It’s 2034. You’re in the backseat of your driverless car, sleeping, catching up on some paperwork, cramming for a test, basically handing over the control of your smart auto to its mechanical brain. Out of nowhere, your car goes left instead of right, powers through the traffic light instead of stops and you sit helplessly as your high-tech, state-of-the-art self-driving wonder is taken over from miles away. Stealing a vehicle takes on a whole new meaning when it’s done by tapping into that artificial intelligence running your autonomous car’s brain. What do you do? And this goes beyond a question of design to law enforcement. After all, in this brand new world, what is being done about autonomous vehicle theft? Will there be a difference with how it’s handled today? Should there be?
A quick history of car theft
Let’s take a look at where “boosting” a motor vehicle started so we can understand where it’s going.
1888: All in the name of marketing
The first person to actually steal a car was Bertha Benz. Wife of Karl Benz, the creator of what many call the first practical gasoline-powered automobile in 1885 and co-founder of Mercedes-Benz, Bertha took the vehicle with the best intentions — viral marketing her notoriously shy husband’s invention. However, she still stole one of his “Motorwagens” from his shop in the dead of night on 05 August 1888 with the help of her two teenage sons without Karl’s knowledge. This first case of motor vehicle theft — what is sometimes called grand theft, auto — was harmless enough and actually benefited the automotive community by creating interest in this curious contraption traveling the countryside to the extent that others wanted one for themselves. A whole industry was born and as the horseless carriage became more the norm around the world, local communities saw this actual crime grow and began to wonder how to combat it.
1896: A baron’s ride is coveted
The true first vehicle that was really stolen was the Peugeot owned by Baron de Zuylen in 1896. His mechanic decided to take it upon himself to take it out of the shop where it was being repaired. Luckily, both the thief and the car were found nearby.
1919: The U.S. takes a stand
The Dyer Act, aka the National Motor Vehicle Theft Act, becomes the first federal law combatting the brand new world of stolen motorized vehicles in America. Enacted by the U.S. Congress on October 29, 1919, Dyer focuses on the interstate trafficking or transport of stolen vehicles — stealing a car and taking it across state lines. Punishment is an unspecified fine — more than likely to be based on the actual value of the car stolen — up to ten years in prison, or both.
1969: Introducing the VIN
On January 1, 1969, The Department of Transportation, formed just a few years prior in 1966, requires all new cars imported into and/or sold in the U.S. to have a vehicle identification number (VIN). At this point, it is left to each manufacturer to decide how and where they want these to appear, which can cause confusion at times.
1980: Setting some standards
1980: The universal 17-character VIN system is established.
1984: Divide and conquer goes on the road
The “chop shop” starts showing up. Thieves steal a car, “chop” it up, and sell the parts that don’t have the VIN on them. So, the 1984 Motor Vehicle Theft Law Enforcement Act is created, highlighting the need to trace and recover stolen motor vehicles and their parts. The Department of Transportation (DOT) reacts to the new law by mandating that the VIN now be displayed on the car’s engine, transmission, and 12 major auto body parts. This makes it more difficult to cut up the cars and get away with the theft.
1992: Grand Theft Auto gets hands-on
1992: Then came carjacking, the armed and forced taking of a car from an individual. The Anti-Car Theft Act of 1992 makes carjacking and owning, operating and maintaining a chop shop federal offenses.
1994: “Somebody, stop me!”
The Anti-Car Theft Act is joined by the addition of the Motor Vehicle Theft Prevention Act to the Violent Crime Control and Law Enforcement Act of 1994. This requires the Attorney General to work with the different States to develop a voluntary auto theft prevention program that has car owners signing a consent form that authorizes local law enforcement to stop the car when operated under certain conditions, such as at night, in certain urban neighborhoods, etc. Participants display a decal on their car showing they are part of the program. Carjacking is also addressed within the body of the Violent Crime Control and Law Enforcement Act itself, proclaiming that should a death result from the action, it is a federal capital offense.
1996: The age of the database
Welcome the Anti-Car Theft Improvements Act, which upgrades state motor vehicle department databases that contain titling federal and local law enforcement can access to determine whether the vehicle in that person’s possession is stolen or not.
21st Century: The future of vehicle theft
Incremental advances have been consistently made in federal laws and states have their own mandates that determine whether the stealing or tampering of a car is either a misdemeanor or felony. Since the last law was put on the books in 1996, auto theft has been on the decline, BUT…
With the advent of the Internet, the new crime of cyber-hacking has given rise to an even broader, more detrimental concern. What would happen in an autonomous vehicle theft? Carjacking in absentia means there has been no armed taking of the automobile, so it wouldn’t fall under the Anti-Car Theft Act of 1992 — that outlines carjacking as taking a vehicle from an individual by force while armed.
