Manuel del Castillo explains recent consumer views related to spoofing attacks and why they cause a significant threat for automakers
Autonomous vehicle technology is advancing quickly. Self-driving vehicles on the motorways have become common, promoted by Tesla, with variants of the technologies available in other makes and models. But many drivers and authorities remain unaware of the susceptibility of these systems to cyber attacks by criminals who can use low-cost equipment to spoof the GPS guidance systems.
Recent research into the views of 2,000 UK consumers and motorists conducted by FocalPoint in association with YouGov shows that whilst consumer awareness of the threat is relatively low, concerns over cyber attacks could impact the rates of adoption for autonomous vehicles or vehicles with advanced driver assistance systems (ADAS).
What is GPS spoofing?
The dangers of spoofing were reported back in 2019 when a Tesla Model 3 was experimentally spoofed successfully. Using off-the-shelf hardware and software, fake satellite signals were illegally broadcast by a spoofer, disrupting the behaviour of the vehicle. Of those surveyed, 82% believe that spoofing will have a detrimental effect on road safety as assisted driving applications and autonomous vehicles become increasingly available.
One of the main threats proposed by targeted spoofing is forcing a vehicle to a halt, thus enabling the theft of the vehicle from the owner. During an attack on a vehicle, the spoofer can disrupt the computed location, speed and heading of the victim’s receiver, causing vehicles to think they are in a different location and even potentially provide false information about road conditions, traffic, or obstacles. Autonomous vehicle systems rely on a complex sensor set for collision avoidance and lane-keeping, but in certain circumstances, spoofing GNSS signals can cause the vehicle to miscalculate its position, causing it to change lanes or speed. This puts passengers, pedestrians, and other vehicles at risk.
Concerns over cyber attacks could impact the rates of adoption for autonomous vehicles or vehicles with ADAS
With autonomous vehicles relying on accurate navigation, time synchronisation and coordination with other vehicles, spoofing also has the potential to disrupt multiple autonomous vehicles simultaneously.
As the tools required for spoofing become cheaper and easily available online, eradicating the threat becomes very difficult. A traditional method to protect against spoofing is to encrypt the radio signal, but this is expensive, complicated and relies on the management of the encryption key. More importantly, is not viable because it requires changes to be made by the owners of the GNSS satellite constellations. An alternative technique is to use expensive and bulky arrays of antennas that can measure the arrival angle of the satellite signals and only use the ones coming from trusted directions. Such an approach is viable because it involves the receivers’ end only, but it is not practical for mass market devices.
Consumer adoption and awareness
The growth of availability and adoption of ADAS systems in new vehicle models suggest that consumers value autonomous features. In addition, studies have suggested ADAS systems can reduce accidents and increase levels of safety on the road. However, the emerging spoofing threat could hamper the growth of the autonomous driving industry. In fact, 45% of the respondents in the UK survey stated the risks of cyber attacks as an influencing factor on the decision to purchase a car with autonomous capabilities, partially or fully automated.
67% of respondents were unaware of the impact of spoofing on autonomous vehicle systems. However, after learning of the potential impact, 86% of respondents rated the risk of an accident to autonomous vehicle users and the risk of harm to other road users and pedestrians as a top concern.
With consumers becoming increasingly security savvy, it is time critical for OEMs to consider their approach to increasing awareness and employ effective strategies to mitigate any potential impact across the sensing, communications, and control layers.
Improving cyber security across the supply chain
From July 2024, all newly manufactured cars under ISO/SAE 21434 are responsible for providing a high level of cyber security across their supply chain. That means OEMs and their suppliers will need to adopt a rigorous approach towards cyber security. This includes protection against spoofing cyber attacks to ADAS. Some effective strategies to help mitigate these risks might include employing multiple sensor technologies to help cross validate and ensure accurate positioning and navigation; employing robust anti-spoofing techniques that can help protect autonomous vehicles against GNSS spoofing attacks, encryption and authentication; and working with third parties to consider innovative new technologies.
Looking ahead, OEMs need to ensure management procedures are in place to mitigate any potential security gaps, with well-defined priorities, as part of an integral part of the value chain/ecosystem. This is critical to protect the future growth of the entire autonomous driving industry.
The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.
Manuel del Castillo is an GNSS industry specialist at FocalPoint
The AutomotiveWorld.com Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact editorial@automotiveworld.com