What hacking technology was used in the self-driving car in "Fast and Furious 8"?

The Fast and the Furious 8 has been a hit in China recently, sparking widespread discussion among movie fans. In my opinion, there are two main hacking technologies involved in the film - The Eye and Zombie Cars, which are actually related to two cutting-edge security technologies in reality - automotive and IoT security and attacker tracing.
▲ Activated "zombie car" zombie fleet - car and IoT security First, let's talk about smart cars and non-smart cars. Smart cars can actually be treated as an IoT device, which means that the attack surface of smart cars is similar to or even greater than that of other IoT devices. In fact, cars, like computers, rely on buses for internal communication, and the bus in cars is the CAN bus. The CAN network was developed by BOSCH, a German company known for its research and development and production of automotive electronic products, and eventually became an international standard (ISO 11898), and is one of the most widely used field buses in the world. The CAN bus protocol has now become the standard bus for automotive computer control systems and embedded industrial control LANs, and is also the main bus for communication between on-board ECUs. Currently, cars on the market have at least one CAN network, which serves as the backbone network for interconnection between embedded systems to interact and share information in the car. The short frame data structure, non-destructive bus arbitration technology, and flexible communication methods of the CAN bus can meet the requirements of real-time and reliability of cars, but it also brings a series of security risks, such as broadcast messages that are easily monitored, priority-based arbitration mechanisms that are vulnerable to attacks, and passive address domains and non-authentication domains that cannot distinguish the source of messages. Especially in the context of the vigorous development of automobile networking, in-vehicle network attacks have become the source of automobile information security problems, and CAN bus network security analysis has gradually become the focus of industry security experts. For example, at the DEFCON hacker conference in September 2013, hackers demonstrated how to control the Ford Kuga and Toyota Prius models from OBD-II to achieve steering, braking, throttle acceleration, instrument panel display and other actions. The in-vehicle CAN network security issues are currently mainly explored through the analysis of security vulnerabilities and various attack methods, because the vulnerability and threat model analysis of in-vehicle network security are particularly critical. In this way, as long as we seize the CAN bus, we are equivalent to seizing the nerves of the car and can control the car.
▲ What consequences will the car attacking the CAN bus in the self-driving state in the film cause? The first consequence is loss of control: One of the main applications of the CAN bus is to support the communication of active safety systems. When the vehicle is driving, active safety systems will be a double-edged sword. They do play an irreplaceable role, but considering the operability of active safety systems and the ability to adjust the correct input, it will also cause the driver to rely completely on active safety systems. Therefore, a sudden failure will cause unpredictable and dangerous consequences. In order to cause a dangerous condition, a malicious attacker will inject error frames into the CAN bus to make the active safety system fail. For example, installing an attack in the traction control system will cause dangers such as loss of vehicle control. If the attacker's target is the adaptive cruise system, it will cause the car not to stop as the driver expects. In addition, in order to maximize the harm to the driver of the car, if the data can be obtained directly from the CAN bus, the attacker can trigger a DoS attack based on specific conditions. For example, a certain speed of the car, a certain throttle percentage, or a certain GPS location. The second consequence is ransomware: a malicious attacker sets an attack in a target frame in the CAN bus, which will cause the driver to lose control of the throttle position and thus be unable to move the car. Although these may not necessarily induce a dangerous state, an attacker motivated by money will exploit the vulnerability of the car's entertainment system to force the car to stop and display a message on the entertainment system screen, asking the owner to pay a ransom to regain control of the car. The third possibility is theft: Nowadays, most expensive car door locks are controlled by connecting to the ECU via CAN, usually through the OBD-II port. It is easier and faster to isolate the data frames responsible for locking/unlocking the car doors than to reverse the active safety devices. Therefore, an attacker can isolate the data frames responsible for locking the car doors in a few minutes, program his device to perform a DoS attack on specific frames, and then plug the device into the OBD-II port to prevent the car doors from locking. For an attacker, this attack result is possible. It is possible to enter the car with low cost and then steal any valuable items in the car. For a long time, almost the entire automotive industry has a consensus that the CAN bus cannot be protected. There are two reasons. First, the ECU's computing power is insufficient; second, the bandwidth of the in-vehicle network is limited. Some LIN buses use 16-bit or 8-bit MCUs, but the encryption algorithm used by AES can only process data in 16-byte blocks, which means that the LIN bus is often in a "naked" state. Therefore, automotive safety will definitely be a hot topic in the future.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Why has Nissan's steer-by-wire technology, which it recalled ten years ago, suddenly become popular in China?

>>: The success rate of fake fingerprints cracking mobile phones is as high as 65%? Apple responded that the probability is only one in 50,000

Father’s Day copywriting is here, how can brands take advantage of it?

Don't touch it! The "smart drugs" that are popular among parents are actually psychotropic drugs, and taking them may cause addiction

Blog

World Handwashing Day | Attention! 6 common misunderstandings about hand washing, be careful of "the more you wash, the dirtier it gets"!

Blog

Wearing reading glasses, with gray hair... at the age of 55, he set foot on space three times: I want to work in aerospace all my life, it’s worth it!

Blog

Mi La Micro Course "Blue Ocean Public Account Project Training Camp"

What hacking technology was used in the self-driving car in "Fast and Furious 8"?

Father’s Day copywriting is here, how can brands take advantage of it?

Allegedly able to change human DNA, how toxic is Skittles ingredient titanium dioxide?

Why do the groups you created eventually become dead groups?

Don't touch it! The "smart drugs" that are popular among parents are actually psychotropic drugs, and taking them may cause addiction

World Handwashing Day | Attention! 6 common misunderstandings about hand washing, be careful of "the more you wash, the dirtier it gets"!

Wearing reading glasses, with gray hair... at the age of 55, he set foot on space three times: I want to work in aerospace all my life, it’s worth it!

Mi La Micro Course "Blue Ocean Public Account Project Training Camp"

Why is my phone charging so slowly? Here's the reason

5 ways to create copy when you have no inspiration

Does smoking affect your appearance? It’s true!

Recommend

Teacher Wen's Reading Comprehension Class on Douyin

This is the most awesome operational copywriting I have ever seen!

Talk about the game Tomahawk VR. Another product without positioning?

Despite the apparent prosperity, the development of artificial intelligence has fallen into trouble

When returning home for the Spring Festival, beware of carbon monoxide poisoning!

Be careful when eating spring vegetables! Save this guide to tasting fresh vegetables →

Google Play opens developer team in China

Sony LSPX-S3 Crystal Sound Tube: Create a Refined Life with Atmosphere

A brief introduction to the evolution of digital advertising

How should we write copy in 2018?

Hiding atoms? This bold idea successfully breaks the record of atomic low temperature

Wearing a mask for a long time can cause lung nodules to grow larger? Don't believe these rumors

3 Tips for Writing an Event Planning Proposal

Smart TVs have security holes

Mobile Internet Channel Promotion Methodology (with case studies)