this post was submitted on 08 Feb 2025
584 points (95.8% liked)
Mildly Infuriating
36507 readers
734 users here now
Home to all things "Mildly Infuriating"
Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined.
Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means:
-No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
1.Lemmy Review
2.Lemmy Be Wholesome
3.Lemmy Shitpost
4.No Stupid Questions
5.You Should Know
6.Credible Defense
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
founded 2 years ago
MODERATORS
I wished I could live in this fairy tale world where a driverless car won't be vandalized/stripped for parts
Like you'd be paying 30 bucks to basically have an unsupervised car show up at your location that's totally not gonna result in a lot of trouble and cost a shit ton
You say unsupervised, but they have as many cameras and sensors on them than your average military drone at this point. They can (and will) transmit this data live if they detect negative interactions.
It's not like people don't have unsupervised access to cars without people in them right now. People park and leave their cars alone all the time.
Gangs of criminals are hacking big companies all the time and stealing or extorting millions of dollars. If they can hack into Amazon or Target they can hack into Uber and steal fleets of self driving vehicles. Just turn off all the data logging and have them drive to a chop shop or even down to the local port and right into a shipping container.
You vastly overestimate hackers abilities.
Most security workers at companies overestimate hackers abilities. That’s why all these companies are hacked all the time and there are tons and tons of data breaches.
The thing very few people understand about hackers is that they can code and they share their hacks as tools with each other on the black market. This means you’re essentially up against the combined effort of all hackers on the black market. When one succeeds, they all succeed. When one piece of server software is hacked, all companies who use that software get hacked.
There's a difference between grabbing data, and controlling physical systems.
Hackers are not regularly taking over power plants or shutting down manufacturing robots.
They are taking over Internet accounts though. They hack people’s social media profiles, Netflix accounts, Amazon accounts etc. They also take down websites via DDoS attacks.
Here’s the thing with fleets of self-driving rental cars: unlike power plants or manufacturing robots, these cars will be on the public Internet. They cannot be airgapped on a private LAN the way a fixed robot in a factory can.
So all it takes to control these things is to hack into the authentication system and steal the credentials for the master control account for the cars. Then they’ll be able to connect to the cara remotely and issue commands to control them, just as the company would for say, ordering them to return to base to recharge, get cleaned up, or be repaired.
That’s the vulnerability. And even if they put all the cars on a VPN it’ll still exist because hackers can and do steal VPN credentials just like any other credential.
By the way, there has been at least one high profile hack of manufacturing robots: the Stuxnet worm which targeted Iran’s nuclear program. Since a fleet of self-driving cars is going to have millions and millions of dollars in value (tens of thousands of cars on the road) it’s going to be an extremely high value target for criminal gangs. While their resources might not be as extreme as the probable Stuxnet creators, they will be very large (and might even gain state actor support from unfriendly countries).
The Stuxnet worm was created by the US government likely with hundreds of people working on it for half a decade or more, not some random hacker group.
There are ways to protect self cars, giving them a command to drive somewhere isn't inherently dangerous. The commands to send them to a destination will not be able to control HOW the car gets there, that will all be done locally on the vehicle self-driving software. It won't be possible to tell the car "go drive into this building" since the driving software simply won't allow for such a request remotely.
The most impactful thing that hackers could do is tell all the vehicles to pull over and stop where they are, which would cause problems of course, but it's hardly the end of the world. Essentially a form of DDOS attack on cars, but it would be detected almost instantly and likely the vehicles with occupants could just override it locally.
What exactly is a hacker group going to do with a fleet of cars that can certainly still be located by the corporation that owns them since they're literally connected to cellphone (and probably satellite these days) networks all the time. There's not that much value for a hacker in obtaining a self-driving car that can't drive by itself because it's not connected to it's network. The resale value for the fancy sensors and chips inside them is pretty much zero.
Again if people want unattended cars they can do this a lot easier than hacking a massive corporation to get access to them.
If the goal is to steal the cars then all it takes is to order them to go somewhere while disabling (perhaps via DDoS) the logging and other telemetry servers that allow them to track the vehicles. Once they’re stopped where the criminals want them they can break in and disable the power supply to shut them down completely, then tow/push them into shipping containers to send overseas for modification and resale.
