A review of smart vehicles in smart cities: Dangers, impacts, and the threat landscape

The humble, mechanical automobile has gradually evolved into our modern connected and autonomous vehicles (CAVs)—also known as “smart vehicles.” Similarly, our cities are gradually developing into “smart cities,” where municipal services from transportation networks to utilities to recycling to law enforcement are integrated. The idea, with both smart vehicles and smart cities, is that more data leads to better, more informed decisions. Smart vehicles and smart cities would acquire data from their own equipment (e.g., cameras, sensors) and from their connections—e.g., connections to fellow smart vehicles, to road-side infrastructure, to smart transportation systems (STSs), etc.

Unfortunately, the paradigm of smart vehicles in smart cities is rife with danger and ripe for misuse. One vulnerable system or service could become an attacker's entry point, facilitating access to every connected vehicle, device, etc. Worse, smart vehicles and smart cities are inherently cyber-physical; a cyberattack can have physical consequences, including destruction of infrastructure and loss of life. Lastly, to leverage all the benefits of smart vehicles in smart cities, we would need to accept exorbitant levels of data collection and surveillance, which, in the absence of ironclad privacy protections, could lead to total lack of privacy.

In this work, we define the automotive context—i.e., smart vehicles—within the larger context of smart cities as our threat landscape. Then, we enumerate and describe all of the (1) threats, (2) attack surfaces & targets, (3) areas of concern (indirect vulnerabilities & threats), and (4) impacts of smart vehicles in smart cities. Our objective is to demonstrate that the dangers are real and imminent—in the hope that they will be addressed before an attack on the “smart vehicles in smart cities” paradigm results in loss of life.