Denim Group has been acquired by Coalfire. Learn More>>

GM on Vehicle-to-Vehicle Networks

By Erhan

General Motors has recently shown off its autonomous vehicle at the Consumer Electronics Show. According to GM’s CEO and Chairman Rick Wagoner, the major automaker is serious about the project and plans to roll out the vehicle in twelve years. This is an interesting concept because of the recent successes in the DARPA Grand Challenge projects. Concurrent with that are new technologies readily found in high-end vehicles (most notably, Lexus introduced into its flagship vehicle LS such passive autonomous vehicle systems as self-parking and pre-collision braking).

One thing that may not be as exciting as self-driving vehicles but definitely drew my attention is that the company is “developing vehicle-to-vehicle communications that will “minimize traffic jams and, more importantly, greatly reduce traffic accidents and fatalities with minimal and possibly even no roadway infrastructure required.'” As someone who has worked in the Intelligent Transportation Systems field for years, vehicle-to-vehicle communication is definitely not new. Standardization is where vehicle-to-vehicle communication has been heading towards. One topic that was not addressed, however, is the sheer effort it would take, not to deploy the infrastructure, but to secure it.

With the scale of implementation rises the scale of attacks. Denial of Service attacks on your email server means you don’t get email. Denial of service attacks on your traffic management center means you get a traffic jam (or traffic accident) of historic proportions. Could anyone imagine the terror that could ensue from a single misplaced “DROP TABLE Vehicles; —” in a SQL query? Undoubtedly the designers and engineers behind such large-scale municipal deployments would cover many such bases as part of acceptance testing, but they will have their work cut out for them. Any and all attacks that web sites, databases, cell phone networks, mobile devices, and so on are susceptible to affect a vehicular ad hoc network. To put it simply, an ITS infrastructure has a large attack surface area that needs to be minimized.

That GM envisions the vehicle complete in twelve years might be the most surprising part of it all. It would be an amazing feat to have a municipal vehicle-to-vehicle network in place in that time frame. With GM’s track record for vehicle innovation (the EV1 springs to mind), however, this may not be a challenge any city has to worry about just yet.


About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *