Author | Palace snow
Edit | Jingyu
In the era of the Internet of Everything, the margins between the virtual world and the real world are becoming more and more blurred, and the cybersecurity offensive and defensive wars are staged from time to time.
In the early years, the "Stuxnet" virus transmitted through usb flash drives attacked the control system of Iran's nuclear facilities, and through procedural orders, the centrifuges producing uranium were abnormally accelerated, resulting in the scrapping of centrifuges and the paralysis of Iranian nuclear plants.
More than 50 million user data leaks on Facebook were used to target voters in the 2016 U.S. presidential election, affecting the outcome of the election. This put Facebook in the grip of a data scandal, and since then it has been frequently exposed to user privacy leaks.
In addition to the big drama, the "voyeuristic" plot is also indispensable in the life drama.
A report on the owner's behavior created a joke that "Cadillac always runs to the bath center". In the "owner rights protection" incident, Tesla disclosed the owner's driving data without consent, triggering another round of privacy leakage questions.
Earlier, foreign hackers broke the news that before using Tesla's in-vehicle infotainment service, users must enter detailed personal information. This information is stored in the media control unit and manually destroyed by technicians after disposal, but still retains a large amount of user privacy data, including call logs, calendar items, home addresses, etc. The above media control units can be bought and sold at a par on the foreign trading website eBay.
In fact, a smart car equipped with rich sensors is a powerful remote data collection terminal, and when the car is as smart as the mobile phone, its data collection capabilities have surpassed the mobile phone.
In the digital world, technological developments present both opportunities and risks. The introduction of network connectivity and autonomous driving runs the risk of being controlled remotely; the generation and collection of large amounts of data is at risk of data misuse and leakage.
In the eyes of white hat hackers, the digital world, bits flowing around, risks from silicon to the cloud, smart cars know more secrets than you think.
Ordinary people have noticed the data security risks behind smart terminals, some people are like birds of fright, and some people are still grinning.
In the deep digital age of the Internet of Everything, you need to re-understand the "security" thing.
At the Geek Park Innovation Conference, exclusively sponsored by OPPO, Li Jun, who was invited to Las Vegas to meet with Elon Musk in Las Vegas for cracking Tesla's security loopholes, shared the safety risks and responses of smart connected cars.
Li Jun, founder & CEO of InuYasha Technology, shared the digital world through the eyes of white hat hackers at the Geek Park Innovation Conference 2022
Li Jun said that in the matter of protecting data privacy, user awareness and technical iteration are equally important.
Standing on the stage this time, Li Du has a new identity - the founder & CEO of Inuyasha Technology. Just two months after their inception, they are the youngest team at IF.
The following is the transcript of Li Jun's speech:
01 A problem that even Tesla can't solve
Network security is a process of offensive and defensive confrontation, and knowing how to attack is a necessary condition for good protection.
I am a cybersecurity researcher. In the past, my work experience was mainly in "attacking", thinking about how to sabotage all the time, in order to find various security vulnerabilities.
I would think from the perspective of a cyber attacker how to steal your privacy and control network terminals, such as smart door locks, cameras, connected cars and everything else with network communication and computing power, and even satellites. After finding the vulnerability, a defense plan will be proposed to increase the difficulty of the attack.
My team and I have studied the vulnerabilities of Tesla's connected cars and submitted them to them. Tesla officials thanked us and invited me to Las Vegas to meet with Elon Musk to exchange starlink and SpaceX cybersecurity defense plans.
Li Jun and Elon Musk
So, cybersecurity is a problem that even companies like Tesla can't solve on their own. It is a long-term and continuous process that requires security companies, communities, etc.
02 Traffic cops in the world of bits
The bit is the smallest unit of information expressed in the computer field. Whether it is a control instruction or a confidential document, it is represented by bits. Just as blood flow supports our bodies, the flow of bits supports a deeply digitally networked society.
Bits can be physically encoded, generated and used in smart devices, transmitted over media such as air, wire, and fiber. Network security to ensure that the activities of the bit are carried out according to the established rules, we are the traffic police in the bit world.
What does the digital world look like through the eyes of white hat hackers?
For example, if you're playing with your phone, they'll see that there are various chips inside your phone, and the phone is connecting to an outside base station or a Wifi hotspot inside the field via a wireless signal. This bit data stream is transmitted through the network to an IDC computer room, then through the backbone network to a base station on a distant mountain, and finally through wireless communication to another mobile phone, the other party received the message.
Based on this perspective, white hat hackers can see the risks of bits in the flow process, such as being hijacked, tampered with, stolen, etc.
