Taiwan’s first self-driving bus officially hit the road in May 2020 and took passengers as part of its trial runs in October of the same year. A collaboration between Turing Drive and the Taipei city government, the autonomous electric bus brought the future of connected car technologies and intelligent transportation systems much closer to reality.
In a report published by Trend Micro, security researcher Philippe Z Lin rode this bus during its trial run to gather insights, as summarized here.
The driverless bus is equipped with Global Navigation Satellite System (GNSS) receivers, light detection and ranging (lidar) sensors, cameras, and radars. To enhance its driving safety, InVignal transmitted real-time traffic light status information. Two vehicle-to-everything (V2X) roadside units were also deployed to give alerts in case of potential collision. However, though these technologies allowed the bus to drive itself, two service personnel still manned it: a driver tasked to override mechanisms if anything went wrong, and an observer to take note of unique events on each ride.
The bus was powered by a Linux operating system that controlled it via Control Area Network (CAN) bus, while the GPU calculated how and when to accelerate and to brake. To further ensure public safety, the bus’s maximum speed was limited to 20 km/h. It then ran a 12.3-km route on a bus-exclusive lane from 12:30 to 2:30 a.m.
Some passengers who went on the scheduled rides reported that the bus accelerated smoothly and that it had no problem following the mostly linear and nearly empty bus lanes. The only time the driver took over was when the bus neared the traffic lights as the communication system showed all red lights for the rest of the route.
For some, the road bumps that became more apparent due to the limited speed were the most unpleasant part of the journey. In some instances, the bus would suddenly hit the brakes after it sensed cars in adjacent lanes. Hiccups such as these, however, are not unexpected, as the testing period is meant to check all issues — no matter how trivial they might seem — to fuel further improvements in the future.
Although the trial runs ended in February 2021, Turing Drive continues to develop autonomous driving platforms. In more recent news, Taiwan’s Ministry of Science and Technology (MOST) recently extended its support to Taiwan-based automakers in developing self-driving technologies.
Threats to connected vehicles involve some of the mechanisms that allow them to drive themselves and gather data from their surroundings. For example, there is a substantial amount of research focusing on the vulnerabilities in the CAN bus standard and its potential for transmitting malicious messages. Threat actors can also exploit potential pitfalls in the operating system of a self-driving bus to compromise its system, abuse default system configurations, jam radio transmissions, or conduct man-in-the-middle (MitM) wireless data transmissions.
In the meantime, there is still an opportunity to ensure the safety of connected vehicles on the road and protect them against imminent cyberthreats. VicOne, a prospective subsidiary of Trend Micro, leverages the cybersecurity leader’s 30+ years of industry expertise and recommends the following measures and solutions:
- Intrusion detection system and intrusion prevention system (IDPS) for CAN bus. Robust software-based security systems such as VicOne’s xCarbon provide superior detection of and protection against network attacks by detecting CAN bus traffic anomalies. With deep packet inspection, xCarbon detects and prevents any malicious attack from external traffic.
- Defenses for lidar and radar attacks. xNexus monitors a vehicle’s critical electronic control units (ECUs), including lidar and radar sensors. Once xNexus detects any suspicious behavior, it immediately alerts the vehicle security operations center (VSOC).
- Measures to protect the operating system. All autonomous vehicles rely on operating systems that need fortified defenses. VicOne’s xCarbon provides unparalleled hardening of connected car operating systems to protect them against threats.
- Proactive multilayer scouting. VicOne’s xZETA allows car OEMS and Tier 1 suppliers to discover known and unknown vulnerabilities and potential malware in the ECU to protect a vehicle against these before its market release.
To read more research on other possible vulnerabilities in connected vehicle design and learn best security practices, visit our resource center.