According to People.Cn Co.Ltd(603000) report, the Ministry of industry and information technology released the guidance on Further Strengthening the construction of new energy vehicle enterprise security system (hereinafter referred to as the “opinion”) on the 8th, which mentioned that enterprises should take effective measures to prevent network attacks, intrusion and other acts endangering network security.
With the development of intelligent new energy vehicles, network security and data security are becoming more and more important. China Economic Net once reported that a 19-year-old hacker said on the social network that there was a defect in a software in Tesla system, and he had remotely invaded 25 Tesla cars distributed in 13 countries through the vulnerability.
five departments jointly issued a document
prevent network attacks and intrusions
According to People.Cn Co.Ltd(603000) report, according to the official website of the Ministry of industry and information technology, in order to further consolidate the main responsibility for the safety of new energy vehicle enterprises and guide enterprises to establish and improve the safety guarantee system, the Ministry of industry and information technology, the Ministry of public security, the Ministry of transportation, the Ministry of emergency management The State Administration of market supervision and other five departments recently jointly issued the guiding opinions on Further Strengthening the construction of safety system of new energy vehicle enterprises (hereinafter referred to as the Guiding Opinions), which proposed that enterprises should take effective measures to prevent network attacks, intrusion and other acts endangering network securityP align = “center” screenshot source: website of the Ministry of industry and information technology
“The development of new energy vehicles is the only way for China to move from a big automobile country to a powerful automobile country. In recent years, the safety level of new energy vehicle products has been significantly improved, and the overall safety situation has continued to improve.” The relevant person in charge of the first equipment industry department of the Ministry of industry and information technology pointed out that the emergence of new problems such as network security and data security has also changed the connotation and extension of new energy vehicle security.
In terms of improving the network security guarantee system, enterprises should implement the requirements of key information infrastructure security protection, network security level protection, vehicle network card real name registration, automobile product security vulnerability management and so on. Monitor the vehicle network security status and take effective measures to prevent network attacks, intrusions and other acts endangering network security.
Enterprises shall carry out data collection, storage, use, processing, transmission, provision, disclosure and other processing activities, as well as data exit safety management in accordance with the relevant provisions of laws and administrative regulations. It is also necessary to implement classified management of personal information, and take corresponding security technical measures such as encryption and de identification to prevent unauthorized access and disclosure, tampering and loss of personal information.
19-year-old hacker has remotely invaded 25 Tesla cars
According to Xiaoxiang Morning Post, according to the statistics of 360 Internet of vehicles security laboratory, among the 53 models of intelligent Internet connected vehicles sold by 25 car enterprises in China, 360 company has found more than 1600 vulnerabilities, including more than 1000 cloud vulnerabilities, which can lead attackers to remotely control all intelligent Internet connected vehicles of the brand in batches; There are more than 600 vulnerabilities in the vehicle end, which can lead the attacker to control the vehicle in a close and non-contact way, such as opening and closing the door, starting the engine, etc.
China Economic Net once reported that a 19-year-old hacker said on the social network that there was a defect in a software in Tesla system, and he had remotely invaded 25 Tesla cars distributed in 13 countries through the vulnerability. He believes that if someone remotely controls the sound volume in the car or the switch of the window when the vehicle is driving at high speed, it is quite dangerous; Even if the operation of flashing lights is carried out, it will affect other traffic participants, resulting in danger.
According to reports, the hacker named David Colombo can remotely control some Tesla cars through software vulnerabilities, including opening windows, starting the vehicle, opening the sound system, flashing lights, and disabling the security system. He can also detect whether the driver and passengers are in the car through the camera in the car.
The young hacker also revealed that the vulnerability did not allow him to remotely interfere with the owner’s driving behavior or conduct remote driving operations; At the same time, only a few Tesla vehicles in the world have this vulnerability.
experts say there are four risks in the Internet of vehicles
requires participants to jointly maintain and prevent
According to the Xiaoxiang Morning Post, Zhou Hongyi, a member of the National Committee of the Chinese people’s Political Consultative Conference (CPPCC), said that the higher the degree of digitization, the greater the security challenge.
Yang Wei, an expert of China Information Security Skills Competition Expert Committee and the person in charge of Zhong’an world, said in an interview with the reporter of Xiaoxiang Morning Post that when the on-board equipment on the vehicle makes effective use of all vehicle dynamic information in the information network platform through wireless communication technology and provides different functional services in vehicle operation, we call it “Internet of vehicles”.
The security risks of the Internet of vehicles are mainly concentrated in four aspects: the first is the security risk of the vehicle itself, the second is the platform security, such as the cloud services used in the process of networking, the third is communication security, and the fourth is data security.
In the era of intelligence, the platform is constantly clouded. If network security and data security do not meet certain security standards, more security threats will arise. Once a major vulnerability occurs and relevant permissions are obtained, hackers can even launch remote attacks on the cloud of the car, and can obtain some permissions to control the car, affecting the driving safety of the car.
Although the threshold for launching a series of attacks is relatively high, due to the increasingly rich functions of some supporting cloud services, the importance of network security should become one of the core competitiveness of intelligent networked vehicles in the future.
Yang Wei believes that for consumers for problems, we must give timely feedback, because consumers also play the role of product supervision. For enterprises enterprises, we must also pay attention to the network security of vehicles, because once there is a problem, it will affect personal safety or cause major traffic accidents. For automobile manufacturers and enterprises in the supply chain, we should do a good job in the self-examination of network security, the supervision and governance of data security, and the corresponding management.
For industry supervision department , laws and regulations on network security management should be gradually improved. At present, this field is still relatively blank, and there are no corresponding requirements and standards for enterprises to implement and implement. We hope to form a common regulatory mechanism through enterprises, regulatory authorities and consumers. For security technology company and third-party security company they can provide technical support and guarantee data security for vehicles.
