Securing driverless taxis is going to be really, really hard


#1

Originally published at: http://boingboing.net/2017/04/12/uber-for-carjacking.html


#2

People could do some crazy things with a botnet of cars.


#3

I don’t suppose anyone else recalls that anime series based on the premise that in the not-too-distant future, when driverless vehicles run amok, our last line of defense will be hot people driving exotic sports cars? It was rather terrible. But my, how prescient.


#4

someone will post this eventually, so…might as well get it out of the way:


#5

Every security expert I’ve ever talked to has said this.

“Taxi, take me to the chop shop.”


#6

#7

Yes. Open standards development and cooperation are not capitalism’s strong suits…


#8
To start with, self-driving cabs will be -- by definition -- fully computerized

That seems to be what we are going with, but not really by definition. I could imagine a self-driving car powered by biotech (shades of Bruce Sterling’s old Shaper/Mechanic stories)


#9

considering how well we handle the “Internet of Things”, this is not a surprise to me.

Time to move to the wilderness with a LONG network cable.


#10

The passenger is effectively The User, and striving to secure a computer from its user sounds like a terrible idea.

That’s the same model you complain about with regards to phones, appliances, and game consoles.


#11

Xda-developers.com will branch out to having forums for all the car brands.

Who can root my 2024 Fnord Pinto?


#12

And destined to be exactly as effective as efforts to secure phones, appliances and game consoles.

The difference being that when someone jailbreaks their phone they already paid for the phone. When someone jailbreaks a driverless taxi, they can make off with the car. That makes running driverless taxis seem like a doomed business.


#13

Or, I would say, that it dooms an already moribund model of property and ownership - which sounds like a good thing.

(YMMV, of course. I am not trying to inflame those who may feel invested in the status quo.)


#14

Two notes. It took me surprisingly long to figure out that codesigning was code-signing rather than co-designing.
And of course any security that is used to prevent riders from accessing the systems will also be used to prevent owners from doing so. I half suspect that self driving vehicles will be so DRMed that they are never sold, simply available for lease.


#15

How dare the self-driving car company force car owners into using a walled garden! Everyone should be free to hack their self-driving car! This war on general purpose computing must stop!

Ahem. Self-driving cars (which we probably won’t get anytime soon, but don’t tell Uber that) are just one of MANY kinds of computing devices that you want to be totally locked down and restricted. General purpose computers have their place, but so do computing appliances. Pity Cory’s ideological blinders prevent him from realizing this.


#16

This might veer off topic (like a hijacked taxi!), but even if we got away from private property into some sort of collective ownership, that still doesn’t solve the problem of theft. It just changes whom the car is being stolen from. Until you’ve solved scarcity, the pinch of poverty is still going to lead people to steal cars. And there will always be Black Hat Guy/4chan types that send the cars to Alaska for the lulz.


#17

How about just building a subway system?


#18

And it’s going to do that? How long will it take Google Maps or its equivalent to deduce the location of every illegal workshop, followed by police visits?
I ask this because normally I don’t turn location services on unless I really need them, but the other day I forgot to turn them off. I was about to have the car service when a notification from Google asked if I would take a picture of the dealership for Maps. It knew precisely where I was and what was there.


#19

Depends on how mobbed up the local government is.


#20

If they also DRM the smelter being used to separate the car’s useful metals from it’s plastic waste then I think they might have a solid business model.

I was being a little facetious. Obviously you’d need to approach the car with a device that scrambles its transmissions back to HQ, break into it and disable the features that would report any information and that prevent you from giving it directions without a connection to HQ, and then give it instructions. Or you need to have a device that fools the car into thinking it’s still in connection with HQ when it’s really talking to your computer. Or you need some better way of dealing with these problems that I can’t think of because I’m not at all an expert in circumventing security or stealing cars.

I’m well aware of the problem, though, that once a security measure is designed, it is a fixed problem to solve and it can be defeated. Police and car owning companies trying to use information to find the offenders will work sometimes and will not work other times, just like it does with thieves of all kinds at any level of technology.