Incident: Driverless Car Handbrake Software Vulnerability Leads to Catastrophic Crashes

Published Date: 2017-11-28

Postmortem Analysis
Timeline 1. The software failure incident mentioned in Article 65699 happened last year when the author was being explained about their new car. 2. Published on 2017-11-28 3. Estimated timeline: The incident likely occurred in 2016.
System 1. Handbrake software 2. Switch controlling a powered brake 3. Battery power system [65699]
Responsible Organization 1. The manufacturer who replaced the traditional manual handbrake with a switch controlling a powered brake dependent on battery power and software [65699].
Impacted Organization 1. Drivers and passengers of "driverless" cars [65699]
Software Causes 1. The software vulnerability that allowed the handbrake software to be hacked and switched on while the car was moving fast, leading to a catastrophic crash [65699].
Non-software Causes 1. Lack of a traditional manual handbrake as a last resort for stopping the car [65699] 2. Dependence on battery power for the powered brake system [65699] 3. Lack of graded response in the handbrake system, leading to it being either fully on or off [65699] 4. Concerns about the potential catastrophic consequences if the handbrake software was hacked and activated while the car was moving fast [65699] 5. Uncertainty about the implications of a flat battery on the system [65699]
Impacts 1. The software failure incident led to the removal of the traditional manual handbrake in favor of a switch controlling a powered brake, which is dependent on battery power and software [65699]. 2. The absence of the manual handbrake as a last resort for stopping the car raised safety concerns and eliminated a critical emergency measure [65699]. 3. The potential risk of catastrophic crashes if the handbrake software was hacked and activated while the car was in motion was highlighted, indicating a significant safety impact [65699]. 4. The lack of graded response in the handbrake software, where it is either fully on or off, further exacerbated the safety implications of the software failure incident [65699]. 5. Concerns were raised about the scenario where the battery powering the software goes flat, raising questions about the reliability and resilience of the system [65699].
Preventions To prevent the potential software failure incident described in the article regarding driverless cars and the handbrake software vulnerability, the following measures could have been taken: 1. Implementing robust cybersecurity measures to prevent hacking of the handbrake software [65699]. 2. Conducting thorough testing and validation of the handbrake software to ensure its reliability and security [65699]. 3. Designing the handbrake software with fail-safe mechanisms to prevent catastrophic crashes in case of unauthorized activation [65699]. 4. Providing adequate training and guidelines to users on the proper use of the handbrake software to minimize the risk of misuse or accidents [65699].
Fixes 1. Implementing robust cybersecurity measures to prevent hacking of the handbrake software [65699]
References 1. Professor Martyn Thomas (Letters, 27 November) - [Article 65699]

