A recent Twitter conversation got me to thinking (a dangerous pastime, I know) about the security of autonomous vehicles, especially unattended “robotaxi” type vehicles.
an autonomous car can’t be stolen @elonmusk
— Whole Mars Catalog (@WholeMarsBlog) March 28, 2021
My friend Omar was saying they can’t be stolen, and a debate with a variety of intelligent and polite people happened (a rarity on the internet these days, but it’s something I find among Tesla owners and fans more often than elsewhere). I took the “red team” approach and put myself in the thief’s shoes, imagining ways that they’d steal a robotaxi. Others argued for or against their relative security, bringing up great points from cybersecurity, economics, and other disciplines. It was actually a good time!
With the discussion over, we all walked away with some great ideas for locking the vehicles down and preventing their theft, but this is a discussion that needs to happen more broadly as these vehicles slowly come closer to being a reality. I’m going to cover some of the things we figured out in this conversation and hopefully both in the comments here and on Twitter, we can continue figuring out ways to secure autonomous vehicles.
In this article, I’m going to cover why this is even a problem, and in the second part, I’m going to cover ways we might be able to stop the thieves.
Why Would Someone Want to Steal a Robotaxi?
A few people in the conversation didn’t think there was any financial motivation to steal an autonomous vehicle. I get where they’re coming from, as the whole vehicle could never prove very useful after stealing it. It would be kind of like stealing Herbie (The Love Bug). You’d have a car in your possession that doesn’t want to do anything for you unless you figured out how to hack it and make it do your bidding. Even then, make one small mistake in the hacking process and it will phone home and rat you out. Even if you prevent all that, you won’t be able to register or insure it, and the next time it gets pulled over, the police will take it back.
The obvious alternative for thieves is to part the vehicle out. Today, stolen vehicles often end up in a “chop shop,” where the vehicle is dismantled and parts sold off. At present, a Tesla’s battery pack is worth at least $20,000, so certainly someone would pay you at least $10,000 for the stolen pack. Even if the pack is locked down and can’t be put in another Tesla, the battery cells and modules themselves are still worth thousands of dollars if you can find someone to fence them off to. The rest of the vehicle can all be sold off for spare parts for other Teslas. Anything not serialized can easily be sold on eBay or in person to people repairing the vehicles, and they’ll never know that they’ve purchased a stolen part from the fence.
The car theft industry, chop shops, etc. are already very well established, so we can count on them trying to find ways to steal autonomous vehicles and make money.
How Would You Steal an AV?
It doesn’t take a lot of imagination to think of ways someone could steal an autonomous vehicle. Unlike stealing a vehicle from a driveway or parking lot, robotaxis give thieves an opportunity to “choose the field of battle” (this is something both Sun Tzu and Gen. George S. Patton recommended you never let an enemy do). If you can get on an app and summon a robotaxi to the place of your choosing, you can set up a nasty trap for the vehicle.
First off, it’s not hard to falsify your identity for an app. Using a burner phone, a thief can use a fake or stolen identity as well as fake, pre-paid, or stolen credit card information to hail a robotaxi. That way, once the vehicle is missing, it will be difficult or impossible to determine who summoned it for a ride before it disappeared. Upon arrival, the thief can have a mask over their face to continue concealing their identity during the initial part of the theft.
Once the vehicle arrives, you’d need to cover the cameras and cut radio communications. The cameras could be disabled by either spray painting over the cameras or putting a tarp over the vehicle. For safety reasons, the vehicle will likely no longer move once the cameras are covered (but it would probably send a distress signal). Once cameras are disabled, the thieves can disable further transmissions in a variety of ways. A jammer could be used from the get go, or a Faraday cage (built from chicken wire and wood, or aluminum foil) could be lowered over the vehicle. The vehicle could be pushed into a shipping container on a truck (this blocks the signal). Or, the thieves can disconnect the battery to prevent transmissions. Or, a mixture of the above could be done to get the vehicle on a truck and gone as soon as possible (initially jam it, then disconnect power, etc.).
The vehicle’s owner or operator would still know the last known location of the vehicle, but by the time police arrive, the vehicle would be long gone, with dismantling in the unknown chop shop already underway.
How Do We Prevent This?
Just like regular vehicles, we won’t be able to completely eliminate the theft of autonomous vehicles. It will always be a cat and mouse game, where owners/operators lock down a vulnerability and then thieves find ways/methods around them.
The first thing we need to keep in mind is that you can’t always play defense against thieves. They’ll eventually find creative ways around any barrier we throw in their path. Chip keys, radio transponders, and everything else we’ve tried hasn’t eliminated automotive theft.
The key will be to take a multi-angled approach against the thieves, using not only physical and software defenses, but also subterfuge and counter-offensive tactics to up the risk level and discourage the theft of AVs. In the second part of this two-part series, I’m going to cover this in greater detail.
Featured image: a screenshot from a Tesla presentation about using autonomous vehicles on the Tesla Network.