Cyberattacks on connected cars could gridlock entire cities

Credit to Author: Lisa Vaas| Date: Wed, 31 Jul 2019 10:40:34 +0000

Thanks a whole bunch, Internet of Things (IoT): you’ve already brought us autonomous vehicles and other connected cars that can be turned into steel/glass/combustible whirling dervishes, as in, Jeep Cherokees that can be paralyzed by remote attackers 10 miles away and whose steering wheels could be spun 90 degrees while the car was zooming down the highway at 60 mph.

Crazy Tilt-a-Whirls that they were, those were one-off, proof-of-concept attacks on individual cars, pulled off by renowned automobile/security researchers Charlie Miller and Chris Valasek.

But what about if hackers pulled a coordinated, distributed attack? As in, a denial-of-service (DoS) attack where multiple cars were strategically zombified, such that they gummed up a crucial intersection?

Start thinking about it now, said physicists at Georgia Institute of Technology and Multiscale Systems Inc., an R&D firm specializing in advanced materials and cyber-physical systems. Internet-connected cars could be used to gridlock whole cities, the researchers said after calculating just how many hacked, stalled vehicles it would take.

From a writeup of their research that was published in Science Daily on Monday:

In the year 2026, at rush hour, your self-driving car abruptly shuts down right where it blocks traffic. You climb out to see gridlock down every street in view, then a news alert on your watch tells you that hackers have paralyzed all Manhattan traffic by randomly stranding internet-connected cars.

According to the researchers’ simulations, all it would take to freeze traffic solid in a city like Manhattan is to strand 20% of all cars. Here’s David Yanni, a graduate research assistant working in the lab of Peter Yunker, co-leader of the study and assistant professor in Georgia Tech’s School of Physics:

Randomly stalling 20% of cars during rush hour would mean total traffic freeze. At 20 percent, the city has been broken up into small islands, where you may be able to inch around a few blocks, but no one would be able to move across town.

Those numbers are conservative, given that not all cars on the road need to be connected. If 40% of all cars on a city’s road were connected, attackers would just have to hack half of them to get a city gridlocked.

The researchers’ paper, titled Cyberphysical risks of hacked internet-connected vehicles, was published in Physical Review E yesterday.

They relied on coffee to get their results. Percolation, to be precise. The researchers developed what they call an “analytic percolation-based model to rapidly assess road conditions given the density of disabled vehicles and apply it to study the street network of Manhattan” to reveal how vulnerable the city would be to such a “cyberphysical” attack.

This is not surprising: Yunker’s done fascinating work with the spread of coffee particles, which are round and which create, as we all probably know, round coffee rings when you dribble them. Here’s a mesmerizing video of microscopic particles moving in a drop as they migrate to the outer edges to form a coffee ring as the drop dries… a video that also shows the clumps those particles form all over the droplet surface if you elongate the particles so that they look, well, like itty bitty cars, jamming up Manhattan.

The gridlock wouldn’t have to be complete in order to create serious, life-threatening scenarios. For example, hacking 10% of all cars at rush hour would enable traffic to keep crawling, but emergency vehicles couldn’t get through.

Yes, these are complicated calculations, but the percolation-based method is a reasonable start in analysing how such an attack would impact cities, say the researchers:

While a comprehensive investigation of city-scale traffic around hacked vehicles is an extremely complicated problem, we find that the statistical physics of percolation can provide an estimate of the number of vehicles that critically disrupts citywide traffic flow.

http://feeds.feedburner.com/NakedSecurity

Leave a Reply