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown The article does not provide information about the software failure incident happening again at either one_organization or multiple_organization. Therefore, the answer is 'unknown'.
Phase (Design/Operation) design, operation (a) The article mentions a potential software failure incident related to the design phase. It highlights the concern that the handbrake software in "driverless" cars could be hacked and switched on while the car is moving fast, leading to a catastrophic crash. This indicates a failure due to contributing factors introduced by the system development or updates, specifically in the design of the software controlling the handbrake [65699]. (b) The article also touches upon a potential software failure incident related to the operation phase. It mentions the salesman advising not to switch on the handbrake when moving except in an extreme emergency, emphasizing that the handbrake software has no graded response and is either on or off. This points to a failure due to contributing factors introduced by the operation or misuse of the system, where incorrect operation of the handbrake software could lead to safety issues [65699].
Boundary (Internal/External) within_system, outside_system The software failure incident mentioned in Article 65699 discusses the potential risks associated with the switch from a traditional manual handbrake to a powered brake controlled by software in "driverless" cars. The incident highlights the concern that if the handbrake software were hacked and switched on while the car was moving fast, it could lead to a catastrophic crash. This scenario points to a failure that could be classified as within_system, as it involves a vulnerability within the software system of the car itself [65699]. Additionally, the article raises questions about the dependency of the powered brake on both battery power and software, indicating potential risks associated with external factors such as battery failure [65699].
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: The article mentions a scenario where the handbrake software in driverless cars could be hacked and switched on while the car is moving fast, leading to a catastrophic crash. This highlights a potential software failure incident caused by non-human actions, specifically a hack on the software controlling the handbrake system [65699]. (b) The software failure incident occurring due to human actions: The article does not explicitly mention any software failure incident caused by human actions.
Dimension (Hardware/Software) hardware, software (a) The article mentions a potential software failure incident related to hardware. It discusses the concern that the handbrake software in driverless cars, which depends on both battery power and software, could lead to catastrophic crashes if hacked or switched on while the car is moving fast. This highlights the interaction between hardware (battery power) and software in the context of safety risks in the automotive industry [65699].
Objective (Malicious/Non-malicious) malicious The software failure incident mentioned in Article 65699 discusses the potential risk of a driverless car's handbrake software being hacked, leading to a catastrophic crash. This scenario falls under the category of a malicious software failure incident as it involves the intentional manipulation of the software by external parties to cause harm ([65699]). Additionally, the concern raised about the handbrake software being vulnerable to hacking while the car is in motion indicates a deliberate attempt to exploit a security vulnerability for harmful purposes.
Intent (Poor/Accidental Decisions) poor_decisions The software failure incident mentioned in Article 65699 highlights concerns related to poor_decisions. The decision to replace the traditional manual handbrake with a switch controlling a powered brake, which depends on both battery power and software, raises issues regarding safety and potential catastrophic crashes if the handbrake software is hacked or switched on while the car is moving fast. Additionally, the salesman's warning about the handbrake having no graded response and being either on or off indicates a potential flaw in the design decision ([65699]).
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The article mentions a potential software failure incident related to development incompetence where the handbrake software in driverless cars could be hacked and switched on while the car is moving fast, leading to a catastrophic crash. This highlights the importance of caution in introducing driverless cars due to the critical role software plays in the functioning of modern vehicles [65699]. (b) The article also touches upon the accidental aspect of software failure incidents by mentioning the concern of what happens if the handbrake software is accidentally switched on while the car is moving, emphasizing the lack of graded response in the system. This accidental activation could lead to unexpected and dangerous consequences, indicating a potential failure scenario introduced accidentally [65699].
Duration temporary The article discusses a potential software failure incident related to driverless cars where the handbrake software could be hacked, causing a catastrophic crash if switched on while the car is moving fast. This scenario suggests a temporary software failure incident where the contributing factor is the hacking of the software under certain circumstances, not a permanent failure introduced by all circumstances. The article highlights the concern about the handbrake software vulnerability to hacking, indicating a specific circumstance leading to the potential failure ([65699]).
Behaviour crash, omission, other (a) crash: The article mentions a scenario where if the handbrake software was hacked and switched on while the car was moving fast, it would "crash catastrophically" [65699]. (b) omission: The article highlights a concern about the new handbrake system in cars, where the traditional manual handbrake has been replaced with a switch controlling a powered brake. The handbrake was considered the last resort when there was no other means of stopping a car. With the new system, the traditional handbrake function is omitted, raising concerns about the lack of a graded response in emergency situations [65699]. (c) timing: The article does not specifically mention any failures related to timing. (d) value: The article does not provide information about failures related to the system performing its intended functions incorrectly. (e) byzantine: The article does not mention any failures related to inconsistent responses or interactions. (f) other: The other behavior described in the article is the potential catastrophic consequences of the handbrake software being hacked and switched on while the car is in motion, which was not a typical scenario with the traditional manual handbrake [65699].

IoT System Layer

Layer Option Rationale
Perception embedded_software The software failure incident mentioned in Article 65699 is related to the embedded software layer of the cyber-physical system in driverless cars. The article highlights concerns about the switch controlling a powered brake, which depends on both battery power and software. Specifically, it mentions the risk of catastrophic crashes if the handbrake software is hacked and switched on while the car is moving fast. This incident falls under the category of failure due to contributing factors introduced by embedded software error.
Communication unknown The software failure incident mentioned in the article does not specifically address whether the failure was related to the communication layer of the cyber physical system that failed. The focus of the article is on the potential risks and concerns associated with the introduction of "driverless" cars, particularly related to the handbrake system being controlled by software and the implications of a potential hack on the handbrake functionality. Therefore, the information provided does not directly relate to the communication layer failure within a cyber physical system.
Application TRUE The software failure incident described in Article 65699 is related to the application layer of the cyber physical system. The incident involves a potential catastrophic crash scenario if the handbrake software is hacked and switched on while the car is moving fast, indicating a failure due to contributing factors introduced by software vulnerabilities ([65699]).

Other Details

Category Option Rationale
Consequence harm, theoretical_consequence (a) death: The article does not mention any deaths resulting from the software failure incident. (b) harm: The article discusses the potential catastrophic consequences of a software failure in driverless cars, such as crashing catastrophically if the handbrake software was hacked and switched on while the car was moving fast, which could physically harm individuals [65699]. (c) basic: The article does not mention any impact on people's access to food or shelter due to the software failure incident. (d) property: The article does not mention any impact on people's material goods, money, or data due to the software failure incident. (e) delay: The article does not mention any delays caused by the software failure incident. (f) non-human: The article does not mention any impact on non-human entities due to the software failure incident. (g) no_consequence: The article does not mention that there were no real observed consequences of the software failure incident. (h) theoretical_consequence: The article discusses potential consequences of the software failure incident, such as the catastrophic crash if the handbrake software was hacked and switched on while the car was moving fast, but it does not mention that these consequences actually occurred [65699]. (i) other: The article does not mention any other specific consequences of the software failure incident.
Domain transportation (a) The failed system in the article was related to transportation as it involved driverless cars and the software controlling the handbrake system in vehicles [65699].

Sources

Back to List