Someone hacked YandexTaxi and ordered all available taxis to the same location
twitter.comBack in the day (1960s?) two relatives of mine had a prank battle going on. One of them posted an add in the local newspaper offering to buy old Christmas trees, at the address of their adversary. Half the city showed up, were told trees were not in fact being bought, and everybody dumped the trees at their door.
Reminds me of the story in Pranks[1] (I got my copy at a garage sale V. Vale was having in SF years ago!) about an even more vicious prank - advertising for workers to help demolish a home - while its owner was out of town...
Wasn't that one of the SF robber barons wanting to expand his palace and the home owner refusing to sell? Even calling it a vicious prank seems nicer than the action deserves.
V. Vale exists? I always just thought they were a cohort of sorts.
Heartily recommend that pranks book.
Yup, V. Vale certainly exists and sells his RE/Search publications pretty regularly outside of City Lights bookstore in SF! He has a table he set up on the sidewalk and is very friendly and full of great anecdotes.
Back in the Depression, my grandfather and a friend posted an ad. It claimed to be a medical laboratory who needed cats for an experiment, and offering $0.25 per cat if people would bring their cats to the local train station at whatever time.
Of course there were no lab representatives waiting at the appointed time, so lots of people just dumped their cats (or perhaps they were feral cats that they rounded up?) at the train station. The neighborhood was infested with them for some time after that.
Unusually for gramps, he actually proved that this particular story was true. He actually had a newspaper clipping that told the story.
Seems like a great way to stock up your firewood supply for the next winter, if you manage to target it in a way that doesn't cause half the city to show up, but maybe a little less than that?
It's not. You don't want to burn softwoods; they're resinous and create a ton of smoke.
A pile of Christmas trees makes for a terrific January beach bonfire.
We lit up a dead Christmas tree that had been sitting outside one summer. We were so sure the cops would show up when someone saw the two story column of fire that thing made. The good part is that it was all over in about a minute.
Every year our neighbors do this. We jokingly refer to them as The Bumpus family because they are loud and are always doing stuff like this.
Properly dried they are pretty smoke-free
How dry are we talking? Because burning furniture-grade EWP offcuts (~6% moisture content) is smoky as hell. It isn't the wood, at least not entire - it's the sap pockets and other crap.
(I have a wood shop, these are things relevant to my interests!)
Pine is really smokey and burns fast
Here in Sweden at least, christmas trees are not pines but spruce.
These small ones with lots of branches - probably not worth the work effort unless you are desperate. And you'll get a lot of residue branches. You also want them to dry for a season before you burn them.
Other than that, they burn just like any other log. Maybe a bit less energy per log. Maybe more smokey than some, but smoke should go out the chimney not in the room.
In the US we use firs and spruce as well but often "pine" means some kind of conifer...
Occasionally you might see some white pine sold at Christmas tree lots.
Mostly fir or spruce in the US as well, but those are often informally referred to as "pine"
Our land area consists of like 70% of either of those so I guess that makes it more important for us to tell the difference :)
I'll admit I can't tell a spruce from a fir, but pine trees look so distinctive that I can always spot them.
Granved är ren skit. Förstör skorstenen o pannan, kåda o inge energivärde. Elda björk istället!!!
It's worse than that. The sap in it will collect in the chimney and then cause a chimney fire. You really don't want to burn that stuff in a fireplace.
I'd say that is a symtom of bad combustion (too little air). Not what kind of wood you use. Sap burns just fine.
It's both too low temperature burning leaving resiude in the chimney that can catch fire later, AND pine/spruce having way too much sap to burn alone. You should absolutley mix it with other wood when you burn it, same as oak.
Fair enough. Feels like you have more (possibly hard-earned) experience than me on this issue.
So use a rocket stove? Burns too hot and efficient to leave residue.
Yeah, let me just dig the old rocket stove out of the basement and fire it up.
They are fairly easy and cheap to construct, plenty of guides for rocket stoves, and rocket mass heaters.
Want to heat an entire garage 24h with a hand full of twigs? An ordinary oven can't cope.
It reminds me of a newspaper ad I saw 20 years ago which read "Free monkey and 10 pounds of monkey food. call 555-555-5555". Well the gentleman that answered did not have a monkey for sale, and was quite rude about it.
And Wouldn’t monkeys eat regular human food?
Monkey bite your face off.
That number shouldn't work, right?
I am assuming OP is using 555 as a stand-in for whatever number was there at the time, however long ago.
Had a roommate in graduate school whose friend listed his car (and phone number) on craigslist for a ridiculously low price. His phone was ringing off the hook for like two days until he was able to get it taken down.
How do people find out who did these things though? Is there a big reveal where the cape is whipped aside?
Find the "friend" who can't look at you anymore without breaking into a fit of giggles / falling over laughing?
This is a great way to get free firewood
softwood is horrible to use. The resin in it burns up and gums up in the chimney and can cause chimney fires.
Ya its free but also burns quick and doesn't put out enough heat.
Chop it, split it, dry it for a year and it’s fine. I’ve burnt huge amounts of pine in my Jøtul.
Brotherman, you burn what you've got. Doug fir and spruce are fine firewood and fine Christmas trees.
Edit: 'Chim-chimminey chim chim cheroo' Stop killing honest jobs
This reminds me of a classic (non-internet powered) version of this where every business in London was sent to some unsupecting resident's address in order to win a bet, clogging the streets in the process: The Berners Street Hoax of 1810.
What I love about this is that it's a textbook example of a reflection DoS attack (https://en.wikipedia.org/wiki/Denial-of-service_attack#Refle...) - you send a message with a spoofed reply-to address, such that the message you sent (in this case, a letter) is much cheaper than the response eventually sent to the victim (in this case, tradespeople / goods / dignitaries).
Just to point out some possibly ambiguous phrasing, but the person pulling the prank was trying to win the bet - the tradespeople and visitors were called there to use their services(ie chimney sweeps thought they were going to sweep a chimney), not that they themselves were going to claim some prize.
This is what happens when optimists win and the realists are cut out of the conversation.
As a taxi service, I believe I would want to know if I'm about to have a shortage of taxis in any one area of town, and I'd better only have a concentration in one area of town for an event the entire world is talking about, like a reunion tour or a championship game.
Even with the hack, the moment all of the taxis started converging on one area of town, alarms should have been going off and managers should have been asking questions. But that's not what happened, because we say yes the moment money enters the conversation, without bothering to ask what it says about you as a person if you'll do anything for money, or for that matter if the money is even real or just a trick to get our attention.
It’s already so hard to build a large company, you just don’t have the resources to chase super rare, low pain outcomes.
This is the first time this has happened and the total cost of it is at most a few hours revenue. They’ll likely add safeguards to prevent such a thing now, but if they ran the company preparing for every possible way things could go wrong, they’d get absolutely nothing done.
Good reasoning. Hindsight bias comes to mind:
Nobody asks you to build a large company
low pain outcomes
All your customers thinking your app isn't secure any more isn't "low pain".
Equifax lost millions of credit files, no consequences for them.
The Us government lost the completed forms that people who want a security clearance have to fill and that lists all their hidden skeletons (they must disclose them in the form so the govt can assess the likelihood of them being successfully leveraged by an enemy) and nothing changed[0]:
> In 2018, the OPM was reportedly still vulnerable to data thefts, with 29 of the Government Accountability Office's 80 recommendations remaining unaddressed. In particular, the OPM was reportedly still using passwords that had been stolen in the breach. It also had not discontinued the practice of sharing administrative accounts between users, despite that practice having been recommended against as early as 2003.
Not to mention the breaches happening at regular interval. I’m concerned about them and even I can’t remember them.
People don’t care. It happened to many times. It’s too abstract for a lot of people just like “Facebook and gmail can read my messages, nothing to hide”. There is little to no penalty for not being secure enough/getting breached.
[0]: https://en.m.wikipedia.org/wiki/Office_of_Personnel_Manageme...
99% of customers won’t care, because they will only briefly see the news, this hack did not harm them, they don’t care that much about security of an app and they don’t have a good alternative.
The impact of such incidents on company reputation and revenue is often exaggerated.
A few customers will have strong negative opinions "I was waiting at the airport in the rain for four hours!" but most people will indeed shrug this off. It's a much different issue than what happens when payment systems are compromised.
A lot more people care if they're informed their credit card was stolen and told to carefully watch statements for the next month - that leverages a real PITA cost on the customer.
Yandex had already leaked ALL data about their food delivery customers, including addresses and names. Didn't hurt them a bit since they're a monopoly. (It used to be a duopoly, but they're acquiring the only seriously competing service now).
When you're a government controlled corporation in an openly fascist state, you couldn't care less what your customers think.
That's got nothing to do with what we're talking about.
The first comment didn't say they should have spent more time on security, it said they should have spent time creating a system to detect if too many taxis were in one spot.
I think we can all agree that security is valuable and should be prioritized, but spending time worrying about how to stop who is already in your system from sending all the cabs to the wrong place seems like a waste of time.
Hell, IF (big if) the worst thing a hacker could do once they had access YandexTaxi's servers is send a bunch of cabs to the wrong place, you could almost spin that in a positive light. "We spent so much time protecting customer data that all they could do is send our divers to the wrong place".
It is hard to make a solid argument about perceptions. Is it possible that non-technical people would perceive the ability to send all the drivers to one location as a big security problem, even though it doesn't really require any conventional security issues? Maaayybeeee. "Hacks" that intrude into the real world do have a bit of an over-inflated appearance of importance after all.
Maybe they managed to also steal or encrypt data, and now the media attention in a sense helps the hackers claim extortion money? Since the showlights are now on that company?
True, but going back to the original argument, if hackers did manage to steal data, that makes the idea of spending time trying to prevent all the taxis from being sent to one place even stupider. In the world where YandexTaxi had extra time to spend on something, they should have spent it on securing their data better.
When you build a product, your customers expect, and pay, you to be an expert and dedicated to that domain. Not some kind of fly by night scam.
This is such a ridiculous take I’m having trouble understanding if it’s satire or not.
When you write a comment, you have to be responsible. Others might read it and take it seriously and your advice might lead to death and dismemberment. If you aren't willing to get insurance before commenting, don't comment. Leave it to the professionals with licences.
This is more of what happens when you do the least effort to build a product to make a buck. They're probably optimized for the average happy path, however flooding isn't a concern until someone gets upset.
Not necessarily. Despite us armchair critics, it is also very easy to miss an attack vector when building your software. We find stuff after years that we can't believe we missed like a missing auth check.
Not that unusual at all when you are talking about 10s of 1000s of lines of code written by different people over the span of about 8 years.
That’s why I favored detection at the top. I’ve worked on complex code signing apps that the blockchain people would recognize. Shit is hard. You can’t stop many things and still make money. But if you figure out what the boundaries are of the nominally running system, you can chart or earn when you start to lose the plot.
I prefer charts over alerts, because as the company grows we keep forgetting to update the alerts. But then you need people who look at the charts between other tasks or you won’t catch anything and have to go back to alerts.
Yandex in particular has a system where it would dynamically adjust the price to prevent that sort of thing happening. When many people want to order a taxi to the same place, it gets really expensive, really fast. Uber does that too. This normally works well, but I feel like this hack bypassed the normal ordering system entirely and just sent bogus orders straight to drivers.
New customers are allowed to pay in cash to the driver, which makes it effectively anonymous. Nothing was at stake.
In most areas taxi-companies use a zone-based system where cars will flag what zone they're in (rarely automatically using GPS and more often via button presses) this is an effort by the cab company to keep their vacant vehicles well distributed to keep a high response rate and increase customer turnover.
It also happens to have the side benefit that an operator watching the flagged zones would be able to see this kind of an issue happening in advance and maybe check into why every cab is suddenly bee-lining it to zone 3.
But there should still be some override that would allow for a bunch of taxis to converge at one spot. Say a sporting event just got out, there's going to be a lot of people looking to catch a ride home. If you don't want all of those customers finding another ride, the system should have no problem dispatching drivers from other zones to pickup. Having a bunch of fares popup at the same location shouldn't be a major concern and it sounds like there were no safeguards preventing every driver from being dispatched. Without just adding a limit, like no more than 50% of taxis can be dispatched to a single zone, I'm not really sure how you could prevent this from happening again. I don't know exactly how the hack happened but if someone was just able to manually spam the dispatch queue directly, the only thing you could do going forward would be to place an automated check on every addition to the queue that it's from a real user with a valid credit card and that no other requests from that user exist in the queue.
It’s a distributed system right? How do you prevent saturation of a single service?
Backpressure.
Add artificial delays to the queuing time, increasing for each taxi.
Maybe that was the case 10 years ago. Or 15.
Nowadays it's all automatic, there are no predefined zones - only past statistics and about zero operators.
edit: srsly, that's what Uber is all about. and YTaxi is one of Moscow Ubers.
My comment is about how Royal City Taxi, Yellow Cab Vancouver and Benways in Burlington work - I have never been an Uber driver or involved with the company and can't comment on how they manage drivers.
Also, you're saying my comment is out of date but this out of date system effectively solves the issue that just occurred with YandexTaxi - so maybe if you're working on a more up-to-date system you should borrow from the out of date tactics.
There are always going to be individuals that say yes the moment money enters the conversation, as long as food and housing cost money and there is the possibility of going without.
Universal Basic Income now!
Yandex.Taxi, like Uber (in fact, they merged with Uber in Russia), is not really a 'taxi service', they're a marketplace.
A real taxi firm would notice and stop taking new calls to the address, but Yandex.Taxi aren't really 'dispatching' taxis, they're just advertising jobs, and letting drivers respond in real time.
In fact, I'd imagine that almost none of the orders placed are reviewed in realtime, and the only indicator that anyone would have had for this to begin with would have been a higher than average number on the dashboard for 'trips requested today' - an interesting metric, but not something that I would expect to be monitored closely in real time.
I'd imagine there's a 'no show' procedure that doesn't involve human oversight, so the first couple of drivers likely arrived at the address, waited a few minutes, then coded in the no show and moved on to different jobs.
This is also likely a metric on a dashboard which would have been the second indicator - booking cancellations/no-shows/driver rejections. But again, it's an analytics metric, rather than realtime actionable business intelligence, so it's the sort of thing that gets put into weekly reports. Maybe someone would have seen it and thought 'huh, that's a bit high', but probably didn't trigger any alarms.
Eventually a curious taxi driver would start to question why there are so many taxis outside this address, and would get out of his car and chat to his colleagues. They'd identify that they'd all been asked to the same address, and probably all cancel together and drive off.
MAYBE the third indicator here would be a call from one of the drivers to customer support, letting them know about the 'system glitch' that meant multiple taxis were waiting at the same address, but it's equally possible that the drivers just moved onto their next fare without reporting any issue.
So potentially, the first time that anyone at YT realised there was a serious issue was already 10-15 minutes after the incident occurred, by which time, it's already late. On top of that, it's unlikely that they have a way to easily and effectively cancel all bookings to a particular address.
I don't have any details on the hack itself or YT's infrastructure, so it may have been very difficult to identify and cancel the fraudulent bookings en masse (e.g.: fuzzed addresses, booking times, different users, card details not stored or different card numbers used, etc.).
By the time it got escalated to any technical teams, we're already likely 30-40 minutes into the incident itself, at which point they have to analyse what is happening, trace how it happened, and identify a fix.
With the immediate nature of taxi booking (I want a taxi NOW, not in 45 minutes), it doesn't surprise me that an incident like this can occur before any technical measures can be put in place to stop or mitigate it.
Who is cutting anyone out of the conversation? You sell your product and if I care for 100% uptime, I'll pay for it. I actually don't. I can route through lots of stuff for appropriate savings and most people can.