In addition, the ability to virtually break into a car has led to terrorist concerns. Throughout the world, automobiles are used for suicide attacks and the ability to do so from afar has prompted some serious research on how to get in front of what has yet to but could happen. What, then, would that protection look like and how would law enforcement engage with, let alone track down, who took over your vehicle?
Protection against cyber-jacking
Vehicles used as weapons of terror appear to be on the rise. From disenfranchised individuals driving down crowded sidewalks to radicals using them as bombs, the humble motorcar has taken on an ominous feel of late. It’s not surprising that self-driving and highly connected autos make many wonder just how vulnerable their inner workings will be to tech-savvy terrorists or simple car thieves.
While there have been instances, in testing, of white hat hackers infiltrating cars in order to demonstrate how these automobiles might be taken over, the actual use of a vehicle in a terrorist attack by virtue of cracking its computer code has yet to occur. However, preempting that is key and such minds as American University Computer Science Professor Nathalie Japkowicz are working with others to do just that.
The best defense is a good (computerized) offense
While there is legislation currently considered to protect us in the not-so-distant fully autonomous future, anti-theft technology is being pursued right now. Professor Japkowicz — along with Adrian Taylor of Defence R&D Canada and Sylvain Leblanc of the Royal Military College in Canada — has designed a way to detect unusual activity in a car’s computer system. The trio is using machine learning, noting that anything out of the norm within an operating system may signal a cyber attack. The goal is to take this information and create the tools needed to address these security threats to connected vehicles before they turn into action.
In Washington, D.C., American University’s computer science department is currently focused on what they are calling “vulnerability management.” This entails “detecting attack during normal system operations.” We’ve discussed many ways cars are now more open to outside interference by the mere fact that there are a vast number of ports of entry into a car’s operating system. Whether it’s through telematics or that cool new infotainment experience, there are all of these little ways your high tech vehicle can be infiltrated. By paying attention to changes in normal computer behavior, the hope is that this will immediately signal a need for cybersecurity experts to step in and, at the very least, investigate the issues arising in the automobile.
As Professor Japkowicz and team engage two machine learning techniques to gain insight into activity that is out of the norm — Long Short-Term Memory and Gated Recurrent Units — they hope to provide the automotive industry with the tools to battle and evade such attacks. Newer cars are far more vulnerable than older models to any sort of cyber invasion with more computerized capability than ever before. From the simple USB port on your dash to the intricate framework of autonomous driving, the number of ways to enter from the outside has heightened exponentially and the challenge is to now shut each and every one of those areas from outside interference. That, in itself, is a lofty task especially as more cars coming off the assembly line are outfitted with more advancements, more bells and whistles, and more connectivity than ever before.
Take for example the recent slew of Tesla thefts in England. Thieves have been hacking into key fobs to unlock a Tesla, start it up and drive it away. Tesla reacted by offering an optional “PIN to Drive” feature, helping owners disable “Passive Entry,” and making a signal blocking pouch in which to keep your key fob available. This has helped, but those owners who don’t use any of the tips may find themselves losing their vehicle thanks to those who are technically proficient enough to become part of the New Age of Car Thieves.
Sidebar: “What if…?”
Although virtually accessing self-driving cars is the biggest concern of both vehicle manufacturers and the tech industry — not to mention what all of this means to your insurance premiums — this got us to thinking…
Imagine you’re slowing down to a stop for a pedestrian crossing the street when the front door lock is jimmied — either manually or digitally— and someone slips inside to take control. Autonomous car theft is consistently viewed from a high-tech, cyber-hacking standpoint, but what about good, old-fashioned carjacking? Without a driver, some skill with either an actual lock-pick or rudimentary hacking knowledge may very well turn that fully autonomous dream into a vintage nightmare. Hmm…
Tracking the hacker? Not so easy
While more than 90% of all new cars have a black box installed to assist with determining issues when a crash happens, finding the hacker who cracked your automobile’s computer code is very difficult. They range from networks of people who work together to solo infiltrators writing self-erasing code, fake web addresses and more. Since there is no physical evidence of the break-in — only virtual — investigations can sometimes take years before the perpetrators are found. So, where does that leave you comfortably sitting in the backseat of your self-driving vehicle that is suddenly taken over and driven to…? Well, you get the point.
For now, all of these incidences are virtually nonexistent, but tomorrow? As someone once said, “Tomorrow is another day.” However, that “day” is fast approaching.