Hacking Uber’s Self-driving Car: Using the Cloud to Takeover

October 7, 2016

Ever since the iCloud hack of August 2014 we have known that our “cloud” based system of data storage is imperfect. What was commonly referred to as “Celebgate” showcased the probable fallacies of the cloud system when 500 celebrities had their personal pictures hacked and displayed for the whole world see. The scare left cloud users weary of the platform, yet the system has persevered and is now at the forefront of concerns with autonomous motor vehicles.
About a month ago, Uber used the city of Pittsburgh as its flagship metropolis to introduce the first “self-driving” Uber cars which provide a taxi like service for app users. In mid-September the first autonomous car gave a proud Steel city dweller a step into the future with a computer driven ride to her destination. Not surprisingly, the Uber company themselves noted that the primary reason for furthering this technology was the alarming safety issues surrounding conventional driving, noting that 1.3 million people are killed every year due to automobile related accidents.
The introduction has been largely successful, however; one major hole exists which the law has been surprisingly quick to jump on. At the end of last month (September 20th) the Department of Transportation released a set of federal cyber policy guidelines for automated vehicles which specifically outlines acceptable procedures for autonomous cars. All of the policy reasons listed on the DOT’s website cite safety as their primary concern behind the various regulations. An issue arose however when Chinese Cyber Security Researchers were able to hack into self-driven cars from a distance of about 12 miles, and commandeer control over both the vehicle’s locking and braking mechanisms.
Ironically, with respect to the threats faced by an autonomous car,

issues with cyber security may rival or be greater than the issues surrounding the physical aspects of the innovation.

Using the cloud to hack into a celebrity’s phone is one thing, but using the cloud to hack into a car driving itself though rush hour in downtown Pittsburgh is something else entirely. The dangers associated with this could be grave and the logical conclusions frightening, but the DOT and Uber are making positive strides to never let those scenarios see the light of day.
At this point, Uber places a safety driver in each of the self-driven cars for obvious security reasons. This person is ready to fully engage the car and take over its controlling functions subject to bad road conditions, a failure in the technology, or any circumstance deemed necessary after an ocular pat down of the situation. Uber is hopeful—and logical progression almost necessitates—that in the very near future these technological hiccups will be fixed and a secure cloud based system will replace the safety driver producing a fully self-driven car.
There is a growing number of possible solutions to the various cyber security scares which plague many of the would-be customers fearful of taking their first ride in the self-navigating Ford Fusions. Recently, various attorneys have developed a system of precautions for their clients to keep in mind when negotiating cloud agreements for their respective cyber security departments. At the vanguard of these initiatives lies the risk allocation plans in the event of a data breach. Negotiating a company to include strict indemnity and liability clauses in its service agreement could add the extra incentive needed for a more infallible cloud. Finding the ultimate balance between safety and technology is a never-ending endeavor, but one thing is certain, the future is here.