People's daily lives have become hopelessly digitized, even moving towards automation at a rapid pace, relying on 7×24-hour network connectivity. At the same time, various technologies and concepts are changing rapidly, such as the metaverse that has recently been very popular. The development of new technologies and concepts all depends on the acquisition, transmission, processing, storage and utilization of data.
People don't know how much data they generate every day, what data will be recorded, and don't even notice the consequences of misuse.
For example, the user data of the foreign adult website Ashley Madison is very private and sensitive. After the data breach, users could not withstand the pressure of public opinion and finally chose to commit suicide. For example, the Internet outage in the United States and the "Stuxnet" virus incident in Iran, network attacks directly affect the normal operation of society. Facebook's user data is misused to influence voters' liking for a presidential candidate.
The boundaries between the online and physical worlds have become increasingly blurred. It's worth thinking about who is shaping who between people and the digital world they live in. The AI algorithms, machine learning models, and big data that Internet giants are proud of are serving.
Just as traffic management becomes more and more difficult with more roads and cars, digital applications and network connections become more abundant, and the speed of data generation and transmission continues to increase, so it is extremely challenging to do a good job in traffic management in the digital world.
03 Intelligent cars have become data acquisition terminals
The development of the industrial Internet has made network security have stronger industry attributes.
In the automotive sector, connected cars have introduced in-vehicle services that rely on network connections, generating increasingly rich data. The automation of connected cars requires people to hand over functions such as life-related vehicle steering, acceleration and deceleration to electronic control systems. Under the trend of sharing, the data generated and synchronized by car rental users in the car needs to be protected by privacy when changing users.
With the development of new energy vehicles, the charging piles on which electric vehicles rely have also been networked. In the theory of war, to attack a country or city, you must first blow up its traffic arteries and oil depots. Assuming that in the future, the whole society will drive electric vehicles, and once the charging pile network is attacked, the entire city will fall into traffic paralysis.
Technological developments bring both opportunities and risks. The introduction of network connectivity and autonomous driving will have the risk of being controlled remotely; the generation and collection of large amounts of data will have the risk of data misuse and leakage.
In fact, the cracking of automotive hardware and software has already begun. Around 2000, the purpose of cracking a car might have been to steal or modify performance parameters. The networking and automation of automobile development in recent years has made people pay attention to automobile safety again.
Tesla, BMW, and Mercedes-Benz have all had cybersecurity vulnerabilities, and can even remotely control the physical properties of cars such as switching, acceleration and deceleration, and steering.
Despite the danger of vulnerabilities, major Internet companies are still eager for smart cars, which is the epitome of the era of the Internet of Everything to grab data carriers. From the PC era to the mobile Internet era to the Internet of Things era, data and traffic are eternal themes.
Lee is at the Geek Park Innovation Conference 2022
Among the many device types, a smart car with rich sensors is a powerful remote data acquisition terminal. In addition to the vehicle's own operating data, there are entertainment system information, geographical location information, road environment data collected by the vehicle, and the car will even monitor human health in the future.
This year, Tesla has been banned from entering certain government units and even residential areas in China, and people's concerns about privacy leakage are intensifying. At the same time, many car companies claim to respect data privacy and collect data that is only used for driving decisions.
Taking conservative measures in uncertain circumstances is a wise choice.
04 In the era of deep digitalization, security from silicon to cloud
Traditional cybersecurity defenses are undergoing upgrades and iterations, and new security issues require new means of defense.
On the technical side, security controls from silicon to the cloud, from the chip level to the driver layer, os, and the entire cyberspace are required.
But this is not something that can be solved by technology alone, and the user's security awareness is also very important. Users can improve their security awareness in order to cooperate with technology to do a good job in network security and privacy protection.
Mobile phone is a fully developed industry, network security is also relatively mature, such as iPhone will fix its own security vulnerabilities in time, Apple's vulnerability response test management is also doing well. The cybersecurity risks facing the current booming automotive industry are more complex and in their infancy than mobile phones.
In addition to technical iteration and safety awareness, regulatory units are also introducing some relevant regulations, such as the "Intelligent Connected Vehicle Manufacturers and Product Access Management Guidelines (Trial)" stipulates how to transmit and store data, and the security response mechanism of manufacturers. This has prompted Tesla to establish its own operations center in China to store, process and leverage data generated in China.
At various stages of human development, the image and ability requirements for guardians are also different. From tribal leaders to policemen and soldiers, their weapons are constantly changing, from stones and swords to firearms and missiles.
There are tens of millions of digital channels, and network security is the first. With the advent of the deep digital age, cyberspace needs stronger guardians and evolving defensive weapons.
This article is the original article of Geek Park, please contact Geek Jun WeChat geekparker for reprint.