There already exist international criminal gangs who do this sort of thing (edit: for regular, not self driving cars). Think of the resources of an organization the size of the Gulf Cartel. They operate their own cell phone network in Mexico. They’ve got hundreds of engineers. They absolutely could do an operation like this.
Why would the onboard software ever allow (or even support the ability) to disable connectivity?
The tracking doesn't even need to happen on the vehicle itself, given that they're likely to use cellular connections the tracking from the cell company can locate it.
My point is that there's no benefit to stealing a self-driving car over a regular car, so why would these gangs switch? None of the self-driving features will work when it can't connect to the network, and none of the extra parts have any sort of resale value separate from their intended use. They may as well continue stealing regular cars.
Who said anything about software? Cut the wires to the battery! That will power down any car no matter what.
The benefit to stealing a self driving car is that it’s a self driving car! What’s the retail price of self driving cars? $100k? More? The whole premise of the self-driving taxi and delivery companies is that the cars are too expensive for the consumer market so they operate on a rental basis instead. If self-driving cars became a mass market commodity like regular cars then thieves would just steal them the old fashioned way.
Of course the self-driving features work without the network. GPS works without a cell network. It’s a receive-only protocol. The only thing that won’t work is the remote command and control dispatch. That would have to be hacked around.
Cutting the wires will work, but it's already recorded it's location and transmitted that data by the point you get to that point.
There's no way that the self-driving car companies won't require regular check ins on the network to function in self-driving mode. You can't even play many single player video games these days without an internet connection.
Essentially it won't be a self-driving car once you've stolen it, and it may not even be a regular car either because some of the proposed models don't even have steering wheels or pedals. Even if you did crack the software, it's not going to be loaded with any sort of relevant self-driving functionality for <insert 3rd world country where they don't check vehicle registration here>, it won't have maps, it won't be trained on the local signs, traffic lights, road markings, etc. it may not even operate on the correct side of the road.
It’s transmitted that data but the gang has blocked the server from receiving it. I mentioned that earlier. This whole operation doesn’t go down unless you take out the eyes and ears of the company.
All that other stuff can be replaced. It’s still a car with a $15,000 battery in it and drivetrain and all the sensors and electronics.
And if the hackers can break in and steal data, they can steal the source code. Then they have all the keys to the kingdom.
Then the gang is going to have to take out both the self-driving car company AND the cellphone company at the same time. It's not just one getting the data, and again it's going to get noticed immediately if cars start going missing and data is being blocked. They may get ahold of a few dozen cars if they try to do it quickly, but they won't get even hundreds.
The battery may worth something, but it's a lot of effort to steal a car just to get a $15k battery. Criminal gangs aren't stealing 5 year old Kia Niros for resale across the globe, they generally target vehicles worth 3-10x that much.
There's no "source code" for self driving cars in the sense that a video game has source code. The cars have some normal code yes, but the self-driving portion is a trained machine learning model that is essentially a black box. It takes millions of compute hours on high end graphics cards along with millions of hours of driving data to generate a new version of that model. Stealing the existing driving model still won't make it work in West Africa or the Middle East. Stealing the training data wouldn't help get it driving there either, they'd have to collect millions of hours of local training data for each destination.
It would be easier for these gangs to start their own self-driving company.
I mean who knows. Maybe they just steal whatever valuable parts they can carry and dump the rest.
The model has to be stored in the car for it to work. I mean can you imagine the car driving along and a network interruption causes the self-driving system to be unresponsive for a second? That could cause a crash immediately!
So then if the model is stored in the car itself it can be stolen and sold to a rival self-driving car company in Russia or what have you. And in that case they could definitely repurpose the entire stolen car itself. They just need to replace the client code with their own so that the car connects to their servers.
Besides, the model isn’t going to have maps or server connection stuff built into it. The maps are external and part of the GPS navigation, so those can be replaced. And all the command and control stuff is just conventionally programmed client software that can be redirected to another server or even a server hosted locally within the car itself for autonomous driving.
Fundamentally, the reason self-driving cars are a bigger target than regular cars is that they leave no witnesses if you can disable the surveillance/logging. You don’t have to disable the cell towers for that, just the real time surveillance (just the company servers). Once the car goes dark it can no longer be tracked.
Who’s gonna vandalize it when everybody biological is confined to their home for safety? Not like any of the interhome bots could ever escape their programming without the police bots disabling them immediately.