Cybersecurity Threats to Flying Taxis

How Safe will Flying Taxis and Self-Driving Vehicles be from Cyber Attacks?

How Safe will Flying Taxis and Self-Driving Vehicles be from Cyber Attacks?

Flying taxis are soon to become reality. Dubai started testing taxi drones last year. The Volocopter is supposed to provide transportation for two passengers for up to 30-minute trips. The Volocopter and other flying taxis are supposed to publicly launch within five years. What are the cybersecurity risks associated with autonomous flying vehicles?

Alpine Security's Christian Espinosa, also a professor at Maryville University, was interviewed by ZDNet about his thoughts on cybersecurity and flying taxis.

Here's the full interview:

1) If flying taxis happen, what kind of cybersecurity threats could occur? 

Besides attacks that require physical access, such as access to a USB port, console, etc., the biggest threats will be attacks via wireless communications.  Flying taxis will need to communicate many items wirelessly, such as position, speed, direction, altitude, etc.  Existing communications methods for these items have many vulnerabilities, primarily dealing with message integrity and authentication. Without message integrity and authentication, it is feasible to intercept and tamper with messages or spoof devices, such as taxis, the taxi dispatch system, etc. 

This problem exists today with taxis, but is less critical. Today, with a taxi, you don't have to worry about a collision with another vehicle above or below you. You also don't have to worry about flying drones, birds, or other aerial objects. Accuracy of taxi position with flying taxis drives the need for message integrity and authentication. A mid-air collision between several taxis due to falsified position data being sent to each taxi with the intent of causing a collision can be fatal. Message integrity and authentication will reduce this risk.

2) How do these compare to threats against airplanes or self-driving cars? 

The flying taxi threats are also applicable to airplanes, but are amplified with flying taxis, due to the sheer number of possible flying taxis in metropolitan areas, such as New York City or Dubai.  The aviation industry has also been around for a long time. During this time, many mistakes were made, and many lessons learned, all improving aviation safety. There will be a learning period with flying taxis and self-driving cars where many mistakes will occur, resulting in fatalities. 

Airplanes and the aviation industry are highly regulated by many organizations, such as ATC, the FAA, DHS, and EASA. How are flying taxis going to be regulated? Will it be feasible for a passenger to car-jack a flying taxi and fly it into a building or a stadium? Will the systems on a flying taxi be protected from passengers, such as the flight deck of a commercial aircraft?

Self-driving cars have similar threats to flying taxis, in regard to the wireless communications.  Self-driving cars must have accurate positioning, similar to flying taxis. Self-driving cars are less risky though compared with flying taxis, because they are limited to the ground.

The full ZDNet article, containing excerpts of Christian's interview, can be found HERE.

Christian Espinosa Bio

Christian, getting some air in Badwater

Christian Espinosa is the CEO and Founder of Alpine Security and a Professor at Maryville University. He has worked as a Network & Systems Engineer, a White Hat Hacker, a Trainer, a Consultant, and an Entrepreneur in the cybersecurity industry since 1993.  He has held over 20 industry certifications, including the CISSP, CISA, LPT, ECSA, PMP, CCSP, etc.  He is a veteran of the United States Air Force and holds a BS in Engineering from the U.S. Air Force Academy (USAFA) and an MBA in Computer and Information Management from Webster University. He also holds multiple patents on cybersecurity attack and defense simulation. Some of the major recent projects Christian has worked on include penetration testing and security assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and races ultramarathons and Ironman triathlons.