Charlie Miller, along with colleague Chris Valasek, have demonstrated how software used in cars is susceptible to remote attack.
Charlie Miller, along with colleague Chris Valasek, have demonstrated how software used in cars is susceptible to remote attack.

At an industry event last month, Charlie Miller, a security engineer at Uber's advanced technology center, made the claim that software operating the new generation of driverless cars can be remotely attacked, according to Digital Journal.

Speaking at ARM TechCon in Santa Clara, Calif., Miller told the gathering of representatives from the embedded systems industry that the artificial intelligence (AI) running driverless cars is susceptible to attack.

The claim cannot be easily dismissed as something from a sci-fi scenario, as today's headlines report on hacks of chips embedded in Internet of Things (IoT) devices. Last month, for example, a DDoS attack that took out popular websites – including Twitter, PayPal, Amazon and Facebook – was also used to target webcams and a number of other IoT devices.

Exacerbating the security weaknesses, is the fact that these devices can all be hooked into networks consisting of millions of devices. This is what occurred with the Mirai botnet, which commanded devices under its control to flood victim websites with internet traffic beyond their capabilities.

Miller, along with his colleague Chris Valasek, have already proven – in demonstrations at Black Hat – how vulnerable onboard car systems are to attack, gaining control of electronics systems that allowed them to remotely stop vehicles.

The challenge, said Miller, is that any device tethered to a vehicle's network is vulnerable to intrusion, particularly third-party add-ons. The lesson, he told the crowd, was that once notified the car manufacturers can issue patches, but a better option is to embed security into devices before the cars are on the road. To that end, he said he'd like to see car makers be more transparent about the security designs of their systems.