Inside the fight to keep hackers out of your driverless car

One day in the future, you might be riding in a self-driving car and find yourself in this scenario: you approach a set of train tracks when the vehicle stops and the engine turns off.

The electric windows disable and the doors lock. A message from hackers appears on the dashboard: there's a train approaching; you better pay us a ransom.

That's one of the nightmare scenario researchers at MCity, the University of Michigan's autonomous vehicle center, described in a new report on the cybersecurity risks of autonomous vehicles.

The researchers also caution unscrupulous mechanics could trigger a vehicle's maintenance alerts to charge customers for unnecessary maintenance.

Although self-driving cars promise to eliminate human error and could cut down on crashes, the technology is far from perfect.

"Cybersecurity is an overlooked area of research in the development of driverless vehicles," said authors Andre Weimerskirch and Derrick Dominic in the report. "Even though many threats and vulnerabilities exist, and more are likely to emerge as the technology progresses to higher levels of automated mobility."

Researchers warn that it's impossible to track how many threats each self-driving application and component faces. When it comes to hacking, playing defense is tougher than being on offense. One mistake could compromise an entire system.

Earlier this year, a separate team of University of Michigan cybersecurity researchers showed how adding a small decal to a stop sign could confuse an autonomous vehicle into thinking it was actually a speed limit 45 mph sign.

"We know that computers are insecure and that we cannot build these systems without vulnerabilities," cybersecurity expert Bruce Schneier told CNN Tech. "So as we build autonomous systems that affect the world in a direct, physical manner, we risk bad actors [accessing] it. We risk glitches and errors causing physical harm."

This means we could be trading human error — such as distracted driving — for machine errors. But the autonomous vehicle industry is so new that it's near impossible to know how many lives could be lost to these errors.

Automakers and tech companies say they won't deploy the new technology until it's sufficiently safe.

In the report, the Michigan researchers offered a formula for assessing cybersecurity threats. They believe that a standardized approach to gauging trouble will speed the industry's development.

The U.S. Department of Transportation has encouraged autonomous vehicle makers to publish a safety assessment, including cybersecurity. But it's not required.

"In effect, we are their human guinea pigs and there is no federal regulation to ensure our safety," said John M. Simpson, director of the Consumer Watchdog's Privacy and Technology.

The Rubik's Cube solver runs in your web browser and it finds the solution for your puzzle in seconds.