Autonomous vehicles “feel” the road ahead with a variety of sensors, with data received sent through the vehicle’s brain to stimulate a response. Brake action, for example. It’s technology that’s far from perfected, yet self-driving trials continue on America’s streets, growing in number as companies chase that elusive driver-free buck.
In one tragic case, a tech company (that’s since had a come-to-Jesus moment regarding public safety) decided to dumb down its fleet’s responsiveness to cut down on “false positives” — perceived obstacles that would send the vehicle screeching to a stop, despite the obstacle only being a windblown plastic bag — with fatal implications. On the other side of the coin, Tesla drivers continue to plow into the backs and sides of large trucks that their Level 2 self-driving technology failed to register.
Because all things can be hacked, researchers now say there’s a way to trick autonomous vehicles into seeing what’s not there.
As cars grow more dependent upon computer-controlled driving aids and automakers implement permanent internet connectivity, we’ve grown increasingly concerned with how automakers handle their customer’s data.
It sounds conspiratorial, but there’s a series of events to hang the tinfoil hat on. In 2017, General Motors announced it had successfully monitored the listening habits of 90,000 motorists in a study aimed at improving marketing insights. It also rejiggered OnStar and introduced the Marketplace app for seamless in-car purchasing options. Our take was that it was as impressive as it was ominous — and GM is only leading the charge into a what analysts believe will eventually become a multi-billion dollar industry.
Naturally, this led to privacy concerns over how automakers will protect customer data on future models. But we might want to start worrying about the cars we have now. A couple of white-hat hackers (those are the good ones) recently probed the internal computer networks of wrecked and salvaged Teslas and found a mother lode of personal information waiting inside.
Computer experts successfully broke a Tesla Model 3 at the “Pwn2Own” hacking event held recently in Vancouver. However, Tesla Motors isn’t biting its nails over someone finding vulnerabilities in its system, as it was privy to the plan. The automaker has operated a “bug bounty program” for the past 4 years, rewarding anyone who can pull it off — going so far as saying it wouldn’t void a vehicle’s warranty if a customer successfully hacked it in “good faith.” It even offered a maximum reward of $15,000 (USD) last year.
Meanwhile, the group that managed to break the Model 3 in Canada this month received more than a sack of cash from the automaker.
In the midst of Uber Technologies’ corporate restructuring and cultivation of a squeaky-clean new image, the ride-hailing company was apparently hiding a dark secret. Striving for transparency, the company has now confessed that hackers stole the personal information of 57 million customers and drivers in October of 2016.
The coverup, apparently conducted by the firm’s chief security officer and another staff member, involved over $100,000 in payments to the hackers in the hopes to keep them quiet. The data lost included names, email addresses, and phone numbers of around 50 million Uber riders across the globe. Another 7 million drivers were also subjected to the digital attack, with over half a million of those losing their driver’s license numbers.
It’s common knowledge that Tesla vehicles store and transmit data back to the company’s Fremont, California home base, but a hacker working on a wrecked Model S just discovered something startling.
In an interview published by Inverse (h/t to Hybrid Cars), North Carolina computer programmer Jason Hughes claims that Tesla’s Autopilot system actually records video. While working on a center display unit from a wrecked Model S, Hughes found footage of the vehicle’s crash.
Two decades’ worth of Volkswagen Group vehicles are vulnerable to a simple, cheap hack that can unlock their doors.
A research paper released this week (first reported by Wired) describes how multiple Volkswagen, Audi, Seat and Skoda models built since 1995 can be unlocked using a handmade radio that copies key fob signals.
The same two guys who brought you last year’s remote hacking of a Jeep Cherokee on a Missouri highway (and resulting 1.4 million vehicle recall) are at it again.
This time, Charlie Miller and Chris Valasek entered the same Cherokee’s electronic brain, bypassing security software to gain control over key driving functions, according to Wired.
Fiat Chrysler Automobiles will give you up to $1,500 to find weaknesses in its vehicles’ security, but cybersecurity experts want the automaker to pony up more dough.
After the company announced its industry-first “bug bounty” program on July 13, many professional hackers say FCA’s reward isn’t enough to attract real talent in the search for software breaches, Forbes reports.
In a few weeks, after Pokémon Go jumps the shark and we all head back to our homes for nights of solitude, Fiat Chrysler Automobiles will offer another opportunity for high-tech geekery. And a lucrative one, too.
Announced today, the automaker will hand tech-savvy individuals cold, hard cash in return for information on weaknesses in its vehicles’ cybersecurity. Exposing a hidden backdoor that hackers could sneak through will net you up to $1,500.
It looks like car thieves in Houston have found a way to break into (and make off with) Jeep and Ram vehicles without using a slim jim, crowbar or screwdriver.
Surveillance video from a Houston garage shows a Jeep Wrangler being methodically commandeered by a man using a laptop and tablet. After last year’s remote-control Grand Cherokee incident, this is another hacker-related headache for Fiat Chrysler Automobiles.
My email address is email@example.com, and this XKCD comic is a very real part of my life. Others confuse me for all sorts of other Wallachs out there in the world. I’ve been invited to bachelorette parties in New York, received electronic court filings from Florida, and recently I got something new: an email welcoming me to my new Lexus that invited me to take part in exclusive consumer surveys.
Of course, I didn’t recently purchase a Lexus, and there was no “hey, wrong email address” button anywhere to be found. So what did I do? I “forgot” my password, logged in to someone else’s Lexus account, and figured out who actually owned the Lexus. After all, they’d probably want to know.
Apparently, it’s Technology Tuesday here at TTAC, so we can bring you news of a device that will kick your deeply held fears to the curb.
Vehicle hacking has been an issue ever since a Jeep Cherokee had its steering, transmission and brakes commandeered last summer, and an Israeli firm is now offering protection against keyboard warriors, according to CNBC (via Business Insider).
Hackers say they may be able to control any vehicle with a telematics-enabled sensor — including a popular sensor that insurance companies use for consumers — plugged into the car’s diagnostic port, according to Wired report (via The Verge).
In recent weeks, several hacks have surfaced — Chrysler, General Motors and Telsa — related to specific automakers. According to the report, the On-Board Diagnostic system hack could apply to any make or model fitted with an insurance or tracking dongle. The University of California San Diego researchers say they’ll present their findings at the Usenix conference Tuesday.
And, um, there’s no easy way to put this, but … it doesn’t appear that it would be all that hard to find cars with the dongles at the moment.
As the technology that will one day network cars together and reorganize the roads in the name of safety and efficiency continues to rush towards us, word comes that the computerized systems used to control commercial aircraft in flight are now vulnerable to hackers via android devices. Net-Security.org is reporting on an April 10th presentation at the “Hack in the Box Conference” by German security consultant Hugo Teso during which he demonstrates how a wireless device can be used to transmit malicious code into an aircraft’s computer through at least two different systems currently used to exchange information between aircraft and ground stations. Those of you who are already afraid to fly will want to read all of the excruciating details here: http://www.net-security.org