Artificial intelligence could be used to hack connected cars, drones warn security experts

Cyberattacks on vulnerabilities in connected vehicles could have very real physical consequences if security isn't managed properly.
Written by Danny Palmer, Senior Writer

Cyber criminals could exploit emerging technologies including artificial intelligence and machine learning to help conduct attacks against autonomous cars, drones and Internet of Things-connected vehicles, according to a report from the United Nations, Europol and cybersecurity company Trend Micro.

While AI and machine learning can bring "enormous benefits" to society, the same technologies can also bring a range of threats that can enhance current forms of crime or even lead to the evolution of new malicious activity.

"As AI applications start to make a major real-world impact, it's becoming clear that this will be a fundamental technology for our future," said Irakli Beridze, head of the Centre for AI and Robotics at the United Nations Interregional Crime and Justice Research Institute. "However, just as the benefits to society of AI are very real, so is the threat of malicious use," he added.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

In addition to super-powering phishing, malware and ransomware attacks, the paper warns that by abusing machine learning, cyber criminals could conduct attacks that could have an impact on the physical world.

For example, machine learning is being implemented in autonomous vehicles to allow them to recognise the environment around them and obstacles that must be avoided – such as pedestrians.

However, these algorithms are still evolving and it's possible that attackers could exploit them for malicious purposes, to aid crime or just to create chaos. For example, AI systems that manage autonomous vehicles and regular vehicle traffic could be manipulated by attackers if they gain access to the networks that control them.

By causing traffic delays – perhaps even with the aid of using stolen credit card details to swamp a chosen area with hire cars – cyber attackers could provide other criminals with extra time needed to carry out a robbery or other crime, while also getting away from the scene.

The report notes that as the number of automated vehicles on the roads increases, the potential attack surface also increases, so it's imperative that vulnerabilities and issues are considered sooner rather than later.

But it isn't just road vehicles that cyber criminals could exploit by exploiting new technologies and increased connectivity; there's the potential for attackers to abuse machine learning to impact airspace too.

Here, the paper suggests that autonomous drones could be of particular interest to cyber attackers – both criminal or nation-state-backed – because they have the potential to carry 'interesting' payloads like intellectual property.

Exploiting autonomous drones also provides cyber criminals with a potentially easy route to making money by hijacking delivery drones used by retailers and redirecting them to a new location – taking the package and selling it on themselves.

Not only this, but there's the potential that a drone with a single board computer could also be exploited to collect Wi-Fi passwords or breach routers as it goes about its journeys, potentially allowing attackers access to networks and any sensitive data transferred using them.

SEE: 10 tech predictions that could mean huge changes ahead

And the report warns that these are just a handful of the potential issues that can arise from the use of new technology and the ways in which cyber criminals will attempt to exploit them.

"Cybercriminals have always been early adopters of the latest technology and AI is no different. As this report reveals, it is already being used for password guessing, CAPTCHA breaking and voice cloning, and there are many more malicious innovations in the works," said Martin Roesler, head of forward-looking threat research at Trend Micro

One of the reasons the UN, Europol and Trend Micro have released the report is in the hope that it'll be seen by technology companies and manufacturers and that they become aware of the potential dangers they could face – and work to solve problems before they become a major issue.


Editorial standards