German guys "black" 25 Teslas in 13 countries, "cloud car theft" will become possible?
Data Ape
2022-01-14 15:02:47
Recently, a 19-year-old German boy named David Colombo actually "hacked" 25 Tesla cars. Moreover, these cars are distributed in 13 countries.
Let's first look at what happened.
On January 11, David Colombo, a 19-year-old young hacker from Germany, suddenly tweeted that he had achieved remote control of more than 20 Teslas in 10 countries.
(Translation: Now, I have full control of 20 Teslas from 10 countries, and I can't find those owners and notify them yet.) )
Soon after, that number quickly increased to 13 countries and more than 25 Teslas.
(Translation: I can now remotely control more than 25 Teslas in 13 countries without the knowledge of car owners.) This includes disabling sentry mode, opening doors/windows, and even starting keyless driving. )
Judging from the news released by David Colombo, there are two points worth paying attention to. The Tesla cars he controls are not clustered in specific areas, but are widely distributed in 13 countries. This is quite interesting, and it fully demonstrates the "borderless" nature of the Internet.
Another point that needs attention is the operation that can be carried out by "black" Tesla.
Some operations are innocuous, such as activating the speaker system, which has no real impact other than pranks. But David Colombo's ability to control Tesla to perform a series of action-effective operations, opening doors and starting keyless driving is no simple prank.
This got me thinking of a bad thing – stealing a car.
The graph is derived from the network
After the internet of the car, it will inevitably introduce the fragility of the network. Hackers use the network to take control of cars, and this risk is always there. All we can do is heal the headache and heal the foot. When a security risk is exposed, the loophole is plugged. But there will always be vulnerabilities that have not yet been discovered. Think about the Windows system, which has been released for decades, and still bursts out a vulnerability from time to time.
The risk of the Internet of Vehicles has always existed, but there has not yet been a large-scale security incident, so it has not attracted attention. The picture of the villain operating hundreds of "zombie cars" in science fiction movies is only stuck in the movie, and has not yet entered reality.
The reason why there has not yet been such a vicious event in the movie is that it must not be also, but not for it. It's not that hackers can't do it, it's just that there's not a good reason to do that yet.
In the movie "Fast and Furious 8", the car is hijacked by hackers and remotely controlled
Remotely control the car and create traffic accidents, which is typical of harming others and harming themselves. Hackers themselves will not get much benefit, and they will also be involved in criminal cases, which is very uneconomical. So, in reality, few hackers dare to do this.
But what about a different way of thinking? Remotely controlling a car is not to create a traffic accident, but to take the vehicle for yourself? A car is worth hundreds of thousands of dollars, and for many hackers, this is a risk worth taking.
According to statistics, the rate of car theft in China in recent years has been decreasing year by year. Why didn't you steal the car, was it the thief's conscience that found out? Non also. For car thieves, whether they steal or not depends entirely on the trade-off between benefits and risks.
Car theft cases have decreased, in addition to the anti-theft technology upgrade of the car itself, cameras throughout the city have also played a key role. The footage of the thief stealing the car is likely to be captured by the camera. Even if the car theft is not seen, it will inevitably be photographed by a nearby camera during the entire driving process of the car. In addition, the car is bound to the identity of the owner. Stolen vehicles are easier to spot and therefore less likely to sell. In short, the benefits of car theft have become lower, but the risk has increased, so there are fewer car theft cases. It is not the thief's conscience that has discovered that he has renounced evil and followed the good.
What if the thief could drive the car away by remote control without showing up? Compared with the original offline car theft method, this online car theft method can achieve higher returns and lower risks, which we temporarily call "cloud car theft". Although this method is also difficult to change the problem of the car and the owner's identity binding, it at least solves the trouble of being photographed by the camera when stealing the car offline. Stolen vehicles, even if the whole vehicle is difficult to sell, there will be people who would rather dismantle high-value parts and sell for money. Alternatively, thieves can drive the car to no camera and steal valuables from the car by remotely maneuvering it.
