Will self-driving cars be dangerous due to computer hackers?

(this is almost a science fiction question, but I’m putting it in GQ because I’m more interested in the science than the fiction.)

One day in the future, self-driving cars may become common. Will they be dangerous?

It seems to me that they could be afflicted with as many problems as my personal computer at home. --viruses, incompatibilty with software, etc
Computers crash sometimes. (yeah, I know—just like cars).
But a computer crash is less serious. And in cases where a crash is so serious as to be totally uncacceptable (military uses, for example), the computers are usually isolated from the internet.

But cars are consumer products, as is the internet. When “Google cars” hit the market, they are going to be connected to the net.
For some things, the cars will require an online connection. (updates of GPS, for example,if a local road is changed to one-way traffic only).
For other things, the cars will have on-line connections for marketing reasons. (People will prefer to buy a car with online music choices, and a built-in link to the manufacturer’s repair diagnostic services. If it’s an all-electric car, it may need a link to a map of recharging stations, etc.)

But what will prevent hackers from spreading viruses to cars? You’re going to feel awfully helpless if you new Google-car suddenly stops in the middle of the street.Or worse–if it takes you somewhere you don’t want to go. Or if the door locks suddenly stop working and you get trapped inside.
And you’re going to feel awfully angry if your brand new, $40,000 car flashes a warning signal that it is needs a refill of Viagra, or that a Nigerian prince wants you to drive to his house.

A computer virus is just irritating, but car viruses will be much worse, and possibly dangerous.
A computer virus is something we put up with, like a kid who vandalizes your mailbox. We don’t feel traumatized.
But a car virus will be like a burglar breaking into your bedroom while you are asleep.That’s traumatizing.

Am I wrong?

You sound right to me.

In short - many things get hacked because their producers do not adhere to security best practices or provide adequate security. I believe this is the case in most (if not all) instances of companies being hacked.

My guess is that while not totally immune from hacking - your self-driving car will be extremely unlikely to get hacked. Companies will put vast amounts of money into research in this area. There will also be ways to prevent the more important aspects of the internet-connected self-driving car from even being connected to that internet. Also, the abilities and resourcefulness of hackers tends to be inflated by fiction.

My worry is not whether they can be hacked, but whether the self-driving function itself will be safe.

Modern intrusion tends to be about profit - your computer gets attacked because it means:
[ul]
[li]it can be used as part of a network to send spam or attack other systems[/li][li]your documents and emails can be scraped for valid email addresses to sell to spammers, or credit card numbers that can be used for fraudulent transactions, or personal details that can be used for identity theft[/li][li]Your web searches or activity can be redirected so you create traffic for a site that profits from your visit[/li]li your documents can be encrypted and held to ransom[/li][li]Etc[/li][/ul]

Whilst there are still such things as purely malicious or mischievous attacks, they are not especially common. What would be the profit motive for doing this to a car? I guess you could make it drive somewhere and steal it, or rob the occupants.

A decade ago, a friend’s car stopped just as he was accelerating through an intersection. He managed to restart it before getting T-boned, but took it to the dealer. It turned out that it was a known software bug and they flashed a new firmware to his ECU (the computer that controls the engine).

So it’s not a new problem, though with increasing complexity it may get worse. I’m sure we’ll see car viruses sooner or later, but I can’t see them ever becoming a huge problem; there’s just too much liability at stake for car makers to be too sloppy with their security in the long run.

Security is actually pretty bad at the moment, and researchers have shown that they can put a car into a spin via the OBD-II port that all cars have (they can engage the brakes on just one side of the car). But it’s not a problem yet since it requires physical access to the car. Automakers will just have to get more careful when they add more wireless features.

Keep an eye on the Tesla Model S if you want an idea on how things will go. Already, they’ve had several over-the-air software updates that significantly changed the behavior of the car. Recently, they changed the ride height when traveling at highway speeds to reduce the possibility of foreign object damage to the car’s underside. This kind of thing is a bit unnerving, but it’s the future. We’ll just have to see if someone breaks Tesla’s security (I personally find it unlikely, but who knows).