No one wants this single pair of instances in a Tier 4 datacenter that host a single key-pair authenticated process with dual manual approval and an air-gap that dispatches one taxi (and precisely one taxi) every 30 days on a route where it can be guaranteed to hit its time prediction.
Any fool can build a bridge that stands. It takes an engineer to build a bridge that barely stands.
I guarantee you there are two ex employees saying “I told you” right now.
Faster faster faster always wins because that’s what the management wants to hear. As long as their options best before the consequences stack up, they have no - and accept no - responsibility for the longevity of the company.
If you haven’t worked with any defectors than you’ve managed better than many of us, or you’re very lucky.
Sure. But it's a market. It's possible for consumers to exercise their preference. And overwhelmingly they don't care about this stuff.
The title is kind of misleading.
Yandex has thousands of cars here in Moscow. There were around 60 in this jam on the prospect.
So most likely not "ordered all avaiable", but "the order was forwareded for all available in the radius" or something like that.
Surely you can't order a car in Yadex Taxi much less order all of them or even a car from another part of the city.
This video shows at least 45 cabs, so dare say there was a lot more than 60:
https://www.reddit.com/r/Damnthatsinteresting/comments/x3neh...
Google-translated Kommersant article: https://www-kommersant-ru.translate.goog/doc/5538017?_x_tr_s...
Is there any way of confirming this?
Without knowledge of Russian or context this could just be taxis on some sort of protest rally.
See here (article contains Yandex Go statement):
Or just a bug in the routing.
this is also something that's oddly absent from the self-driving debates. Mass deployment of the same models or apis in automated systems is very brittle because it means errors are highly correlated. it's like a form of central planning.
individual drivers or individual taxi firms in a market due to their decentralization are much more robust to any kind of individual failure.
People often ask "is the car smarter than the driver?" but the correct question would be if the car, or system is more diverse than the aggregate knowledge of all the participants.
Yes. Additionally, this is a commonly cited win of cars in cars v. public transport. You can take your car anywhere in the zombie apocalypse*, whereas any system that requires central planning (trains) are more likely to break.
Making cars (human or machine driven) depend on a centralized service basically takes away that advantage.
* assuming you have enough fuel/battery
Typically in apocalyptic settings the roads are quickly clogged with abandoned vehicles.
I'd like to think Ukrainan hackers were behind this.
It being the work of Russian dissidents would be much better in my opinion
There actually are some Russian Anarchists doing some very risky sabotage ops inside Russia, so it's not out of the question: https://www.vice.com/en/article/5d3den/russian-anarchists-ar...
But it could be an Uber employee who still has access to the Yandex Taxi DB after the split up that happened a few months ago…
Revoking accesses it hard.
A related - today is the first, and thus kind of celebrated, day of school in the former-USSR territories, like Russia and Ukraine, and the top Russian TV channels in Crimea were hacked to broadcast Zelenskiy speech congratulating schoolchildren there with the first day of school https://focus.ua/voennye-novosti/527684-hakery-postaralis-ob...
Just wait til the day when someone does this with an autonomous car or delivery drone fleet!
Already happened: "A Swarm of Self-Driving Cruise Taxis Blocked San Francisco Traffic for Hours"
https://www.thedrive.com/news/a-swarm-of-self-driving-cruise...
Elevator Pitch:
jammr.com: It's like Uber for Traffic Jams!
I suspect you're kidding, but you know, having lived through a few very long traffic jams I could imagine some scenarios where I'd be willing to pay for:
1) Rickshaw or cargo bike with a narrow pull along trailer to let me use the bathroom 2) Similar setup with food and drink 3) Similar setup with a few gallons of gas if I've gotten a bit too close to empty 4) More expensive (XL?) version of the service where I am getting delivery from a helicopter (since drones flying over congested traffic is not an FAA approved delivery method)
You might not be able to make this a daily thing, but when things get bad I suspect the margins might be unreal.