In the past, a thief could only steal one car at a time, and each time he had to step on it in advance, get familiar with the surrounding environment, and find the right time to commit the crime. This set of processes will take a lot of effort even if it is very smooth. "Cloud car theft" is completely different, as long as the black car networking system, you can remotely control dozens of cars or even more. Remotely activate the car's self-driving system, allowing dozens or even hundreds of cars to drive themselves to the point of destination. Save yourself the hassle of stepping on points and don't have to care about your surroundings. Drinking Coke in an air-conditioned room, eating fried chicken, and tapping the keyboard with the mouse can pocket dozens of cars, is this more tempting than taking a huge risk to steal a car in the garage?
Cloud car theft will not only greatly improve efficiency, but also reduce risks. First of all, the car thief doesn't have to show his face, he doesn't even have to touch the car from beginning to end. Everything is done in cyberspace, leaving no trace in the physical world.
If the police want to solve the case, the clues have to be found on the Internet. The game of cat and mouse has moved from the physical world to the online world. And in the technical capabilities of the online world, hackers are going to dump the police a few streets. In that world, hackers are the masters, and they have a thousand ways to cover up the traces.
As we said above, whether a thief steals a car or not, the core depends on the balance of benefits and risks. Once the benefits outweigh the risks, someone will try it out.
Of course, not all hackers have the guts to commit crimes, and not all car thieves have the superb technology of "cloud car theft". But is it possible that car thieves cooperate with hackers, car thieves pay for car thieves, and hackers contribute? As long as the profits are large enough, such a gang will definitely appear.
Don't think that remotely controlling a car is far away. In fact, the technical threshold for remote control of networked intelligent electric vehicles is not high, and there are many similar examples.
Before this German guy, Tesla had already had many similar things.
Let's give two examples:
In November 2020, British security researcher Leonard Wouters said that by connecting a computer with a Bluetooth signal to the remote control key of the Tesla Model X, the security firmware can be rewritten, the security chip of the key fob can be queried, and the unlock code can be generated. Wouters says it takes less than 90 seconds to steal a Model X without a key.
In 2020, two cybersecurity officers said that they could use drones to remotely hack into Tesla's infotainment system, unlock doors, change seating positions, play music and more remotely. They also demonstrated it live at the famous hacking conference Cansecwest. In the demo video, the drone hovers on the roof for only a few seconds before Tesla's two doors automatically open
It should be pointed out that although most of the accidents are Tesla, it does not mean that tesla is the only one who has this risk. The reason why most of the news about smart electric vehicles is related to Tesla is because Tesla now has the most electric vehicles and the highest market share. In theory, other networked smart electric vehicles face the same risks as Tesla. After their production and sales come up, the stories that happened to Tesla will be played out on them.
Let's make a bold prediction, after the large-scale popularization of intelligent networked cars, the kind of criminals in the movie who control a large number of zombie cars to carry out terrorist attacks are basically unlikely. However, "cloud car theft" cases will surge for some time. Car owners, policemen, car thieves, around the attack and defense of intelligent networked cars, will shift from offline to online cyberspace.
Hopefully, something like this never happens. But from a rational point of view, "cloud car theft" is a problem we will face. We need to prepare for this network offensive and defensive war of networked intelligent electric vehicles, and automakers need to continuously improve the security of their systems and raise the technical threshold for hacker attacks.
At the same time, if there is a case of "cloud car theft", the police system needs to establish a method of solving such cases, how to find clues from cyberspace, and lock in criminal suspects, which is a new topic. Police officers not only need agile skills, excellent case reasoning skills, but also computer experts. In addition, the cooperation of automobile manufacturers is also required.
It is foreseeable that the offensive and defensive battles around the network of intelligent electric vehicles will be exceptionally exciting. The police films of the 21st century are no longer police officers and criminals staging speed and passion on the streets, nor is it a bloody gunfight, but a skill competition in cyberspace. Battlefields without smoke of war tend to be more brutal and the fighting more intense.
Text: Gaze at Deep Space / Data Ape