Chris Valasek and Charlie Miller, two researchers in the field of cybersecurity, are always reminding drivers to keep an eye on hackers' attacks on today's smart cars. In 2013, two researchers at the University of San Diego and the University of Washington held an academic discussion that highlighted the achievability of hacking and controlling vehicles. Their research results last summer showed that vehicles often have inherent security holes. Just a few weeks ago, the latest research found a huge hidden danger under the car security loophole.
On the Louis Expressway in Pittsburgh, USA, Chris Valasek and Charlie Miller discovered the flaws in the mobile phone connection and forced control of the Jeep Cherokee model. Remote control can be used to tamper with the vehicle's priority control, which can be a deadly threat to the entire automotive industry. According to the results of this study, the US transportation department called for the recall of 1.4 million vehicles to protect the safety of millions of drivers. Chris Valasek and Charlie Miller are now at the forefront of cybersecurity, but after a few months they are likely to face unemployment.
Science and technology researchers often use their software development skills and security theory to constantly find and solve the unforeseen hidden dangers of connected cars, but car manufacturers hope to eliminate those independent network security research, this analysis of Jeep Cherokee defects It will most likely become the swan song of related research. By September or October this year, the US Copyright Office will issue an important regulation to prevent third-party researchers such as Chris Valasek and Charlie Miller from unauthorized access to auto parts to conduct experiments. . Researchers have applied for exemptions in the Digital Millennium Copyright Act in order to retain their right to analyze vehicle performance. But at the time, it was strongly opposed by automakers, who claimed that every piece of software on the car was patented.
In addition, automakers believe that if the researchers from third parties arbitrarily change the code data, the already complex software will bring more serious security problems. Vendors' view on network security is that since the related technology has been developed for a long time, its own products are inevitably superior to other products, and the third party tampering with the source code will definitely cause more trouble.
But from the case of Jeep Cherokee, the problem is not what automakers imagine. Chris Valasek and Charlie Miller have successfully discovered the problem. The Sprint mobile phone connection module in Uconnect infotainment system has security holes, which is not noticed by insiders in the automotive industry. Jeep Cherokee is one of the examples of independent researchers who unexpectedly discovered car loopholes. Third-party researchers in San Diego and Washington were the first to show car network security issues to automakers who found the flaws of the Progressive Insurance Snapshot electronic dog.
I hope that the administrative staff of the Copyright Office will see the importance of third-party researchers as soon as possible. Don't always be dissatisfied and complained about these independent researchers. In a vehicle hacker summary letter submitted to the US Congressional Committee earlier in July, an industry consortium of major automakers even compared third-party researchers to technology plunderers. Automakers are under pressure from organized third-party researchers and anti-copyright groups to protect the in-vehicle network as much as possible, preventing hackers from gaining access and avoiding accidental attacks on vehicles in some funding research. Public research is another form of independent research by third parties, and automakers are naturally opposed. They believe that this research is equivalent to providing design drawings directly to evil hackers.
At the same time, however, automakers have neglected the negative consequences of keeping product details undisclosed. Although retaining the core details can effectively prevent some malicious cottage imitation behavior, but also missed the opportunity for third-party people to improve the product. If automakers don't publish the details of their research to the world, you will definitely question the reliability of the product, so the most effective way is to show all the details, and then the vehicle will become safer. More importantly, public surveillance of automotive products will lead to faster fixes.
Will vehicles become safer if third-party independent researchers are prohibited from doing their jobs? The answer is very likely not to. Take Jeep Cherokee as an example, until Chris Valasek and Charlie Miller reminded automakers that they were completely unaware of cybersecurity vulnerabilities. The third-party agency first had a conference call with the Federal Security Office. The executives only wanted to issue a technical service bulletin to advise the manufacturer on how to fix the security vulnerability. Until WIRED magazine published the report, it attracted the attention of the government. The recall was finally implemented under media pressure. The Department of Homeland Security believes that such car network security vulnerabilities should receive sufficient attention, even senators recommend legislation to minimize automotive technology standards, and urge the National Highway Traffic Safety Administration to investigate whether more recalls should be conducted to ensure vehicle safety. . Without the independent research of Chris Valasek and Charlie Miller, none of these will cease to exist.
The National Copyright Administration's regulations will be released in September or October. Regardless of whether third-party researchers will be supported, automakers have hinted that they will fully suppress independent researchers; they will continue to play down the value of independent research. In early July, the automotive industry jointly announced the establishment of an information sharing analysis center to evaluate cyber threats; manufacturers hope that third-party researchers can conduct product evaluation work at their request, in other words, ask researchers to find some problems. Public secrecy.
The automotive industry will face unprecedented hacker threats in the next few years, but automakers are not aware of the seriousness of the problem. The operation of the Information Sharing Analysis Center is still a long time later, and manufacturers are still putting a lot of effort into finding security holes, not how to solve them. When dealing with the challenges, the automaker's approach is unreasonable, and they hope that the problem will be solved without discussion.
Chaff Cutter,Chaff Cutter Machine,Electric Chaff Cutter Machine,Electric Chaff Cutter
Shuangfeng Nongjiabao Machinery Technology Co., Ltd , https://www.starchmachine.nl