Iimoto zihambe kancinci kancinci zisuka kubuchwephesha obusulungekileyo ziye ekubeni ziphucukile kwaye zinepesenti enkulu ye-elektroniki ebandakanyekayo ekusebenzeni kwazo, kungekuphela nje ngaphakathi okanye kwinkqubo ye-infotainment, kodwa kulawulo lweminye imisebenzi ye-injini, ukubeka iliso kwiparameters ezinezivamvo. , kunye nokuphumeza zonke iifowuni ze-ADAS kunye nee-ADS zakutsha nje. Kunjalo ngoba, imoto hacking ibaluleka ngakumbi.
Iimoto ezitsha ezidibeneyo kunye nezizimeleyo zisengozini yokuhlaselwa okuthile, ngenxa yesi sizathu, ukwazi malunga nokuqhekezwa kweemoto kunye nokuqhuba uphicotho lwezokhuseleko kwizithuthi kunokuba mnandi ukujongana nazo. Fumana kwaye uvale iintshukumo zokhuseleko ezinokuthi zixhatshazwe ngabaphuli-mthetho be-intanethi.
Yintoni uqhekezo lwemoto?
El imoto hacking lisebe le-cybersecurity eligxile ekusebenziseni ubuthathaka kwiinkqubo ze-elektroniki zezithuthi. Njengoko iimoto ziqhagamshelwa ngakumbi kwaye zizimele, ziye zibe sesichengeni ngakumbi kwezi ntlobo zohlaselo, kuba ngokwesiseko ziinkqubo zekhompyuter kumavili…
Abahlaseli banokufikelela kwiinkqubo zesithuthi ngokusebenzisa iindlela ezahlukeneyokubandakanya:
- Inethiwekhi engenazintambo-Ukuxhaphaza ubuthathaka kwi-Wi-Fi yesithuthi, iBluetooth, okanye uthungelwano lweselula ukufumana ukufikelela kude kwi-infotainment system kunye nezinye ii-subsystems ezidibeneyo.
- Amazibuko oxilongo- Ngokufikelela ngokwasemzimbeni kwi-OBD-II yokuxilonga izibuko ukuxhaphaza iinkqubo zesithuthi.
- Ibhasi: njengokuba kwimeko ye-CAN, umgangatho kwiimoto ezinokuthi zibe sengozini kwaye zidibanisa ii-ECU ezahlukeneyo zesithuthi.
- Ubuthathaka beSoftware: Ukusetyenziswa kwebugs okanye ubuthathaka kwisoftware yesithuthi, kubandakanya inkqubo yokusebenza, usetyenziso kunye neeprothokholi zonxibelelwano.
- abanye: Kusenokubakho ubuthathaka kwiinkqubo zokutshixa izithuthi ezisekwe kwi-RF apho iingcango zinokuvulelwa ubusela, kwaye nesithuthi siqaliswe.
Los iithagethi zohlaselo ukukhwabanisa kweemoto kuyahluka kwaye kunokubandakanya ukusuka ekubiweni kweemoto ngokwazo ngokuvula kunye nokuqala, ukukhangela abantu abahlala kuzo (idatha yomntu, iindlela, indawo yangoku ...), kunye nokutshabalalisa ngokuxhaphaza iinkqubo zokuqhuba izithuthi okanye iinkqubo ze-ADAS, enokukhokelela kwingozi ebulalayo.
Ukufumana oku, iindlela zokuhlasela ezisetyenziswa ngabenzi bobuchwephesha be-cybercriminal, kunye nezifanayo ezisetyenziswa ngabahlaseli bokuziphatha ukufumana kunye nokuzama ukuqinisa inkqubo, zivela kwi-reverse engineering of software okanye izinto ze-hardware zemodeli yemoto efana naleyo bafuna ukuyihlasela ukuze babone ubuthathaka kwaye baxhaphaze. , ukwenza uhlaselo olukhohlakeleyo lokunyanzeliswa ukufikelela kwiinkonzo kunye negama eligqithisiweyo, ubunjineli obubuyela umva, ukufutha izithuthi kunxibelelwano, ngokutofa ikhowudi ekhohlakeleyo kwiinkqubo zemoto, kwabanye njengohlaselo lokudluliselwa, oluthintela kunye nokudlulisela imiqondiso engenazingcingo ukuvula okanye ukuqalisa isithuthi, ukubhuza, njl. Kwimeko yeemoto ezizimeleyo, ingxaki inokuba mbi nangakumbi, kuba ukuba sesichengeni kwinkqubo yokuqhuba kunokunika umhlaseli ithuba lokutshintsha indlela ekuyiwa kuyo, ukuyihambisa imoto ekude, kwanokudala ingozi.
Ngaphezu koko, ziya zisibaluleka ngakumbi ubuchule bokunciphisa, ukusuka ekuphunyezweni kwe-encryption kwibhasi ye-CAN, ukuqinisa iinkqubo zokuqinisekisa, ngokusebenzisa ezinye iindlela ezifana nokubeka iliso kuthungelwano kunye nabangeneleli, ukuphumeza imilinganiselo ye-firewall yenethiwekhi kunye nesofthiwe yokukhusela i-malware, okanye kunye neenkqubo ezisekelwe kwi-AI zokubona iipatheni zokuhlaselwa kunye nokuqikelela izisongelo.
