proposed that would better help consumers. Mohamed Amin and Zaid Tariq

suggested that cars be produced with an intrusion detection system, which would function

exactly as it is named, and detect and inform the passengers of the vehicle when it has been

compromised (Amin & Tariq). They also suggested multipurpose electronic control units that

would have the ability to govern all network traffic. With these two proposed solutions, the

automotive industry begins to move in the right direction to protecting passengers. In my

opinion, the industry has a long way to go before I would ever consider buying a car with these

modern advantages and conveniences. While the rate of car accidents has decreased with the help

of autonomous abilities and driver assist systems, the vulnerabilities created by connecting the

cars to a large internet network create the risk for more accidents, but this time not at the fault of

the driver.

ADD MORE THOUGHTS, INFO, SOURCES

 Works Cited

Amin, Mohamed, and Zaid Tariq. Securing the Car: How Intrusive Manufacturer-Supplier

Approaches Can Reduce Cybersecurity Vulnerabilities. Technology Innovation

Management Review, Jan. 2015.

Fagnant, Daniel J., and Kara Kockelman. Preparing a Nation for Autonomous Vehicles:

Opportunities, Barriers and Policy Recommendations. Transportation Research Part A:

Policy and Practice, vol. 77, July 2013, pp. 1415.

Koscher, Karl, et al. Experimental Security Analysis of a Modern Automobile. 2010 IEEE

Symposium on Security and Privacy, 2010.

Mahmassani, Hani S. "50th Anniversary Invited Articleautonomous Vehicles and Connected

Vehicle Systems: Flow and Operations Considerations." Transportation Science, vol. 50,

no. 4, 2016, pp. 1140-1162, http://uncc.worldcat.org/oclc/6854283062.

Muoio, Danielle. Self-Driving cars are prone to hacks - and automakers are barely talking about

it. Business Insider, 15 Dec. 2016.

National Highway Traffic Safety Administration. Vehicle Research & Testing. NHTSA, 14

Dec. 2016, www.nhtsa.gov/research-data/vehicle-research-testing. Accessed 28 Mar.

2017.

Petit, Jonathan, and Steven E. Shladover. Potential Cyberattacks on Automated Vehicles. IEEE

Transactions on Intelligent Transportation Systems, Sept. 2014, pp. 111.