Insights / Blog

Cybersecurity of vehicle teleoperation

By

on

QAC Emerging Technologies Quality Assurance

This monthly newsletter will focus on QAC’s activities regarding R&D, Connected Vehicles, Cognitive Autonomous Systems, Artificial Intelligence, Internet of Things, and Blockchain Quality Assurance Services.

Focused on the Future

Leading the way

Welcome to the twenty-first edition of the EmTech newsletter. In the automotive industry, vehicle teleoperation is being considered as a catalyst to smooth the transition from human driving to the self-driving vehicle. In this newsletter, we inform the reader about the challenges and opportunities of vehicle teleoperation. Afterward, we highlight the data privacy and cybersecurity challenges and provide recommendations to mitigate these challenges.

Welcome to the 21th edition of our EmTech Quality Assurance Newsletter

Keeping you informed

Our emerging technologies quality assurance workstreams

R&D and Grant Projects

Research and development of new technologies that position QAC to become a world leader in quality assurance services.

Connected Vehicles

Testing and Quality Assurance services exclusively developed to provide integration testing services for highly connected vehicles.

Cognitive Autonomous Systems

Fully automation of testing and quality Assurance services exclusively developed for Cognitive Autonomous Systems.

Cybersecurity, IoT, AI, and Blockchain

Focus on developing new technologies that utilizes AI to address QA challenges on Cybersecurity, IoT, and Blockchain domains.

Why is vehicle teleoperation needed

Due to the technical and regulatory challenges, debuting SAE Level 5 fully autonomous vehicles on public roads has not reached prime time yet. One of the reasons is that AVs heavily rely on Machine Learning (ML) algorithms to perceive the environment and make safety-critical driving decisions. While non-deterministic ML algorithms’ performance is more accurate in detecting hazardous scenarios known as “edge cases” than rule-based systems, 100% accuracy has yet to be achieved. Often, to prevent accidents and provide a safe maneuver, a human operator is required in the vehicle when autonomous vehicles encounter an “edge case”. Requiring a human operator to be physically in the vehicle dramatically reduces the value and benefits of an autonomous vehicle.

A possible interim solution to utilize the advantages of autonomous vehicles earlier without having a safety driver behind the wheels is Teleoperated Driving (ToD). In ToD, a remote operator (RO) assists the vehicle or takes control when necessary and handoffs control to the vehicle when required. Therefore, it uses the advances in vehicular autonomy — while also taking advantage of human vigilance for safe maneuvers.

Teleoperation accelerates AV deployment

In many countries, the governments have mandated the safety driver’s presence during AV testing on public roads. In ToD, there is always a human driver controlling the vehicle from a regulatory perspective. Based on the level of control the RO has on the vehicle, the AV teleoperation services can be divided into three categories:

  • Remote monitoring of AVs. RO monitors the AV fleet and assists AVs when AVs move or deviate from a prescribed path. The intervention of the RO in a challenging situation can be used to train the ML algorithms that govern autonomous vehicle perception, decision-making, and control system.
  • Remote assistance to AVs. RO only provides information and guides AVs to navigate safely when encountering edge cases.
  • Remote control of AVs. RO performs all aspects of driving for a substantial amount of time, including steering, acceleration, and braking. Recently, Vay Taxi service in Germany has launched this type of affordable door-to-door transportation.

Opportunities in vehicle teleoperation

  • Improved accessibility for underserved populations. In society, older people, people with disabilities, adolescents, and those living in poverty face mobility challenges. ToD may provide more efficient transportation, which helps these people overcome the obstacles of limited mobility and get access to all the associated social and economic benefits.
  • New job creation. ToD is promising to eradicate the driver shortage problem in the logistic industry. Furthermore, it paves the way toward a gender-balanced employment opportunity.
  • Transit in a pandemic. Since RO and rider are physically located separately, it ensures the health and safety of both the drivers and passengers.
  • Reduced costs. Having a car is always expensive. The owner needs to pay insurance, parking, and maintenance costs. In teleoperated ride-sharing services, an individual can enjoy driving without possessing a vehicle.

Challenges in vehicle teleoperation

Teleoperation relies on cellular networks to transfer information between the vehicle and the teleoperation center. Broad coverage, high data throughput, and ultra-low latency are the most apparent telecommunication requirements for enabling safe vehicle teleoperation. ToD needs to address many technical challenges, including but not limited to latency, deterioration or loss of connection, or reduced situation awareness.

