companies move to show they can operate cars without human drivers. Google’s spinoff, Waymo, announced last week that driverless Chrysler Pacifica minivans will roam the Phoenix area for ride-hailing trips with engineers sitting in the back seat.
Automakers have taken pains to show they are committed to addressing potential cyber vulnerabilities. They point to the 2015 formation of the industryrun Automotive Information Sharing and Analysis Center that allows car manufacturers to con- fidentially share information about potential cyberattacks.
“Like many industries, auto engineers use ‘threat modeling’ and simulated attacks with the latest methods to test security and to help design controls to enhance data integrity,” said Gloria Bergquist, vice president of communications and public affairs for the Alliance of Automobile Manufacturers.
Researchers at the University of Michigan, University of Washington, Stony Brook University and University of California, Berkeley, have shown that lidar sensors — which use bounced laser light to measure distance — could be tricked. In their tests, stop signs were altered with black and white stripes and additional words that were enough to convince self-driving cars that they were encountering 45 mile-perhour speed limit signs.
Study authors cautioned their findings do not mean all self-driving cars are vulnerable to hackers and saboteurs.
“Our work does not demonstrate any vulnerabilities in any autonomous vehicles currently being developed,” Ivan Evtimov, a Ph.D. student at the University of Washington, said in an email.
Evtimov warned that engineers and others should be aware of these vulnerabilities and take steps to ensure security.
The issue appears to resonate with drivers. A recent Cox Auto- motive study on consumer perceptions toward self-driving cars showed 40 percent of drivers said concerns about potential software hacks are the biggest barriers to acceptance.
The cybersecurity issue has roiled debate about legislation in Congress. Under legislation approved by the House and pending in the Senate, automakers and technology companies would each be allowed to sell thousands of self-driving cars per year.
The House self-driving bill requires automakers to develop cybersecurity plans within 180 days of the measure becoming law. The Senate’s bill gives carmakers 18 months to craft those plans.
Supporters of the self-driving bills in Congress have argued that they contain provisions to address cybersecurity concerns.
“The technology behind selfdriving vehicles is developing rapidly, and these vehicles’ capabilities will grow exponentially in just a matter of years,” U.S. Sen. Gary Peters, D-Bloomfield Township, said in a statement. “Testing these technologies to ensure they are working safely and are secure from possible cyberattacks is a critical step to preparing selfdriving vehicles for our roads.”
U.S. Rep. Debbie Dingell, DDearborn, added: “Concerns about cybersecurity are real, which is why we worked hard in crafting the SELF DRIVE Act to set up a process that requires rig- orous detection and response practices to protect against potential attacks.”
Former National Highway Transportation Safety Administration chief David Strickland, who is now general counsel for the Self-Driving Coalition for Safer Streets lobbying group in Washington, said tremendous pre-emptive work has been done by manufacturers and agencies.
Strickland cautioned, however, that when it comes to hackers, “You’re dealing with criminals.”
“It’s isn’t like something where you can have a static environment where you can study it to death,” he said. “The notion of creating a cyber-proof system is not reality.”