7 threats to the future of automotive safety

4月底,工信部、发改委、科技部联合印发《汽车产业中长期发展规划》中提到,到2020年,智能网联汽车与国际同步发展,汽车产业关键技术取得突破。 于是,有人乐观表示,未来城市可能不需要停车场,自动驾驶汽车能把你送到目的地后再自己开走;将来司机上车后不用再手握方向盘,而是可以解放出双手来在车载电脑上收发邮件、关注股市……
这样的智能汽车到时是不是真的能完全“放手”? 近日,360智能网联汽车信息安全实验室刚刚发布的智能网联汽车信息安全报告显示,其实目前超火的这些智能汽车仍面临七种安全威胁,主要包括:
TSP安全威胁APP安全威胁T-Box安全威胁IVI安全威胁Can-bus总线安全威胁ECU安全威胁车内通信安全威胁
这些威胁听上去都特别专业,如果作技术性解释,只会让很多普通汽车驾驶者们更懵。所以,在此我们不多言,请你搬个板凳听故事吧。
【故事一】 干扰自动驾驶的“眼耳口鼻” 能让汽车忽略障碍或者急刹 某品牌汽车的自动驾驶功能,在去年的一次黑客大会上就被攻击得很彻底: 这辆被攻击的汽车自动驾驶系统配备了超声波传感器12枚,摄像头一枚,毫米波雷达一枚。其中毫米波雷达最远可以识别到150米的障碍物;超声波传感器遍布汽车周身,用以感知车身周围大概5米范围的障碍物,主要被用于停车辅助功能;高清摄像头被放置在汽车前面,用来识别车道线和交通标志。 刁钻的黑客们先干扰超声波传感器,进行“噪声攻击”,简单来说就是利用超声波发射仪播放更大强度的同样频率的超声波,这样就使得超声波感应器无法回收自己发出的信号,从而无法检测出汽车周围的物体。而随后的“欺骗攻击”则要精细的多,黑客们让噪声源在合适的时机播放适当频率和强度的超声波,就骗过了超声波传感器,将障碍物的距离“拉近了”。还有“隐身攻击”,只要在障碍物上笼罩了超声波吸附材料,就无法被检测出来。 毫米波雷达也同样可以实现噪音攻击和欺骗攻击。也就是说,可以让自动驾驶的在高速行驶中,完全忽略前面的障碍物,也可以凭空让其紧急制动。 高清摄像头就是自动驾驶系统的“眼睛”。研究者们发现,如果对摄像头实施“致盲攻击”,破坏掉摄像头的输入图像,比如利用LED灯对摄像头进行照射,就会使得摄像头短暂“失明”,而如果使用激光对摄像头进行照射则会对摄像头造成不可修复的破坏。

