What hacking technology was used in the self-driving car in "Fast and Furious 8"?

The Fast and the Furious 8 has been a hit in China recently, sparking widespread discussion among movie fans. In my opinion, there are two main hacking technologies involved in the film - The Eye and Zombie Cars, which are actually related to two cutting-edge security technologies in reality - automotive and IoT security and attacker tracing.
▲ Activated "zombie car" zombie fleet - car and IoT security First, let's talk about smart cars and non-smart cars. Smart cars can actually be treated as an IoT device, which means that the attack surface of smart cars is similar to or even greater than that of other IoT devices. In fact, cars, like computers, rely on buses for internal communication, and the bus in cars is the CAN bus. The CAN network was developed by BOSCH, a German company known for its research and development and production of automotive electronic products, and eventually became an international standard (ISO 11898), and is one of the most widely used field buses in the world. The CAN bus protocol has now become the standard bus for automotive computer control systems and embedded industrial control LANs, and is also the main bus for communication between on-board ECUs. Currently, cars on the market have at least one CAN network, which serves as the backbone network for interconnection between embedded systems to interact and share information in the car. The short frame data structure, non-destructive bus arbitration technology, and flexible communication methods of the CAN bus can meet the requirements of real-time and reliability of cars, but it also brings a series of security risks, such as broadcast messages that are easily monitored, priority-based arbitration mechanisms that are vulnerable to attacks, and passive address domains and non-authentication domains that cannot distinguish the source of messages. Especially in the context of the vigorous development of automobile networking, in-vehicle network attacks have become the source of automobile information security problems, and CAN bus network security analysis has gradually become the focus of industry security experts. For example, at the DEFCON hacker conference in September 2013, hackers demonstrated how to control the Ford Kuga and Toyota Prius models from OBD-II to achieve steering, braking, throttle acceleration, instrument panel display and other actions. The in-vehicle CAN network security issues are currently mainly explored through the analysis of security vulnerabilities and various attack methods, because the vulnerability and threat model analysis of in-vehicle network security are particularly critical. In this way, as long as we seize the CAN bus, we are equivalent to seizing the nerves of the car and can control the car.
▲ What consequences will the car attacking the CAN bus in the self-driving state in the film cause? The first consequence is loss of control: One of the main applications of the CAN bus is to support the communication of active safety systems. When the vehicle is driving, active safety systems will be a double-edged sword. They do play an irreplaceable role, but considering the operability of active safety systems and the ability to adjust the correct input, it will also cause the driver to rely completely on active safety systems. Therefore, a sudden failure will cause unpredictable and dangerous consequences. In order to cause a dangerous condition, a malicious attacker will inject error frames into the CAN bus to make the active safety system fail. For example, installing an attack in the traction control system will cause dangers such as loss of vehicle control. If the attacker's target is the adaptive cruise system, it will cause the car not to stop as the driver expects. In addition, in order to maximize the harm to the driver of the car, if the data can be obtained directly from the CAN bus, the attacker can trigger a DoS attack based on specific conditions. For example, a certain speed of the car, a certain throttle percentage, or a certain GPS location. The second consequence is ransomware: a malicious attacker sets an attack in a target frame in the CAN bus, which will cause the driver to lose control of the throttle position and thus be unable to move the car. Although these may not necessarily induce a dangerous state, an attacker motivated by money will exploit the vulnerability of the car's entertainment system to force the car to stop and display a message on the entertainment system screen, asking the owner to pay a ransom to regain control of the car. The third possibility is theft: Nowadays, most expensive car door locks are controlled by connecting to the ECU via CAN, usually through the OBD-II port. It is easier and faster to isolate the data frames responsible for locking/unlocking the car doors than to reverse the active safety devices. Therefore, an attacker can isolate the data frames responsible for locking the car doors in a few minutes, program his device to perform a DoS attack on specific frames, and then plug the device into the OBD-II port to prevent the car doors from locking. For an attacker, this attack result is possible. It is possible to enter the car with low cost and then steal any valuable items in the car. For a long time, almost the entire automotive industry has a consensus that the CAN bus cannot be protected. There are two reasons. First, the ECU's computing power is insufficient; second, the bandwidth of the in-vehicle network is limited. Some LIN buses use 16-bit or 8-bit MCUs, but the encryption algorithm used by AES can only process data in 16-byte blocks, which means that the LIN bus is often in a "naked" state. Therefore, automotive safety will definitely be a hot topic in the future.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Why has Nissan's steer-by-wire technology, which it recalled ten years ago, suddenly become popular in China?

>>: The success rate of fake fingerprints cracking mobile phones is as high as 65%? Apple responded that the probability is only one in 50,000

36℃≠36℃? The perceived temperature is off the charts! How to stay cool in the heat and humidity?

The jokes will make you understand what Internet thinking, big data, O2O, crowdfunding, red ocean and blue ocean are in seconds!

Blog

Terminal manufacturers quarrel over content shortage: the real dilemma of TV games

What hacking technology was used in the self-driving car in "Fast and Furious 8"?

36℃≠36℃? The perceived temperature is off the charts! How to stay cool in the heat and humidity?

The world's largest Deinonychus footprint was discovered in Fujian! What kind of dragon is Deinonychus?

If you understand this marketing theory, you will know why Luo Zhenyu is wrong!

Why is there weightlessness in the space station? Does weightlessness mean “losing weight”?

The jokes will make you understand what Internet thinking, big data, O2O, crowdfunding, red ocean and blue ocean are in seconds!

Terminal manufacturers quarrel over content shortage: the real dilemma of TV games

My first experience with advertising embedded in the body of a public account. What is the promotion effect?

Toutiao account optimization plan!

Home page operation strategy: Home page operation skills

What are the functions and advantages of developing Dongcheng’s self-service ordering app?

Recommend

A photon’s autobiography: What’s so magical about the quantum world?

User operation: a simple and easy-to-use user growth methodology

Operational Tips: 11 indicators to pay attention to at each stage of mobile financial app operation

Typhoon Dusurui is coming! What are the hazards? How to prevent it? Let's learn together

How should I operate a new Baidu bidding account? What should I pay attention to? Urgent!

Review: A complete event operation planning plan is like this

Volkswagen Touareg plug-in hybrid version unveiled: 1,000km range but still criticized

How to plan an excellent event? Follow these 5 steps

WeChat is getting more and more powerful, but these functions are getting worse and worse

How to balance traffic in oCPC promotion?

"Sitting with legs apart is the healthiest sitting posture"? Orthopedic experts remind...

Can farmers pay social security? How should I pay? What are the payment methods?

How to play the lottery (how to get started for lottery novices)

The new Porsche 911 convertible has a modified interior and the spy photos are exposed

Amazon Athena is now available in AWS China (Ningxia) Region