一次完整的安全渗透测试
But my vehicle doesn’t connect to the internet….Are you sure? Statista estimates 40% of vehicles connect to the internet as of 2019 in the US (that’s 2 out of every 5 vehicles capable of accessing the internet!), and this is expected to rise to 74% (3 out of 4 vehicles) by 2023.
但是我的车辆无法连接到互联网...。确定吗? Statista估计,截至2019年,美国有40%的车辆连接到互联网(这是每5辆能够访问互联网的车辆中就有2辆!),到2023年,这一比例预计将上升到74%(4辆汽车中有3辆) 。
Even if you are not using in-car wifi, you might be using an entertainment system, or your car might be updating apple car play software. All of these need the internet. And even if you are not actively using these features, unless the car manufacturer or chip manufacturer took the ‘necessary’ precautions (we will get to multiple reasons of why that is just not the case, and why necessary is in quotes), you are at risk!
即使您没有使用车载wifi,您可能正在使用娱乐系统,或者您的汽车可能正在更新apple car play软件。 所有这些都需要互联网。 即使您没有积极使用这些功能,除非汽车制造商或芯片制造商采取了“必要”的预防措施(我们将获得多种解释,说明为何并非如此,以及为什么需要用引号引起来),有一定风险!
I’ve broadly heard 2 opinions on this: 1) Yes, but this is all hearsay 2) I’ve been convinced, and you’ve strengthened my convictions of never getting behind an internet connected car. Both of these are not right or useful in my opinion. In the first case, this is just not true. Read below for a short history on connected vehicle hacking:
我对此普遍有2种意见:1)是,但这只是传闻2)我已经说服了,并且您坚定了我的信念,即永不落后于联网汽车。 我认为这两者都不正确或无用。 在第一种情况下,情况并非如此。 请阅读以下有关联网车辆黑客攻击的简短历史记录:
It all started in 2010. Atleast that’s as far back as I’ll go for this article, and it’s a good point to start. A group of researchers from UW and UCSD posed an interesting problem: for 80 years or so, automobiles have remained mostly static, containing an internal combustion engine, wheels, gearshift, throttle, and brake. However since the 1970’s, 10’s of millions of code have been introduced, spread among 50–70 independent computers, called Electronic Control Units (ECU’s). Why was this done? It started with California. California being the pioneer, started to introduce strict pollutant regulations, and it made sense to electronically monitor and dynamically adjust fuel/oxygen ratios- which had the added benefit of improving efficiency and being more cost effective. Thus the ECU was born. Back in the day, California was clearly allowed to pioneer auto emission rules, and it wasn’t such a controversy. Subsequently there was a boom in ECUs as manufacturers started to realize the benefits of electronically monitoring and controlling throttle, brakes, airbag deployments, entertainment, lighting, climate, so on and so forth.
一切都始于2010年。Atleast可以回溯到我写这篇文章的时候,这是一个很好的起点。 威斯康星大学和加州大学圣地亚哥分校的一组研究人员提出了一个有趣的问题:大约80年来,汽车一直保持静止状态,其中包含内燃机,车轮,变速杆,油门和制动器。 但是,自1970年代以来,已经引入了数以千万计的代码,这些代码分布在50-70台称为电子控制单元(ECU)的独立计算机之间。 为什么要这样做? 它始于加利福尼亚。 加利福尼亚是先驱,开始引入严格的污染物法规,并且电子监控和动态调整燃料/氧气比率是有意义的,这具有提高效率和更具成本效益的额外好处。 因此,ECU诞生了。 时光倒流,加利福尼亚显然被允许开创汽车排放法规的先河,而这并没有引起争议。 随后,随着制造商开始意识到电子监控节气门,制动器,安全气囊展开,娱乐,照明,气候等方面的好处,ECU出现了繁荣。
These ECU’s then could communicate with each other using a developed standard vehicle communication protocol, called the CAN bus. However, while the ECU and CAN systems were matured, it wasn’t designed to be secure from outside interference in the first place, which is what the 2010 paper posed: did these designs properly anticipate an adversary that could take control of your computers? And what could the possible damage be?
然后,这些ECU可以使用称为CAN总线的已开发标准车辆通信协议相互通信。 但是,尽管ECU和CAN系统已经成熟,但它最初并不是为了防止外界干扰而设计的,这就是2010年的论文所提出的:这些设计是否恰当地预见了可以控制您计算机的对手? 可能造成的损害是什么?
They did a bunch of experimen
最低0.47元/天 解锁文章
279
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