Imizekelo yokuhlaselwa kwangempela
Los uhlaselo lokwenyani kwizithuthi Basinika isifundo esibalulekileyo malunga nobuthathaka obukhoyo kunye nobuchule obusetyenzisiweyo, kunye nokusilumkisa malunga neengxaki ezinokwenzeka kwixesha elizayo. Ezinye zeemeko ezaziwa kakhulu ziquka:
- Jeep Cherokee Hack: Ngo-2015, abaphandi bokhuseleko babonise indlela abanokuyilawula ngayo bekude iJeep Cherokee ngenkqubo yayo ye-infotainment, bethatha ulawulo lweziqhoboshi, isiteringi, kunye nenjini. Eli tyala liqaqambise ubuthathaka beenkqubo eziqhagamshelwe kwi-Intanethi kwizithuthi.
- Tesla Hack: Nangona uTesla uye wasebenzisa amanyathelo okhuseleko oluqinileyo, kuye kwabikwa iimeko zabaduni abaye bakwazi ukuvula izithuthi kunye nokufikelela kwiinkqubo zabo. Oku kugxininisa ukubaluleka kokugcina iinkqubo zokhuseleko zisexesheni kwaye ujonge ubuthathaka obutsha.
- abanye: Kukho neendaba malunga nokuhlaselwa kwezinye iimodeli ezaziwayo kunye neempawu ezifana ne-BMW, i-Mercedes-Benz kunye ne-Audi, eziye zaphantsi kokuhlaselwa kwe-relay, ukubiwa kolwazi, njl.
Kwaye ukuba sibala okunokwenzeka iingcango zangasemva ukuba abanye abavelisi banokuphumeza kwiiyunithi zabo, emva koko izinto ziba mbi ngakumbi...
Imiba yezomthetho
Ukukhula kwenkxalabo malunga nokhuseleko lwezithuthi ezixhunyiwe kuye kwakhokelela ekuphunyezweni kwe imimiselo nemigangatho emitsha:
- UNECE R155- Ummiselo weZizwe eziManyeneyo ukuseka iimfuno ze-cybersecurity kwizithuthi ezixhunyiwe.
- ISO/SAE 21434: ngumgangatho wamazwe ngamazwe ochaza inkqubo yolawulo lwe-cybersecurity kumjikelo wobomi bophuhliso lwesithuthi.
Nangona kunjalo, le asiyiyo yodwa inkalo yomthetho exhalabisa ikamva, kuba kukho imingeni ekusafuneka isonjululwe njengoko iteknoloji ihambela phambili. Kwaye kuyimfuneko ukuba, njengokuba besenza uvavanyo lokhuseleko olunje nge-Euro NCAP, kukwakho uvavanyo lwe-cybersecurity ngaphambi kokuba imodeli ihambe.
Ukuba nokwenzeka kokuba isithuthi esizimeleyo sigqekezwe kwaye sibangele ingozi eneziphumo ezibulalayo kubangela imeko enzima kakhulu ngokwembono yezomthetho. Ngumhlaba ongajongwanga lowo imingeni kwiziseko ezisemthethweni ezikhoyo, eyilelwe ubukhulu becala iingozi ezibangelwa ngabantu. Oko kukuthi, kukho imithetho yokumangalela abantu ngolwaphulo-mthetho lokubulala, ukubulawa kwabantu, ukuhlaselwa kwempilo yoluntu, njl. Kodwa kwenzeka ntoni kwezi meko? ngubani onoxanduva? Ngaba umenzi wesithuthi ukuba ufunyaniswe ukuba wayesazi ngobungozi bokhuseleko kwaye akazange alungise? Ngaba iziphatha-mandla ezisilelayo ukumisela imigaqo yokhuseleko efanelekileyo nazo zinokumangalelwa? Kuthekani ukuba umhlaseli we-cyber onoxanduva akanakuchongwa?
CAN Ingozi yebhasi enokubakho
El Ibhasi ye-CAN yenzelwe unxibelelwano phakathi kwamacandelo eemoto, ibeka phambili isantya kunye nokuthembeka kunokhuseleko. Oku kuthetha ukuba ayinayo ungqinisiso olomeleleyo, uguqulelo oluntsonkothileyo okanye iindlela zolawulo lofikelelo. Ngakolunye uhlangothi, uluhlu olubanzi lwamacandelo ezithuthi zidibaniswe, oku kuthetha ukuba umhlaseli ophazamisa i-ECU enye (i-Electronic Control Unit) unokufumana ukufikelela kuyo yonke inkqubo. Kwaye kule nto kufuneka songeze ukungabikho kocingo okanye ukwahlula phakathi kweenkqubo ezidibanisa le bhasi, ezivumela ukuba uhlaselo lusasazeke.
Ukuba umhlaseli ufuna ukuthatha inzuzo yebhasi ye-CAN, banokufaka imiyalezo yobuxoki ukuze baqhube imisebenzi yesithuthi, ukusuka kulawulo lwenjini ukuya kwiinkqubo ze-braking, njl. Njengoko kunokubonwa kumfanekiso, ibhasi ye-CAN idibanisa ubuninzi beendlela zombane ezihambelana ne-injini, i-steering, iibhuleki, izibane, iinkqubo ze-ADAS, i-airbag, njl., zonke zibalulekile.
Izixhobo zokuqhekeza imoto
Okokugqibela, ukuba ufuna ukuqalisa ukuphanda i-car hacking kwaye uzame ngokwakho, kufuneka wazi ukuba zikhona ezinye izixhobo ezinomdla kakhulu kwimarike: