Comment on Doordash deserves it's fate
chonglibloodsport@lemmy.world 1 week agoThey are taking over Internet accounts though. They hack people’s social media profiles, Netflix accounts, Amazon accounts etc. They also take down websites via DDoS attacks.
Here’s the thing with fleets of self-driving rental cars: unlike power plants or manufacturing robots, these cars will be on the public Internet. They cannot be airgapped on a private LAN the way a fixed robot in a factory can.
So all it takes to control these things is to hack into the authentication system and steal the credentials for the master control account for the cars. Then they’ll be able to connect to the cara remotely and issue commands to control them, just as the company would for say, ordering them to return to base to recharge, get cleaned up, or be repaired.
That’s the vulnerability. And even if they put all the cars on a VPN it’ll still exist because hackers can and do steal VPN credentials just like any other credential.
By the way, there has been at least one high profile hack of manufacturing robots: the Stuxnet worm which targeted Iran’s nuclear program. Since a fleet of self-driving cars is going to have millions and millions of dollars in value (tens of thousands of cars on the road) it’s going to be an extremely high value target for criminal gangs. While their resources might not be as extreme as the probable Stuxnet creators, they will be very large (and might even gain state actor support from unfriendly countries).
BlameThePeacock@lemmy.ca 1 week ago
The Stuxnet worm was created by the US government likely with hundreds of people working on it for half a decade or more, not some random hacker group.
There are ways to protect self cars, giving them a command to drive somewhere isn’t inherently dangerous. The commands to send them to a destination will not be able to control HOW the car gets there, that will all be done locally on the vehicle self-driving software. It won’t be possible to tell the car “go drive into this building” since the driving software simply won’t allow for such a request remotely.
The most impactful thing that hackers could do is tell all the vehicles to pull over and stop where they are, which would cause problems of course, but it’s hardly the end of the world. Essentially a form of DDOS attack on cars, but it would be detected almost instantly and likely the vehicles with occupants could just override it locally.
What exactly is a hacker group going to do with a fleet of cars that can certainly still be located by the corporation that owns them since they’re literally connected to cellphone (and probably satellite these days) networks all the time. There’s not that much value for a hacker in obtaining a self-driving car that can’t drive by itself because it’s not connected to it’s network. The resale value for the fancy sensors and chips inside them is pretty much zero.
Again if people want unattended cars they can do this a lot easier than hacking a massive corporation to get access to them.
chonglibloodsport@lemmy.world 1 week ago
If the goal is to steal the cars then all it takes is to order them to go somewhere while disabling (perhaps via DDoS) the logging and other telemetry servers that allow them to track the vehicles. Once they’re stopped where the criminals want them they can break in and disable the power supply to shut them down completely, then tow/push them into shipping containers to send overseas for modification and resale.
There already exist international criminal gangs who do this sort of thing. Think of the resources of an organization the size of the Gulf Cartel. They operate their own cell phone network in Mexico. They’ve got hundreds of engineers. They absolutely could do an operation like this.
BlameThePeacock@lemmy.ca 1 week ago
Why would the onboard software ever allow (or even support the ability) to disable connectivity?
The tracking doesn’t even need to happen on the vehicle itself, given that they’re likely to use cellular connections the tracking from the cell company can locate it.
My point is that there’s no benefit to stealing a self-driving car over a regular car, so why would these gangs switch? None of the self-driving features will work when it can’t connect to the network, and none of the extra parts have any sort of resale value separate from their intended use. They may as well continue stealing regular cars.
chonglibloodsport@lemmy.world 1 week ago
Who said anything about software? Cut the wires to the battery! That will power down any car no matter what.
The benefit to stealing a self driving car is that it’s a self driving car! What’s the retail price of self driving cars? $100k? More? The whole premise of the self-driving taxi and delivery companies is that the cars are too expensive for the consumer market so they operate on a rental basis instead. If self-driving cars became a mass market commodity like regular cars then thieves would just steal them the old fashioned way.
Of course the self-driving features work without the network. GPS works without a cell network. It’s a receive-only protocol. The only thing that won’t work is the remote command and control dispatch. That would have to be hacked around.