Or the idea from Nathan For You where another driver will be delivered on a motorcycle (in places they're allowed to cut between traffic jams) to take over while you ride to your destination on the back of the bike.
>1) Rickshaw or cargo bike with a narrow pull along trailer to let me use the bathroom
doodoober.com is available!
shyt.com is taken though.
Needs this music https://www.youtube.com/watch?v=JEyEkbOlMfA&t=690s
and then some https://www.youtube.com/watch?v=07tYdd7drSE
Daemon, by Daniel Suarez. Not to ruin it, but computers summon all smart cars at once for a task.
That was not a very good book.
I enjoyed it but it was a case of his ability to come up with interesting ideas exceeding his abilities as a writer.
It desperately needed a better editor.
What does "all available" mean in this context? YandexTaxi operates in 1000+ cities and is connected to 700,000 drivers.
This happened in Moscow, so probably all available taxis in Moscow.
Nope, just dozens of taxi app accounts were hacked and used to order taxis to the same street. That's a tiny fraction of over 70'000 taxis in Moscow.
If I were a taxi driver, I think it would take me some time to get to the point of admiring the ingenuity.
I used to be a taxi driver and anytime something looked to be turning into a major clusterfuck like that I’d just get the hell out.
One night Modest Mouse played downtown Phoenix and went past the time light rail stopped running on weeknights. Same thing happened, basically everyone who took the train called for a cab. Once I realized what was happening I just grabbed the first group who flagged me down and got the hell’s out of there.
What I especially like about the video is it is completely obvious something isn’t right and they’re all still trying to get to the pickup point.
The message on driver's screen says something like "Note from passenger: Guys and girls, stop feeding the yellow [Yandex], switch to Wheely!"
Many drivers do not read the passengers' comments on the order. Anyone who took a second to read this comment would've understood that there is something fishy here.
Quite surprised that Uber still operates in Russia given the situation.
Uber was selling it's stake back in February [1]. Not sure of the results of that, but maybe it's a contractual licensing issue?
https://www.bloomberg.com/news/articles/2022-02-28/uber-to-a...
Uber seems to have been transferring business to Yandex as far back as 2018 World Cup - that's when the Uber Android app stopped working for me there. Yet, I've seen it work for some people this summer, very weird.
Message from hackers at the driver's phone says: "Girls and guys, stop feeding the yellow, work with Wheely".
lol get rekt. i wish business people would immediately imagine this every time a software product is pitched to them
Someone hacked #YandexTaxi and ordered all available taxis to Kutuzov Prospect in Moscow. Now there is a huge traffic jam with taxis. It‘s like James Bond movie.
Did any of the taxis fall out of a hospital window?
revealing venerability is awesome
hack the planet!
its the central planning thing all over again
is this the future of self driving cars?
I think you are right. I think the unknowns are, how tiny will the script be that commands all the cars into a lake and will it be a cloud hack or a local broadcast hack?
Better question is, will they be able to outlaw t-shirts with 20km/h speed limit signs on the back or people walking on the sidewalk wearing them.
Pfft. I’ve already got my collection of t shirts ready:
-1km/h
NULL km/h
false km/h
<script>alert()</script> km/h
:-D don't forget "undefined"!
; DROP table traffic_signs;don't forget 50/0 mph
First, a command to download updated GPS maps that says "There's now a bridge over that lake"...
Yep, I've had Google Maps direct me to drive into a wall or an empty field more than a couple times over the years. It's not uncommon for people to get stranded or even killed by blindly following bad GPS directions. The maps are often quite bad in less traveled areas. And these are the non-malicious cases!
Sorry, this bugged me enough to try and find some data:
> It's not uncommon for people to get stranded or even killed by blindly following bad GPS directions.
Google took me to Wikipedia[0], which took me to a conference paper[1]:
In a corpus of about 400 news articles from 2010 onwards (via Lexus Nexus search), they found 52 deaths related to navigation technologies, which accounted for about 25% of the incidents they recorded.
57% of the incidents were collisions; someone running into something due to GPS giving bad directions.
20% total involved being stranded.