  • Large latency is the biggest challenge in safe teleoperation that leads to a lag in the RO’s visualization and results in unstable real-time control of the remote vehicle. 5G (1-millisecond latency) could be sufficient to mitigate this problem. However, the deployment of 5G is far from widespread.
  • Broad network coverage is essential for a stable connection. If connectivity isn’t stable, video streaming will be interrupted, and the RO will have to wait for the video to render, which is simply unacceptable. For good coverage, teleoperation requires connecting to multiple network operators simultaneously.
  • Another challenge is reduced situation awareness or weak feelings of telepresence. Due to the low field of view of cameras, delays over network transmission, and the lack of sensory information, it is hard for a RO to develop a similar level of situation awareness as a driver seated in the vehicle.

Data privacy and cybersecurity of teleoperated driving

ToD may inherit the threats associated with autonomous vehicles, with several unique threats depending on the teleoperation mode. Any classical cyberattacks against teleoperation components: control station, in-vehicle software module, and the communication channel may lead to catastrophic consequences. A malicious attacker can gain unauthorized access to the vehicle controls through the injection of fake messages to the vehicle or the teleoperator to interrupt the teleoperation. Furthermore, the attacker may access sensitive information on the vehicle and passenger, compromising confidentiality.

Today, vehicle teleoperation still is in a nascent stage. It is expected that AI-based automated teleoperated driving will be evolved in the future where an AI-based software agent in the cloud, will collaborate with the self driving intelligence on the vehicle and take more responsibility from RO.

Though it may reduce the cost and drawbacks of human teleoperators, it may make digital adversarial attacks feasible against the cloud-based teleoperation system. Moreover, applying advanced AI techniques to launch deep fake attacks for altering the road sign or cloning the voice of the passengers in the vehicle is not impossible.

Attack scenarios related to teleoperated driving

  • Gaining access to computers in the teleoperation center. The attacker can access the computer in the control station via outdated software installed in the computer. In this attack, the attacker runs malicious code on a teleoperation computer to control all the vehicles served by this computer.
  • Sensor jamming, spoofing, and blinding/saturation. Sensors may be blinded or jammed. The blinding and auto control attack disables the functionality of the vehicle’s camera sensors. Moreover, malicious hackers may add perturbation to the camera-captured images. In this way, the attacker may manipulate the AI model of the vehicle and make the vehicle confused so that it can not ask for human assistance when required.
  • Attacks targeting communication channels. Communication channels’ security should be paramount in AV teleoperation. The main types of cyberattacks on communication channels are Denial of service (DoS) attacks, blocking all communications between the vehicle and the control station. An adversary may modify or drop transmitted video signals, sensor readings, and messages coming from road infrastructures or other vehicles.
  • Gaining physical access to the vehicle network. An attacker may gain physical access to the vehicle network during car maintenance. Afterward, a malicious piece of software can be installed in the vehicle computer to apply small perturbations to the captured images that may result in misclassification during object detection.
  • Gaining remote access to the vehicle network. An attacker may remotely exploit the vulnerability of the vehicle head unit (HU) and get access to the vehicle’s internal network.
  • Information disclosure. Since the teleoperated vehicle collects sensitive and personal data and shares this data with various stakeholders, an adversary may be motivated to gain access to this confidential data and cause a data breach.

Recommendation for mitigating the cybersecurity risks

  • Privacy by design to address data privacy. Automotive industries need to adhere to the privacy by design (PbD) approaches in Vehicle-to-everything (V2X) communication to proactively ensure the privacy of passengers, vehicle owners, and operators.
  • Ensuring robust communication. The communication between vehicle and teleoperation control center should be strongly protected, using proper encryption authentication to prevent different types of attacks such as DoS, the Man in the Middle, information spoofing, etc.
  • Managing risks in the supply chain for an extended period. The entire supply chain includes OEMs, all levels of suppliers, subcontractors, and third-party vendors who provide software, firmware, hardware components as well as different services should be supportive of responding to continuously evolving threats and vulnerabilities.
  • Systematic security validation and testing. The automakers or software developer updates the AI model with new trained data. Hence, systematic security validation and testing are required throughout the vehicle’s life cycle to combat newly developed cyber-attacks and security vulnerabilities created by updating the vehicles’ AI models.
  • Require preparedness and incident response capabilities. Due to the increased connectivity of the vehicle with infrastructures and stakeholders, it is impossible to predict future attacks. Therefore, it is prudent to have a precise and established cybersecurity incident handling and response plan to handle incidents effectively.