Safeguarding the future of autonomous driving


The facts and figures

The UK public remains wary of driverless technology due to safety concerns:

  • Research from the Institution of Mechanical Engineers suggests two thirds (66%) of people in the UK are uncomfortable with the idea of travelling in a driverless car

  • When asked about their biggest concerns when travelling in a driverless car, over one quarter (28%) admitted being worried about the car not being able to deal with an external situation (such as an accident on the road) while two fifths (39%) said it would be having no overall human control of the car

  • Yet one in ten (11%) admitted their biggest concern was someone being able to hack or disrupt the car


McAfee’s ‘model hacking’: vehicle tricked into autonomously accelerating up to 85 MPH in a 35 MPH zone using just two inches of electrical tape

 As with all new technologies, cyber criminals are constantly looking to target AI models and features. As a result, the McAfee Advanced Threat Research (ATR) team and McAfee Advanced Analytic Team (AAT) partnered to explore how artificial intelligence can be manipulated through research known by the analytics community as adversarial machine learning or, as McAfee calls it, “model hacking.”

McAfee ATR successfully created a black-box targeted attack on the MobilEye EyeQ3 camera system, utilised today in many vehicles including certain Tesla models. Through this attack, McAfee researchers were able to cause a Tesla model S implementing Hardware pack 1 to autonomously speed up to 85 mph, after manipulating the AI technology to misclassify a speed limit sign that read 35 mph.

Please see links below for more details about the research including what the team uncovered, as well as the potential implications it could have on the autonomous vehicle industry.


The implications of this research are significant:

  • By 2023, worldwide net additions of vehicles equipped with autonomous driving capabilities will reach 745,705 units, up from 137,129 units in 2018, according to Gartner.
  • However, there is more discussion and awareness needed about the potential pitfalls and safety concerns associated with such rapid acceleration in this technology.
  • Given this projected growth, it’s a rare and critical opportunity for the cybersecurity industry and automobile manufacturers to be ahead of adversaries in understanding how AI/machine learning models can be exploited in order to develop safer next-gen technologies.

Insights from Mo Cashman, Principle Engineer at McAfee :

What can manufacturers do to ensure greater autonomous vehicle safety as that industry develops?

 “The automotive and cybersecurity industries will need to work together closely to design, develop, and deploy the right security solutions to mitigate threats both before they occur and after they happen. Unlike automotive safety, cybersecurity is not probabilistic. Threats come from a variety of sources, including intentionally malicious and unintentionally malignant. As a result, processes must be put in place to mitigate these cyber threats over the entire lifecycle of the product, from early design decisions through manufacturing to operation and decommissioning.

“With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Manufacturers must recognise this and take the appropriate measures for cyber resilience. Key actions range from conducting rigorous checks to using security tools to distinguish real threats from ‘noise’. Manufacturers must also ensure connections are secured from the cloud through to the vehicle endpoint, minimising vulnerabilities which hackers could use for their own gain.

“No matter the state of the threat landscape today, best practices for automotive security are an evolution and amalgamation of both product safety and computer security. By collaborating with the cybersecurity industry, the automotive and manufacturing sectors can research, develop, and enhance products, services, and best practices for a more secure driving experience.”


Can cybersecurity researchers and the manufacturing industry get ahead of adversaries by identifying weaknesses in underlying systems within autonomous vehicles?

 “Those organisations manufacturing autonomous vehicles or autonomous vehicle components have a clear opportunity to adapt and learn from the foundational principles, lessons learned, and processes developed over the past decades in cybersecurity. By doing so, they can get on the front foot to find vulnerabilities and shore up security before autonomous vehicles become the norm on our roads.

“The broad adoption of state-of-the-art sensors that utilise analytics technologies represents a fascinating opportunity in the cybersecurity industry. It’s one of those very rare times when researchers can lead the curve ahead of adversaries in identifying weaknesses in underlying systems and be a true enabler of a new business. With ‘model hacking’, McAfee and other cybersecurity organisations have an opportunity to influence the awareness, understanding and development of more secure technologies before they are implemented in a way that opens them up to adversaries. However, doing so will require cross-industry collaboration. With founding roles in organisations such as the Open Cyber Alliance, McAfee believes that industry collaboration is fundamental to building more secure systems.

“Just as we will continue to identify and actively work to solve a cyberthreat ahead of its use in the wild, manufacturers will also need to implement best practices security processes and solutions to mitigate both current and future threats. Additionally, cyber threat intelligence sharing will be key to ensure greater security across all models of autonomous vehicles.”


Tips for manufacturers:

  • Conduct rigorous checks. There are times when a product functions in a way developers/engineers didn’t expect it to perform, as evidenced by McAfee’s research. Perform rigorous checks and validations, considering new scenarios and edge cases that could be introduced in real-world use that perhaps the technology wasn’t specifically designed to handle. Additionally, McAfee encourages auto manufacturers to assess model hacking in systems.

  • Human-Machine teaming. Adversaries are human, continuously introducing new techniques. Machine learning can be used to automate the discovery of new attack methods; creative problem solving and the unique intellect of the security team strengthen the response.

  • Apply multiple analytic techniques and closely monitor changes. Protection methods include multiple techniques, for example noise addition, distillation, feature squeezing, etc. In addition, implement statistically-based thresholds and closely monitor false positives and false negatives, paying attention to the reason for the change.

  • Take a ‘one enterprise’ and systems approach to security and risk management. Many organisations still operate in silo and this needs to change. Threats enter from multiple routes. As a result, increased collaboration and achieving one unified view across the manufacturer’s digital workplace, cloud services, industrial controls and supply chain are necessary considerations if a manufacturer is to maintain a strong cybersecurity posture as it develops autonomous vehicles.

  • Build a strong culture of security. For manufacturers, safety is often a strategic pillar of the business. Signs are posted highlighting accident-free days and senior leaders are champions of the programme. Bring that same focus to cybersecurity.