Your example of “ransomware” comes to mind as something that would work for a car; the car shuts down, and you get an email demanding that you send money to somebody overseas to get your car working again. As long as they demand less from their victims than it costs to have the electronics replaced/reprogrammed, they ought to be able get money out of it.

Yeah, the profit motive seems suspect, since anyone who can break Tesla’s (or whoever’s) necessarily strong security can surely make a very good living through normal means. I suspect it will be done for:

a) targeted attacks against notable people for political, corporate, personal revenge, or other reasons. For some attackers, an electronic attack against someone’s car will be their easiest or safest option. ’

b) the lulz. Some people try to take down big websites and such just to leave their mark, troll people, hurt people (financially or otherwise) etc. I suspect some folks will be willing to attack people’s cars as pranks of varying severity, and proof of their own skill.

Assuming it’s even possible with where the tech goes, of course.

A known bug can be fixed at the dealer, who knows were the bug came from, since Ford or Honda have their own in-house programmers working on it… But what about anonymous hackers?

yep, I agree …it’s unnerving. At least to us old fogeys and Luddites. I suppose a younger techno-geek (the kind who think Google glasses are a good thing) would think it’s cool.

Tesla is a miniscule market right now. When there are millions of cars on the road, it’s more likely to attract hackers.

When trucks go computer-controlled, there will be a profit motive.
Hijacking will be a gold-mine!
And don’t you think for ten seconds that the precautions they take in advance will be any good at all.

Why, you could hijack a robot truck by boxing it in with 4 cars, then popping open the trailer doors!

And you can hijack a non-computer-controlled truck with a couple of guys with guns. Why aren’t our highways, therefore, a Mad Max-ish dysotpia?

Because kidnapping and murder can get you the death penalty.
But if stealing a load of electronics becomes possible just by hacking the GPS of a driverless truck, then it will be as tempting as a breaking into a warehouse full of electronics, when there’s nobody nearby to hear the burglar alarm go off.

The problem with many of these concerns is that their roots are in fundamental misunderstandings of computers. These are not multi use computers that you browse the web and play games on. Purpose built systems like this are orders of magnitude more reliable than your average home user machine. My backup servers at the shop have run for a little over a year, 24/7, with zero unplanned resets on windows xp pro. The only software they run is the backup system and my remote support software. Half the services that a normal windows pc would run are disabled.

A proprietary car computer will be much harder to target. What works on one car will not work on others. Updates can be done by the car checking in with a known server location and pulling updates with no way to force an update manually unless you are physically plugged into a service port in the car.

Computer controlled will not equal no operator present in situations like this for quite a long time.

And if someone were nearby to hear the alarm, what would they do? Call the police. Which the robot truck can do, too.

computer can be wiped and reloaded with a fresh load of latest software.

That’s good to hear, and I hope you’re right. In the OP, I mentioned the example of military equipment. From your explanation, I gather that the computers in mass produced cars would also be proprietary, programmed to do only one thing, as if they were hard wired, so changes would basically be inaccessible to others.

It’ll be interesting to see…Except that I doubt I’ll still be around (I’m close to retirement age ). I don’t see that driverless cars will become common for another 30 or 50 years.

Consider this, commercial aircraft already depend heavily on much of the computerization you fear. Is anyone screaming “omg, hackers will make a planes engines shut down a few seconds after takeoff!” Aircraft have gps, wireless data links, depend on electronic sensors, etc. Are they falling from the skies because of computer glitches or hackers?

The same types of technology that handles aircraft fly by wire and autopilot will be driving you car. But doing it with a vehicle moving 75% slower, orders of magnitude more manuverable, and weighing about 2% of what an airliner does while having a failure option of “if in doubt, just shut everything off” that does not result in 300 people plummeting to their death.

Think you can stick around for 6-7 years?

I think it’s important to examine the word “dangerous”. Will there be dangers posed by hacking? Yes, certainly. Will those dangers be significant compared to the dangers of having easily-distractible beings that can only look in one direction at a time and take hundreds of milliseconds to react to stimuli control fast moving chunks of metal? Not remotely.