Dynamic Tesla executive Elon Musk’s risks put his ventures under enormous scrutiny.
The electric car company's technological advances make it an easy target for security buffs. Musk may be writing lessons the wider car industry will learn (once it catches up) but security researchers wonder if it is at the expense of people’s lives.
Car security expert and government advisor Tony Dyhouse has spotted more vulnerabilities in the Tesla 'S' model fleet, which uses a 'self learning' system. This follows the revelation of six major flaws over the summer, which Tesla quickly patched.
Self learning cars
The luxurious interior of the S model Tesla
The semi- autonomous Tesla 'S' cars train each other using ‘deep learning’ methods. Algorithms process the fleet’s sensor data and sends it back each car through an “always-on” wireless connection.
Using this information, the cars learn more about in-lane changing and spotting obstacles - improving day-by-day.
While computer logic is free from the irrational impulses of the human brain, it can be skewed by anomalies in the algorithm training process, Dyhouse warns.
He says: “If there is a piece of data that is abnormal during the training, the system would think it was normal...You can extend the analogy to a self-learning system with Tesla… It’s OK to do it in a routine example of driving around but it doesn’t work in exceptional circumstances - and exceptional circumstances are when road accidents happen.”
If one sensor malfunctions, it could set off a chain reaction in the Tesla driverless algorithm, he adds.
“It’s the domino effect that’s the problem. Imagine if a little malfunction goes unnoticed.”
It’s likely that Musk’s sensors are fitted with internal testing. But hardware and software is rarely foolproof.
Security firm Lookout discovered a range of flaws in the 'S' in August, allowing them to remotely open and closed windows, lock and unlock doors, raise and lower car suspension and cut its power - simply by intercepting the entertainment system.
Further, there's the fear that someone might break into the system intentionally to warp the car’s learning mechanisms, something Dyhouse says is very simple and quite difficult to detect. Ethical hackers have been taking over cars including Jeeps, to highlight how easy it is to control one remotely.
Tesla's electrical charging stations
Would fines help?
This week the US proposed a $100,000 fines for anyone that intercepted any car systems or data. This could include the driver itself, legal experts have warned.
Additionally, in the wake of driverless cars - which have a larger presence in the states than Europe, American legislation is being rewritten to address who is ultimately responsible for insurance and safety within driverless cars.
Lawmakers appear keen to take the burden of fines from car manufacturers, many of which Dyhouse said are largely ignoring security issues.
The reasoning is that car brands are just one part of the car supply chain. One vehicle is made of many components from disparate manufacturers - so securing the entire product or placing responsibility upon one company is tricky.
The UK plans to address the law surrounding semi or fully autonomous cars in 2018.
“Fines are levied in the UK” says Dyhouse “but whether they make any difference to behaviour is a different matter. They only help with the collateral damage.”
Instead, Dyhouse believes companies need to focus on ensuring that the basic lines of code are as secure as possible. Rigorous standards around encryption and the “trustworthiness” of software will ensure that all engineers and programmers are doing their best to ensure systems - particularly those for transport purposes - are secure.
Connected and driverless cars: the main vulnerabilities right now
“If a car’s embedded audio systems are only designed to process a small amount of data, but a driver imports a high-quality audio update for the car stereo, it could swamp the vehicle’s sensor readings,” says Dyhouse.
“If a car’s satnav and entertainment system share the same touch-screen, a Windows update in the entertainment system could knock out the satnav”
Over-the-air software updates
“There could be dangerous incompatibility between software updates and vehicles because embedded systems in a car can only be upgraded by visiting a mechanic-while software can be changed in in instant through ‘over-the-air’ updates.
“The embedded systems in the car are not designed for the constant flow of future software updates over its lifetime-there is no ‘software update plan’ for a car”
Software bugs due to pressure to turn systems around on the factory floor
“Many automotive software bugs are being caused by ‘race conditions’ where car-makers upgrades are reusing multiple pieces of old software for new tasks it was not designed for-creating the potential for serious accidents.
“The problem partly arises because automotive computer engineers are failing to document the constraints of the systems they are designing- so the car-makers may be unaware that their internal computers are now being stretched beyond their capacity
“The other problem is that vehicle software design is not governed by any single standard encompassing safety, reliability, availability, resilience and security.”