news

in the past, we often saw hollywood blockbusters showing hackers invading network security systems. in today’s era of intelligent networking, such scenes may appear in intelligent connected cars.

not long ago, chechen leader ramzan kadyrov posted that his tesla electric pickup truck cybertruck was remotely locked by musk. although it is hard to say whether this is true or not, it has aroused public concerns about tesla's remote control function and user privacy security.

kadyrov releases video showing his tesla cybertruck equipped with a machine gun

recently, 360 chairman zhou hongyi commented on kadyrov's accusation that musk remotely locked the car through a video, saying that he had not seen direct evidence that musk did it. however, technically speaking, it is very easy for the current smart connected car manufacturers. he also analyzed from a professional perspective that it only takes three steps to lock a smart connected car.

is it really possible to remotely control vehicles?

zhou hongyi explained that the first step is to select the vehicle to be disabled; the second step is for engineers to disable the vehicle on the vehicle server and issue a disabling command to the vehicle; finally, the vehicle cannot be driven.

zhou hongyi also said that car owners who bought smart connected cars must be aware that the car you bought does not belong to you, but to the manufacturer, because the car is connected to the manufacturer's server. if a hacker breaks into the car, through the car body wi-fi or bluetooth connection, and then rewrites the body controller on the in-car network, the vehicle function will be disabled.

as we enter the era of the internet of everything, the challenges of network security are becoming increasingly greater. new energy vehicles have achieved intelligence, networking, and autonomous driving, but where there is software there are loopholes, and loopholes will definitely be exploited by criminals. therefore, the security issues of new energy vehicles and intelligent connected vehicles may be much greater than those of other equipment.

in addition to the attack on the car body, another easier way is to control the production system and data system of the car company, and hackers can also remotely control the vehicle. this attack method is not only highly concealed, but also has a wider range. it can control all the cars of a certain model in a car factory. the networks of many car companies are actually defenseless and vulnerable in front of real hacker teams. if there are national-level hacker forces involved, the threat is not only the personal safety of a certain car owner, but even rises to the level of national security.

tesla officially responded to the reporter of orange persimmon interactive electric vehicle journal that the assumption about remote locking of the car is completely personal speculation. at present, tesla has established a data center in china, and the data of all domestic vehicles is stored in china, and the data has been certified by relevant national departments.

in fact, in recent years, car companies have also been frequently attacked by "hackers".

on august 20 this year, toyota motor corporation admitted that its network had been hacked and data had been leaked.

in march 2023, at the world-renowned and most lucrative hacker competition pwn2own, hackers successfully gained root access to the tesla system. in addition to receiving a $100,000 bonus, the successful intruder also received a hacked tesla model 3.

in january 2022, a german teenager successfully hijacked a tesla vehicle remotely through a vulnerability.

in november 2021, snatch ransomware invaded volvo cars' servers and stole files.

in june 2021, hackers claimed to have successfully hacked into tesla's in-vehicle system and were able to remotely control the vehicle. tesla later issued a statement saying that the hacker attack did not affect the safety of the vehicle.

in june 2020, honda's internal network system was attacked, and the company suspended vehicle shipments from its domestic factories in japan and stopped production at seven automobile factories in north america.

in february 2020, a mercedes-benz e-class sedan was found to have 19 vulnerabilities that allowed hackers to remotely control the vehicle, including opening the doors and starting the engine.

in august 2019, with the permission of the us government, two engineers controlled a toyota prius to brake suddenly; and controlled a ford kuga to cause the brakes to fail suddenly.

in april 2019, chicago's car2go car-sharing app was hacked, resulting in the theft of approximately 100 cars.

……

how to protect your vehicle

in the video, zhou hongyi gave an answer for individuals to avoid being hacked, solving the problem of cars being remotely locked and disabled through pre-emptive defense and post-event response. he said that you can find a modification shop or disable the remote communication module yourself to prevent the server from issuing control commands. the post-event response method is to replace the disabled parts to activate the vehicle's functions.

however, zhou hongyi also pointed out that there are disadvantages to doing so. if the server is blocked from issuing various control commands, many functions of your car may be restricted. if you replace parts without permission, the car manufacturer may find out and refuse warranty on the grounds that you have modified the car without permission, or even risk the car manufacturer stopping the car from being used.

the editor believes that it is not worth the cost for individuals to prevent hackers from invading vehicles, and it still requires the country and car manufacturers to work together to prevent it.

first, automakers need to strengthen cybersecurity protection. they need to invest more in research and development to improve the cybersecurity performance of smart connected cars and prevent hacker intrusion. at the same time, they also need to establish a complete emergency response mechanism so that once a hacker attack is discovered, they can take prompt measures to ensure the safety of vehicles and passengers.

secondly, government departments also need to strengthen supervision. they need to formulate strict laws and regulations to regulate the production, sales and use of intelligent connected vehicles. at the same time, they also need to strengthen network security supervision and promptly repair security vulnerabilities found to prevent hackers from exploiting these vulnerabilities to attack.

in fact, my country already has relevant laws and regulations. on october 1, 2021, the "several provisions on automobile data security management (trial)" came into effect. this regulation was jointly issued by the cyberspace administration of china, the national development and reform commission, the ministry of industry and information technology, the ministry of public security, and the ministry of transport. it is my country's first regulation formulated for automobile data security.

it stipulates that the state encourages the reasonable and effective use of automobile data in accordance with the law, and advocates that automobile data processors adhere to four principles in carrying out automobile data processing activities: the principle of in-vehicle processing, which means that data will not be provided to outside the vehicle unless it is absolutely necessary; the principle of non-collection by default, which means that unless the driver sets it independently, the default setting is non-collection each time driving; the principle of applicable accuracy range, which means that the coverage and resolution of cameras, radars, etc. are determined based on the requirements of data accuracy for the functional services provided; and the principle of desensitization, which means that anonymization and de-identification should be performed as much as possible.

recently, the three mandatory national standards "technical requirements for vehicle information security", "general technical requirements for automobile software upgrades" and "intelligent connected vehicle autonomous driving data recording system" organized and formulated by the ministry of industry and information technology were approved and issued by the state administration for market regulation and the national standards administration, and will come into effect on january 1, 2026.

the "technical requirements for vehicle information security" stipulates the requirements for the vehicle information security management system, as well as the technical requirements and test methods for external connection security, communication security, software upgrade security, data security, etc.

the "general technical requirements for automobile software upgrades" stipulates the management system requirements for automobile software upgrades, as well as technical requirements and test methods for vehicle software upgrade functions such as user notification, version number reading, safety protection, prerequisites, power guarantee, and failure handling.

"intelligent connected vehicle autonomous driving data recording system" stipulates the technical requirements and test methods for data recording, data storage and reading, information security, crash resistance, environmental evaluation, etc. of the intelligent connected vehicle autonomous driving data recording system.

the ministry of industry and information technology stated that the three standards released this time are the first batch of mandatory national standards in the field of intelligent connected vehicles in my country, and are of great significance to improving the safety level of intelligent connected vehicles and ensuring the healthy and sustainable development of the industry.

the future development of intelligent connected vehicles cannot be separated from security protection, and the threat of remote control by hackers cannot be underestimated. by incorporating cybersecurity concepts into the design phase, strengthening data encryption, implementing multiple authentication methods, establishing a rapid response mechanism, and promoting the formulation of industry security standards, a more secure protection system can be built for intelligent connected vehicles. only when these security measures are in place can intelligent connected vehicles find the best balance between convenience and safety and truly realize their huge potential in the field of intelligent transportation.

source: zhang jingsong, reporter of chengshi interactive