Who’s Driving Your Car? Cyber Un-security in Autonomous Vehicles

By Annie Dike, Esq.
Drivers are human, prone to distraction, and make mistakes. But, as we move toward the future of cars, with autonomous vehicles being the new, innovative kid on the block, who will be liable in the event of a crash? When cars drive themselves, it can be hard to say “who” exactly is “driving” your driverless vehicle: the car maker, the self-driving software, the Cloud, or the human passenger?

Cybersecurity is going to be one of the biggest hurdles in the future of autonomous vehicles. Did you know many cars today have over 100 electronic control units (ECUs)? These electronic modules control elements from your ignition, to your Bluetooth, to your hydraulic brakes. They run on thousands of lines of code, each serving as a potential point of access for hackers. That is a massive attack surface. To further complicate matters, the manufacture of each separate component is often outsourced, meaning no one entity, not even the car maker, is in control of or familiar with the entirety of a singular vehicle’s source code.


Accessing Data


It’s entirely possible that a computer guru, living in another country, could be the one “driving” your car. Frightening? It is entirely possible and has happened already in a highly-publicized hacking of a Jeep Grand Cherokee resulting in loss of transmission and forcing Chrysler to recall 1.4 million vehicles back in 2015. While that is certainly an unfortunate financial hit, it is probably best it was done in a controlled environment as part of a research project as opposed to a real world, heavy-traffic scenario where many drivers could be seriously injured or killed. The layers of security needed to protect vehicles today, specifically autonomous vehicles, are almost mind-boggling, particularly when you throw in the necessary use of the Cloud.

To make quick decisions, driverless vehicles have to access many types of data—roadmaps, visual indicators, traffic information and more—that cannot be efficiently stored in the vehicle itself. Cue the Cloud and the cybersecurity experts. We expect cybersecurity firms and funding to grow exponentially in the coming years as multiple layers of encryption for autonomous vehicles will be needed: defensive software on the individual ECUs, firewalls for the vehicle itself, and, perhaps most importantly, protection within the Cloud to enable it to detect and correct threats before they reach the vehicle. Patents involving the security of driverless vehicles, and the litigation surrounding them, will also increase over the coming years.

To make quick decisions, driverless vehicles have to access many types of data that cannot be efficiently stored in the vehicle itself.
Tweet: To make quick decisions, driverless vehicles have to access many types of data that cannot be efficiently stored in the vehicle itself.


Supply Chain Risk Management

Another area that will likely come under stricter scrutiny will be supply chain risk management. With many components of a single vehicle being manufactured in other countries, control over the parts used and their individual security standards will be key.


While the breach will likely come via the internet, each wireless piece that is
installed and connected becomes a vulnerable point of access, allowing weak
parts to jeopardize the vehicle’s overall security architecture.

With hundreds of potential points of entry and layers of security needed to protect each one, the question of liability if a vehicle connected to the Cloud is crashed by a hacker will be almost impossible to fully dissect. Not to mention unknown hacks that do not result in a crash but, rather, in a sweeping download of all the data in your smartphone via your car’s Bluetooth. Who would be at fault then - the car manufacturer or the company in Asia that builds the tiny chip installed in your car’s stereo? Cybersecurity will be needed at every level of autonomous vehicle manufacturing and various expert types will be required for the eventual litigation.

Do you have clients in the autonomous vehicle industry? What cybersecurity issues or developments do you see trending?



Maggie Tamburro is an attorney and writer who holds a Juris Doctor from The John Marshall Law School and a Bachelor of Arts from the University of Texas. She was admitted to the Illinois Bar in 1994 and Florida Bar in 1999 and has significant experience in legal research, editing, and writing. Maggie is active her in local community, holding various publicly appointed civic board positions.

Get the best expert

Fill out the form and one of our representatives will be in touch with you shortly. Or, you can call or email us directly.