Today's self-driving cars rely on spinning sensors called lidar that can cost more than $10,000 each. But it took Jonathan Petit just $43 and a laser pointer to confuse and defeat them.

"Anybody can go online and get access to this, buy it really quickly, and just assemble it, and there you go, you have a device that can spoof lidar," Petit, a cybersecurity expert, told Business Insider.

Google, Tesla, and major automakers are racing to build fully autonomous cars, creating a future where many won't need to own a vehicle — where the young, old, and disabled can get around more easily — and transforming the way we live. One day they could dramatically reduce the roughly 30,000 annual deaths from crashes.

But until we get there, carmakers have to ensure that clever hackers — and those less benevolent than Petit — can't cause the cars to go haywire.

Tricking the sensors

Two lidar systems on top of a Ford. Screenshot via YouTube

When Petit was growing up in France in the 1980s, cars were simpler machines, disconnected from the outside world.

Petit's parents owned a restaurant in France, and whenever they had a good season, his dad would use the opportunity to buy a car. One was a Citroen DS that bounced on its hydraulic suspension, a technologically advanced feature at the time.

"When you think about the old times, there's nostalgia about it," he said. "You always think about, 'Aw yeah, that was a cool time, and you can feel the road.' Yeah, I think that was nice. I really loved that car."

Despite growing up around cars, Petit didn't start devoting all his time to making cars resistant to malicious actors until much later.

Petit began extensively studying automotive cybersecurity as a doctoral student at Paul Sabatier University in France in 2007. However, it was during his postdoc research at the University of California at Berkeley, working with its Partners for Advanced Transportation Technology, that he became more interested in the hacking risks for self-driving cars.

Google's self-driving car. Business Insider Then in 2015, two hackers — Charlie Miller and Chris Valasek — took control of a Jeep Cherokee's UConnect system, an internet-connected computer feature that controls everything from the car's navigation system to a driver's ability to make calls.

From a couch 10 miles west of the highway, the two were able to toy with the car's air conditioning, blast the radio, activate the windshield wipers, and ultimately cut its transmission. Fiat Chrysler Automotive recalled 1.4 million vehicles to install anti-hacking software after the demo.

As Petit puts it, the demonstration highlighted the importance of automotive security. Now hackers could gain access without even leaving the couch. Prior hacking demonstrations required researchers to be connected directly to the car's dashboard.

"When they did the hack remotely, that was like, 'Wow, that's interesting.' Now it's not just looking at having physical access" to the car, he said. "It's scary when you start to have remote attacks."

When Petit attacked the lidar, he became one of the first researchers to show how easy it is to hack self-driving cars' sensors. He was able to trick a sensor into thinking objects were there when they weren't, and vice versa.

"So here, you can think that the potential consequence of an attack like this could be 'I tried to crash you into a vehicle ahead of you because I'm telling you there is no object here,'" he said. "So I'm making [the sensors] blind, and now your system thinks it's free."

But that kind of hack can have other consequences, too. The car could see an obstacle that isn't there and change lanes to get away from it. That maneuver, designed to keep passengers safe, could disrupt traffic. It could also cause the car to go off course.

"So now you've changed the path of the vehicle by doing this, that's also an impact, which means that then the risk could be 'I'm sending you to small street to stop you and rob you or steal the car,'" he said.

A self-driving Uber used for the Pittsburgh pilot. Uber

Petit not only tricked the lidar system that self-driving cars use, but he also was able to blind the cameras they rely on by using different LED lights. If the car feels it can no longer operate safely because its cameras have been disabled, it could stop entirely, leading to those same kind of problems.

It's important to take these scenarios with a grain of salt. As Petit said, self-driving cars are built with redundant sensor systems, meaning they have multiple cameras and sensors in case one were to fail.

For example, the self-driving cars Uber is using for its Pittsburgh pilot have 20 cameras and several radar sensors to provide 360-degree coverage.

That means even if a hacker compromises one or even a few sensors on a self-driving car, the car may still be able to pull enough information from the ones that are operating effectively to continue driving safely.

But it also depends on when an attack occurs. For example, a self-driving car at night might be programmed to rely more on its lidar system since the cameras can't see as well in the dark, Petit said. If a hacker were to then spoof the lidar, the sensors don't have as much data to fall back on, and it could put the car and its passengers in a dangerous situation.

"Even if you're thinking, 'With just my sensors, I'm secure,' this is not true," he said.

Exploiting communication channels

Petit has conducted other research highlighting how vulnerable self-driving cars are to hacks even beyond sensor vulnerabilities.

In 2011, when Petit was a senior researcher at the University of Twente in the Netherlands, he set up equipment that could pick up the signals cars were sending one another and send them to a laptop. These "sniffing stations" were able to locate a security vehicle within a given residential or business zone on campus with 78% accuracy. Petit could then narrow that down to individual roads with 40% accuracy.

Those sniffing stations were able to track cars by taking advantage of vehicle-to-vehicle, or V2V, communication.

V2V communication is something automakers are starting to use in cars today, like the 2017 Mercedes E-Class. The communication channel allows the cars to talk to other cars on the road to relay data on traffic flow, accidents ahead, or poor weather. It can then be used to send alerts to the driver so they can change their course if things look bad up ahead.

Some automakers are exploring using V2V for self-driving cars because the cars can use the data to navigate more safely without relying exclusively on their sensors to see obstacles like traffic jams.

The cars won't send personally identifying information, but the data, like GPS locations, are sent to other vehicles unencrypted.

But as Petit showed by setting up sniffing stations, hackers could track the data being sent to other vehicles to see their whereabouts.

Traffic lights in Shanghai. REUTERS/Carlos Barria Petit said he spent roughly $500 on the sniffing stations he used to track the security vehicles around campus. But he said the price of the equipment is rapidly dropping.

For this experiment, Petit set up two sniffing stations at two busy intersections where they were small enough to sit undetected. Naturally, adding more sniffing stations to different areas would improve accuracy. But even with limited information, Petit could track a security guard's whereabouts in real time.

Self-driving cars could rely on these types of communication channels, meaning if they're not secured properly, hackers could easily track the locations of passengers.

Audi recently implemented the first vehicle-to-infrastructure, or V2I, system, in which some Audi cars can talk to traffic lights to see when the light will change.

The government is actually proposing that all new cars and light trucks be built with V2V communication abilities.

"Privacy is also protected in V2V safety transmissions. V2V technology does not involve the exchange of information linked to or, as a practical matter, linkable to an individual, and the rule would require extensive privacy and security controls in any V2V devices," the National Highway Traffic Safety Administration wrote in a press release about the proposal.

Standards have been put in place to secure messages sent via V2V communication and make cars less prone to location tracking.

Justin Cappos, a systems and security professor at New York University who specializes in automotive cybersecurity, told Business Insider he worries about the risks associated with relying on V2V and V2I communication channels.

"Anytime you open a new communication channel, you raise the risk that bad guys could use that to get in. Both of those scare me a lot," Cappos told Business Insider.

Cappos is part of an NYU project that was awarded $1.4 million from the Department of Homeland Security "for the development of technology that can help defend government and privately owned vehicles from cyberattacks."

He said cars today already have "10 to a dozen different channels" the hackers can exploit. But the worrisome bit is that the number of channels is growing and that they're being connected to "fairly complicated parts of machinery in the car" over time.

"When you have a lot of complexity, then it does certainly have the potential to affect the likelihood of being hacked," he said. "As long as people design them well, which is often not the case, it's easier to secure something."

Finding solutions: 'A tricky line'

An Uber self-driving vehicle climbs a hill in San Francisco. Uber

Securing self-driving cars comes at a price, and it's a matter of how much automakers are willing to pay.

From a hardware perspective, automakers can add more sensors so that if one were compromised, there are others to take over, Petit said.

But most automakers are looking to trim redundant sensor systems to cut down on cost.

Uber is looking to eventually use Volvo XC90 cars integrated with self-driving tech instead of the Ford Fusions currently being used in Pittsburgh. (Uber launched a pilot program in San Francisco this week that uses the Volvo XC90s, but it could face legal action from the Department of Motor Vehicles for not obtaining an autonomous car permit for them.)

Eric Meyhofer, the engineering lead at Uber ATC, said at the Pittsburgh pilot media event that the Volvo XC90 would come with fewer cameras.

"The system, functionally, is as good or better in every regard, but we make it smaller," he said of the Volvo. "It has smaller lasers — it's the next generation of laser. It has fewer cameras, but not less functionality."

Uber declined to comment for this story.

Petit said that when it comes to tough decisions, carmakers generally choose to save money.

"In the automotive space, just 10 cents off a dollar is kind of like a no-go," Petit said. "It's a tricky line here."

Cappos said we're seeing the tension between cost and security play out today, as was the case when Miller and Valasek were able to exploit UConnect to control the car's internal computer network.

The Jeep hack is far from the only example of vulnerabilities in connected cars, but Cappos' point is that automakers are adding more computers to control different features in cars without thinking critically about securing the network.

"Slowly over time, we've added more and more computers with not enough attention made to security and what all that means," Cappos said. "In many cases [automakers] made decisions that minimized the wiring and the cost this would incur.

"I think what happened was they weren't as worried about it. They were worried about other things like cost."

Petit also said he fears automakers are seeing security as an afterthought.

"I indeed have the unfortunate feeling that they look at security as an add-on, which is a problem," he said. "You should use this opportunity to have security by design and not doing it after thought."

Lyft, FCA, Ford, Daimler, Tesla, and BMW also declined to comment on their cybersecurity measures for self-driving cars.

Some provided details about how they're addressing security in cars today that could have implications for self-driving cars of the future.

A BMW spokesperson wrote in a statement to Business Insider that communication between vehicles and the outside world "always takes place by means of a back end" operated by BMW to ensure privacy.

A Ford spokesperson wrote in a statement that its hardware has "built-in firewall and white-listed" functions to separate its entertainment systems from the vehicle controls. That would reduce the likelihood of an attack similar to the Jeep Cherokee one.

An FCA spokesperson wrote in an email that it has a bug bounty program to provide financial rewards when hackers disclose vulnerabilities.

Tom Wilkinson, General Motors' communications manager for cybersecurity and safety, said in a phone interview that GM is investing heavily in making its "connected ecosystem" safer to secure its future self-driving cars.

"I don't think cybersecurity becomes a concern only when you have autonomous vehicles or automated driving controls," he said. "We look at these as an extension of what we're doing in the connected car."

Wilkinson said the cybersecurity team for connected-car products consists of 80 people with backgrounds ranging from mathematics to cryptology. GM also works with HackerOne to provide a bug bounty program for third-party hackers who find vulnerabilities.

Self-driving cars are still in their early days, meaning there's still plenty of time for automakers to ensure the cars are secure by design. But players in the self-driving car space will need to consider these risks early to avoid a situation, like the Jeep hack, in which the cars are already on the road.

Some steps have already been taken.

The NHTSA released cybersecurity guidance at the end of October about making automobiles more secure.

Additionally, the Automotive Information Sharing and Analysis Center was created in July 2015 so automakers can share their cyberthreats to address vulnerabilities more quickly.

But Petit said more needs to be done in the design phase to make cars more secure.

"It's a pity that the security community has the feeling that you need to be the bad guy to force them to wake up," Petit said. "I cannot say that I have cracked the formula to get them to do it."