过了三科!USCPA考生自述最全考试经历!2017年考生值得一看

【故事二】 破解挡风玻璃上的VIN码 远程开汽车空调车主信息泄露 就在某品牌电动车于去年世界移动通讯大会上发布最新手机APP后不久,澳大利亚网络安全研究专家Troy Hunt发现,软件开发者借助任何一辆该汽车前挡风玻璃上的VIN码(VIN车辆识别码,包含了车辆的生产厂家、年代、车型、车身型式及代码、发动机代码及组装地点等信息),便可通过车载系统手机客户端的身份验证,获取车主身份及车辆充电量信息,并获得车内空调的操控权。虽然这一网络安全漏洞还未涉及油门、刹车等车辆控制关键功能模块,但对续驶里程本已相对有限的纯电动汽车来说,仅远程开启空调这一潜在威胁危害也十分巨大。 这个攻击其实很好理解:Hunt的学生Jan通过该车的手机App查看到车辆的基本信息,包括预测的剩余可行驶里程、电池充电状态,充满电所需时间等。并且Jan发现充电与空调控制相关,可以远程控制空调的开启并设定时间。在他向汽车发送了三次指令后,汽车回复他空调已经被打开,其中还有个人信息。如果你是车主,也许第二天等你用车时就会发现,恶作剧的黑客已经把你车子的空调大开,电量耗光了。
无节操黑客为不良搜索公司蝇头小利而入侵其竞争对手并窃取商业机密
无一例外,黑客都是通过侵入汽车的各种系统乃至手机APP,达到控制汽车成为“僵尸车”的目的,正在热播的速8中各种汽车“僵尸”就源于此。 360专家介绍说,以前,汽车是孤立的,物理隔离的,因此黑客很难远程入侵汽车内部控制器,除非进行物理入侵,而这个是需要很高的犯罪成本。随着互联网的进化,当汽车内部与外界联网之后,汽车受到的远程网络攻击就不再是猜想。一旦车联网产品普及,关于汽车被攻击的现实案例就会出现并越来越多。 不过,道高一尺魔高一丈,通过白帽黑客和安全专家们的不断“找茬”,相信汽车安全技术会越来越高,未来真正的无人驾驶汽车上路时,也会更加安全智能。 编辑:时代汽车(来源:扬子晚报)
长按二维码向我转账
受苹果公司新规定影响,微信 iOS 版的赞赏功能被关闭,可通过二维码转账支持公众号。
微信扫一扫关注该公众号
At the end of April, the Ministry of industry, development and Reform Commission, Ministry of science and technology jointly issued the automobile industry long-term development plan that by 2020, smart car network synchronization with the international development, the key technology breakthroughs in automobile industry. So, some people are optimistic that the future may not require the city parking lot, automatic driving a car can take you to the destination after he left after the driver of the car; future no longer holding the steering wheel, but both hands can be liberated in the on-board computer to send and receive e-mail, concerned about the stock market……
Such a smart car is not really able to completely let go? Recently, 360 intelligent automobile network information security lab has just released the smart car information network security report shows that in fact at present over the fire these smart cars is still facing seven kinds of security threats, including:
TSP security threats APP security threats T-Box security threats IVI security threats Can-bus bus security threats to ECU security threats in the communications security
These threats sounds very professional, if the technical interpretation, will only make a lot of ordinary car drivers are more ignorant. So, we don’t have much to say here, would you please take a stool to listen to the story.
商业竞争企业之间互相挖角是很常见的,为了防止跳槽到同行业竞争对手的员工带走公司的核心机密,需要加强用户权限管理,只给用户完成其工作所需最少权限。对离职员工,及时停止各系统的访问权限并签订保密协定。
[a] story automatic interference driving eye ear mouth nose can let the car ignore obstacles or brakes a brand of car automatic driving function at a hacker conference last year was attacked very thoroughly: equipped with ultrasonic sensors 12 automatic driving system of this car was attacked by car, a camera a millimeter wave radar. The millimeter wave radar can identify obstacles to the farthest 150 meters; ultrasonic sensors all over the car body to body around the obstacle sensing range of 5 meters, is mainly used for parking auxiliary function; HD camera is placed in front of the car, used to identify the lane and traffic signs. Crafty hackers interference first ultrasonic sensor, noise attack, is simply the use of ultrasonic emission instrument play a greater intensity of the same frequency ultrasound, which makes the ultrasonic sensor signal can not be recovered from oneself, thus unable to detect objects around the car. While the subsequent spoofing will be fine, ultrasonic hackers make the noise source playing with the appropriate frequency and intensity at the right time, he cheated the ultrasonic sensor, the obstacle distance closer . As well as stealth attack, as long as the barrier shrouded in ultrasonic adsorption material, it can not be detected. Millimeter wave radar can also achieve noise attack and spoofing attack. That is to say, it is possible to let the autopilot in the high speed travel, completely ignore the obstacles in front, also can let the emergency brake. HD cameras are the eyes of the autopilot system. The researchers found that, if the implementation of the blinding attack on camera, destroy the input image off camera, such as the use of LED light irradiation on the camera, the camera will make a brief blindness, and if the use of laser irradiation on the camera will be on camera caused irreparable damage.

银行的最大问题不是科技而是创新

[two] break the story on the windscreen of the remote VIN code to open air-conditioned car owner information leaked on a certain brand of electric vehicles in the mobile world congress released shortly after APP’s new machine, Australia network security researcher Troy Hunt found that software developers with any one of the front windshield of the car (VIN code VIN vehicle identification code, including vehicle manufacturers, age, type, body type and code, engine code and assembly location information), can be through the vehicle system of the mobile phone client authentication, access to the main car and vehicle charging identity information, and get the car air-conditioning control. Although the network security vulnerability has not involved the accelerator and brake the vehicle control key function modules, but pure electric vehicle mileage of this has been relatively limited, only remote open the potential threat of air conditioning is also very great harm. This attack is actually very good understanding: Hunt student Jan through the car’s mobile phone App to view the basic information of the vehicle, including the remaining mileage forecast, battery charging state, the time required for full power, etc.. And Jan found that charging and air conditioning control, remote control air conditioning can be opened and set the time. After he sent three instructions to the car, the car returned to his air conditioning has been opened, including personal information. If you are the owner of the car, perhaps second days when you use the car will find that mischievous hackers have opened your car air conditioning, electricity consumption of light.
Without exception, hackers are invaded by a variety of cars and mobile phone APP system, to control the car to become zombies to being hit 8 in various car zombie on the source. 360 experts said that in the past, the car is isolated, physical isolation, so it is difficult for hackers to remotely invade the car internal controller, unless the physical invasion, and this is a high cost of crime. With the evolution of the Internet, when the car is connected with the outside world, the car is no longer a remote network attacks. Once the car networking products popularity, the reality of the case on the car will be attacked and more and more. However, one foot in mind, by white hat hackers and security experts believe that the automotive safety technology will be more and more high, the real future of driverless cars on the road, will be more intelligent. Edit: times car (source: Yangzi Evening News)
Long by two-dimensional code to me transfer

…务业司在杭州、厦门组织开展工业控制系统信息安全培训工作

Affected by the new regulations of Apple Corp, WeChat iOS version of the feature is closed, can be transferred through the two-dimensional code to support public numbers.
WeChat sweep attention to the public number

跟踪软件会帮助找回失窃的电脑,但是不少跟踪软件的合法性受到大众的质疑,应制定相应的规范。

猜您喜欢

信息安全,技能还是认知?
黑客社交攻防大挑战
网络信息安全实验室
京东宣布组建京东物流子集团五年内收入要超千亿
CAPTAINU BMWPUGETSOUND
轻松实现安全意识