Comment on Doordash deserves it's fate
chonglibloodsport@lemmy.world 1 week agoGangs of criminals are hacking big companies all the time and stealing or extorting millions of dollars. If they can hack into Amazon or Target they can hack into Uber and steal fleets of self driving vehicles. Just turn off all the data logging and have them drive to a chop shop or even down to the local port and right into a shipping container.
BlameThePeacock@lemmy.ca 1 week ago
You vastly overestimate hackers abilities.
chonglibloodsport@lemmy.world 1 week ago
Most security workers at companies overestimate hackers abilities. That’s why all these companies are hacked all the time and there are tons and tons of data breaches.
The thing very few people understand about hackers is that they can code and they share their hacks as tools with each other on the black market. This means you’re essentially up against the combined effort of all hackers on the black market. When one succeeds, they all succeed. When one piece of server software is hacked, all companies who use that software get hacked.
BlameThePeacock@lemmy.ca 1 week ago
There’s a difference between grabbing data, and controlling physical systems.
Hackers are not regularly taking over power plants or shutting down manufacturing robots.
chonglibloodsport@lemmy.world 1 week ago
They are taking over Internet accounts though. They hack people’s social media profiles, Netflix accounts, Amazon accounts etc. They also take down websites via DDoS attacks.
Here’s the thing with fleets of self-driving rental cars: unlike power plants or manufacturing robots, these cars will be on the public Internet. They cannot be airgapped on a private LAN the way a fixed robot in a factory can.
So all it takes to control these things is to hack into the authentication system and steal the credentials for the master control account for the cars. Then they’ll be able to connect to the cara remotely and issue commands to control them, just as the company would for say, ordering them to return to base to recharge, get cleaned up, or be repaired.
That’s the vulnerability. And even if they put all the cars on a VPN it’ll still exist because hackers can and do steal VPN credentials just like any other credential.
By the way, there has been at least one high profile hack of manufacturing robots: the Stuxnet worm which targeted Iran’s nuclear program. Since a fleet of self-driving cars is going to have millions and millions of dollars in value (tens of thousands of cars on the road) it’s going to be an extremely high value target for criminal gangs. While their resources might not be as extreme as the probable Stuxnet creators, they will be very large (and might even gain state actor support from unfriendly countries).