That's over ~6 years of US, UK, Canadian & Austrailian news reports.
It may not be uncommon for GPS to kinda suck, but it is _very_ rare for GPS to kill people.
[0]: https://en.wikipedia.org/wiki/Death_by_GPS [1]: https://www.researchgate.net/publication/312936003_Understan...
I haven't done any deep research on the topic but know of several specific fatal cases off the top of my head. It's not like someone dies every day, but for every reported case there are probably many that don't get reported as such.
The much more common case is getting stuck and needing a rescue. Google maps is absolutely terrible at dirt roads. It will confidently give you directions that make absolutley no sense once you get away from pavement. It never got me stuck anywhere, but easily could have many times if I had been less cautious. Nowadays I know to ignore those directions in less developed areas.
I think the broader point is that driving navigation tech is getting fairly good at happy path cases but is woefully underdeveloped outside of that.
How about just driving you by billboards on, or for, Alphabet controlled properties?
I feel like they're already heading towards manipulating routes to favor advertisers.
They do it the way around, personalise the billboard content to the people near it.
is this the future of self driving cars?
My prediction: Ransomware hits self-driving cars.
You're locked in the car until you Venmo the bad guys some credits.
To encourage compliance, the stereo starts playing the sound of running water.
One would hope your car would be more secure than your venmo account.
And the future of the planned 6-th generation unmanned combat aircraft ...
there were already such bugs before, and my analysis is that even the older ECU cars before the 2000s had such bugs, just nobody bothers to look for them (also ECUs have been causing deaths from bugs but they just assume its the driver's fault). self driving cars will be the next order of magnitude of problems. ECU 1x, smart 10x, self driving 100x.
> In July 2015, IT security researchers announced a severe security flaw assumed to affect every Chrysler vehicle with Uconnect produced from late 2013 to early 2015.[120] It allows hackers to gain access to the car over the Internet, and in the case of a Jeep Cherokee was demonstrated to enable an attacker to take control not just of the radio, A/C, and windshield wipers, but also of the car's steering, brakes and transmission.[120] Chrysler published a patch that car owners can download and install via a USB stick, or have a car dealer install for them.[120]
:O I would put the number of drivers who downloaded and installed the patch somewhere between 5-10.
It's ok, those cars probably lost or will lose connectivity as 3g goes away.
Yeah but probably all vehicles have the same types of vulnerabilities.
Not the future, it did already happen, albeit on a smaller scale with Cruise: https://www.thedrive.com/news/a-swarm-of-self-driving-cruise...
The worst part is they were never really transparent about what the issue was.
I’ve had this worry for years of a state level attack via network connected FSD cars. But I’m hardly alone, it was shown in a Fast and Furious movie, so people are thinking of it.
First mention of using driverless vehicles as weapons I recall was Daemon by Daniel Suarez.
IRobot (the film) predates that and uses the idea https://en.wikipedia.org/wiki/I,_Robot_(film)
I forgot if any of the IRobot short stories used the concept - if they do they would predate the movie.
https://en.m.wikipedia.org/wiki/Sally_(short_story)
First mention of self driving cars becoming sentient and turning on humans I’m aware of, from 1953!
Maybe one day I'll re-read Daemon. A book not so far ahead of its time.
Might feel a little too close to home to re-read.
I'll never forget the gig worker assembly scene.
Don't forget the eighth 'The Fast and the Furious' movie.
oh yeah that was the first thing I thought of when I saw this
Beep beep, motherfucker!
Self driving cars are not needed for this. It happens on The Jetsons all the time.
No, the future is to command all self driving cars to immediately accelerate to 100 mph and do not stop for whatever reason no matter what. Pure remote code execution.
Someone also seems to have hacked this post on twitter... it's not loading
Some nitter instances also show it: https://nitter.42l.fr/runews/status/1565319649683804160#m
You can also search for #YandexTaxi : https://nitter.42l.fr/search?q=%23YandexTaxi
Yeah, there's a spike on downdetector's chart: https://downdetector.com/status/twitter/