Of course, it could also warm or cool your car to your preferences and select your favorite morning
news stream.These new features are quite wonderful and likely to decrease accidents at times when
drivers are distracted. It is evident that autopilot abilities will take us toward a future where
completely self-driving vehicles will be around us—in fact, several companies (including Goo-
gle) are already working on completely autonomous cars that don’t even have a steering
wheel. As we look into the future, the following new risks are likely to be introduced into the
car security ecosystem, and their results are bound to be fascinating to analyze:
Legal precedence and liability
Tesla explicitly mentions that the driver is “responsible for, and ultimately in control of,
the car.” As we move into completely autonomous driving, it will be interesting to see
which parties are found to be liable for damages and accidents in the future. Could the
car company be held liable if an accident is caused by a hardware or software error? The
legal terms and conditions, combined with the specifics of actual mishaps, will shape our
understanding of liability and ultimate responsibility; however, this will be complicated by
differences of legal opinion across states and countries.
The impact of software bugs
As consumers, we have all come across software glitches at some point in our lives that
may have interfered with our online shopping, prevented access to email, or perhaps
made it impossible to print a boarding pass. Now imagine a software glitch in a feature
such as autopilot, which has the ability to conduct an actual lane change. Such a glitch
could have physical consequences to the passengers of the car and nearby cars, potentially
resulting in bodily harm.
Vehicle-to-vehicle communications
As consumer cars become truly autonomous, they will need to implement a peer-to-peer
communication protocol allowing nearby cars to negotiate turns, manage the flow of traf-
fic, and alert one another to road conditions. There are two buzzwords in the industry
today that attempt to capture this need: V2V (vehicle-to-vehicle) and V2I (vehicle-to-
infrastructure). The combination of V2V and V2I is commonly referred to as V2X. The
US Department of Transportation (DOT) and the National Highway Traffic Safety Admin-
istration (NHTSA) have set up a website to announce upcoming and proposed laws that
automotive manufacturers will be expected to adhere to. As more and more vehicles
begin to communicate with one another and with the underlying infrastructure provided
by the government (to manage traffic and collect tolls, for example), the attack surface
available to malicious entities will increase. In response to government mandates, car
manufacturers are going to design solutions that may initially contain security vulnerabil-
ities. The NHTSA has issued a proposal to obtain feedback from the industry on how to
securely implement a V2V communication system, recognizing that this attack surface is
CHAPTER 6: CONNECTED CAR SECURITY ANALYSIS—FROM GAS TO FULLY(^186) ELECTRIC