In March 2014, more than 100 vehicles on a highway in the US state of Colorado collided during a heavy snowstorm. One woman died and 30 people were hospitalised.
Disastrous pile-ups such as these might seem to be an inevitable, if rare, part of driving.
But these types of accidents could in fact be “pretty easy to avoid”, said Christof Paar, a professor specialising in embedded security at Ruhr University Bochum in Germany, if cars were able to broadcast their location and speed to nearby vehicles.
Then, if you’re approaching another vehicle that’s not moving or has suddenly slowed down, your car could warn you with loud sounds or flashing lights.
What’s known as “vehicle-to-vehicle communication” already exists, and has been tested in the field with promising results. A spokesperson for the US’ National Highway Traffic Safety Administration (NHTSA) told Al Jazeera that in the coming weeks, after it publishes a report of its findings on issues related to vehicle-to-vehicle communication, it will start working on a regulatory proposal to require the technology in new vehicles – though no start date has been decided upon.
Humans are often distracted, clumsy or intoxicated behind the wheel. Car crashes claim the lives of more than 30,000 Americans every year, and a recent NHTSA report found that road accidents cost the country $871bn annually.
… depends on drivers responding to the warnings in appropriate ways.”]
Allowing vehicles to share information in real time will enable them to “‘see’ all automobiles around them, sense the possibility of a crash, and warn drivers to avoid the crash”, said the US Department of Transportation’s “Fast Lane” blog. The technology has the potential to reduce accidents by 80 percent, regulators estimate.
Congestion could be improved, too: If cars could communicate with stop lights, for instance, the flow of traffic could be streamlined.
“For a long time in automobile safety, we really focused on what we call passive safety,” such as airbags and seat belts, said Mike Shulman, the technical leader for Ford Research and Innovation. The next big step, he said, are “active safety” measures such as vehicle-to-vehicle communication, which could prevent many accidents from occurring in the first place.
“The level of benefit depends on making sure everybody is equipped, and it depends on drivers responding to the warnings in appropriate ways.”
Saving lives is nothing to scoff at. But such a system would have to ensure that communications between vehicles are secure and immune to hacking.
Fifty years ago, almost all automobiles were completely mechanical, with virtually no software components. But today, cars are gradually becoming “computers on wheels” – with a significant portion of their cost coming from the electronics that support automatic transmission, airbags and a slew of other functions.
That’s made cars more powerful – but also more vulnerable, leading some experts to warn about the possibility of “car hacking”, in which an attacker takes control of a car’s functions by gaining access to its computer systems.
Researchers have already proven this to be possible. Last year, Chris Valasek, director of security intelligence at US-based security firm IOActive, and Charlie Miller, a security expert at Twitter, took full control of a Toyota Prius and a Ford Escape by plugging in a laptop to a diagnostics portal in the vehicles, allowing them to brake and steer.
Although to the best of his knowledge, no car-hacking attacks have occurred in the real world, Valasek said it is possible to “control a car both locally … and remotely over things like Bluetooth, if you find a vulnerability”.
The concern is significant enough that NHTSA opened a new office last year to deal with vehicular cyber-crimes.
‘Potential for security risk’
A fleet of cars continually transmitting data to one another could make vehicles more susceptible to such attacks.
“The way I look at things, as someone who breaks stuff for a living, is that if you add more remote entry points – whether it’s adding WiFi to the car, or car-to-car communications or car-to-infrastructure communications … there’s a potential for security risk when adding these new technologies,” Valasek said.
We don't think enough is being done for cyber-security on cars.
Some auto safety advocates say regulators should do more to address the issue. “We’ve expressed our concern to NHTSA already that there’s some potential for hacking of the electronic systems that are in cars today,” said Clarence Ditlow, the executive director of the Washington, DC-based Center for Auto Safety.
“And if you have a more advanced system using vehicle-to-vehicle [communications], then there’s probably an even bigger issue for cyber-security. We don’t think enough is being done for cyber-security on cars,” said Ditlow, adding he believes NHTSA lacks the sufficient research budget, electronics engineers and computer systems experts to meet the challenge.
For its part, NHTSA said in a statement to Al Jazeera that it does have sufficient resources and expertise, and the security solution envisioned for vehicle-to-vehicle communication is “based on a public key infrastructure security architecture” that is “the same solution employed by the US Department of Defense, as well as leading commercial enterprises to handle their most sensitive and critical communications”.
While acknowledging security concerns exist, Paar said the automotive industry has made “major efforts in securing these signals” to ensure that, for instance, “people are not sitting on the side of [the highway] with a laptop and sending out these fake GPS locations and everybody slams on the brakes … The industry’s doing its job, at least in Europe and the US”.
Not everyone agrees. “In terms of the security of the systems, automakers are still just barely getting their sea legs,” said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. “They are years behind computer and mobile device engineers in terms of security. Cars have not been exposed to a particularly complex threat environment until now, but vehicle-to-vehicle communication will change all that. I’d expect to see a series of major security vulnerabilities before the car companies begin taking security seriously.”
Security’s not the only worry – especially since news broke last year of the US National Security Agency’s mass data-gathering programmes.
Ford’s global vice president for marketing caused a brief uproar in January when he told an electronics trade show that the car company “ha[s] a GPS sensor in your car, we know where you are, and we know how fast you’re going”. He retracted his comments the next day, saying they were hypothetical, but privacy advocates remain unsettled by the possibility that information about one’s geographic location could be collected.
|Vehicle-to-vehicle communication systems have raised concerns among privacy advocates [AP]|
As currently envisioned, the data transmitted in vehicle-to-vehicle communications systems would only be beamed out to a radius of a few hundred metres, said Paar. But it would be technically feasible for devices communicating with these vehicles to store this data.
“If a ‘smart corridor’ was watching vehicle-to-vehicle communications in order to shape traffic, which is something that is being talked about, [and] if that system was also recording unique vehicle IDs … then all of a sudden we’ve got a map of people’s locations,” said Cardozo.
The US Department of Transportation has stressed there are no plans to monitor vehicle-to-vehicle communications, and NHTSA told Al Jazeera in a statement “the [vehicle-to-vehicle] system will not broadcast, collect or store personal information or location, speed or other data linked to individual drivers or their cars”.
Cardozo argued, though, that “even if there’s no ‘vehicle ID’ per se, in many of the current proposals there are still radio IDs – the functional equivalent of MAC addresses in WiFi – that are easily trackable”.
Yet Ford’s Shulman said privacy advocates have no need to be alarmed. “The messages themselves [sent by vehicles] don’t really have any personally identifiable information … it can’t be used for tracking or anything like that.”
“There’s people out there that just react to this when they hear this and say, ‘Oh, the government’s going to mandate that I put this thing in my car that’s going to broadcast my position.'”
But, he added: “When we put people in the car and we put them in a scenario when someone runs a red light … and you get this warning and hit the brakes and avoid the crash, most people say yeah, that’s something I want in my car.”
Follow Sam Bollier on Twitter: @SamBollier