According to a new study by a team of researchers from the University of British Columbia (UBC), automated vehicles such as Mars rovers or Amazon delivery drones are more likely to be hacked than previously considered.
The team from UBC’s faculty of applied science designed three types of stealth attacks on these automated machines that caused them to crash, miss their given targets or complete their mission much later than the given time.
The attacks were carried out with almost no human intervention to see the success rates of the attacks on both real and simulated drones and rovers.
Karthik Pattabiraman, Professor of electrical and computer engineering at UBC said: “We saw some of the substantial weaknesses in the software that runs on these automated machines and we think that the drawbacks allow attackers to cause unanticipated changes in the software of these machines. More concerning is the fact that the traditional or most commonly used detection techniques were not able to identify any of these attacks.”
Automated drones and rovers use unique algorithms to remain on track while moving, as well as to detect unanticipated behavior that could flag an attack. In any case, some level of unconventionality from the travel plan is usually permitted to represent external factors like abrasion and wind—and it’s these deviations that attackers take advantage of to mess with the functionalities of the vehicles.
The team of researchers built up a robotized process that allows an attacker to rapidly become familiar with the permitted deviations of automated vehicles running regular protection systems. Then the hackers use this information to launch a series of attacks that remain undetectable by the machines until it’s too late.
Pritam Dash, lead author of the study and a graduate student of electrical and computer engineering at UBC said: “Automated vehicles are already playing a significant role in surveillance and reconnaissance, management of warehouse and distribution channels, and several other contexts, and their use will become more mainstream in the years ahead. This is why we need more safety measures to prevent such attacks on drones and rovers that will ultimately cause serious financial, property, and even bodily damage.
The team of researchers offers the basis for a couple of such defensive measures—such as self-adjusting deviation thresholds—in an ongoing study depicting their discoveries. And next month, their research will be presented at the Annual Computer Security Applications Conference in San Juan, Puerto Rico.