
2015-07-16 09:09吉丽亚
汽车观察 2015年5期









2013年7月,Twitter公司软件安全工程师Charlie Miller和IOActive安全公司智能安全总监Chris Valasek表示,在获得美国政府许可的情况下,他们对网络入侵攻击汽车进行了几个月的研究之后,在丰田普锐斯和福特翼虎的主要系统上,实现了以下情景:迫使普锐斯在80英里/时的速度下刹车、猛打方向盘、让发动机加速;也能使得翼虎在超低速行驶时刹车失效。不过他们进行汽车攻击时需要把电脑连接到车上,并不能实现远程攻击。当然,丰田和福特的发言人同样拒绝对此事置评。

2014年3月28日,在新加坡举行的黑客安全会议上,网络安全顾问Nitesh Dhanjani宣称特斯拉Model S豪华跑车安全系统存在多处设计缺陷。Dhanjani表示,特斯拉Model S的账户密码安全度较低。如果采用类似盗窃电脑账户密码或在线账户密码的一些黑客手法,就可以让Model S的账户密码变得脆弱。因为6位密码变化不多,黑客可以破解密码,定位车辆,盗取个人信息。他还表示,一辆价格100,000美元的车将安全寄托在短短的六位数密码上,显然是不可忽视的问题。特斯拉发言人则对Dhanjani的发言拒绝置评。






面对存在的未知领域,面对海量“互联网+”的新闻,由李克强总理引发的议题已成2015年的重要纲领。然而“互联网+”的背后,“安全”谁来保障?带着种种疑问,《汽车观察》记者采访了凌动无限科技有限公司CEO Pasi Nieminen,由他来解答未知之境。

《汽车观察》:We are seeing a lot of car manufacturers and after market IVI solutions using Android. What do you think about Android's future in cars?


Pasi Nieminen:The systems we are seeing in China are based on the open source versions of Android and are only partly compatible with Android. Why do manufacturers use these modified versions of Android? Because it is quick and cheap to create something visual for customers, but the trade off is in performance and security. Android is not optimized for the car environment. It is a very power hungry system which means in order to run well you need a more powerful and more expensive processor. So you save money on the software but you pay for it on the hardware. Android security architecture is not fit for secure car computing, and can only be used in non-critical systems such as infotainment.

Pasi Nieminen:我们在中国所用的系统只是基于安卓的开源版本,和安卓只是部分兼容。为什么大家使用这种开源的安卓呢?简单的说就是图方便,用便宜的方式尽快做出来一个看得到的东西,以期卖给消费者。它的代价是性能和安全。安卓并没有针对车装环境做优化,它是个非常耗电的系统,意味着需要一个非常强大和昂贵的处理器。如果你要在软件上省钱的话,就得在硬件上花大钱。安卓的安全架构并没有考虑到车载电脑对安全的要求,所以只能用于对安全要求不高的信息娱乐系统。

《汽车观察》:People are worried about leaking personal information in connected cars, will APPs do that?


Pasi Nieminen:In mobile the security threat is to your personal information, but in a car its a threat to your life. If someone can take control of your car, you could die. A car is a complex multi-system environment and with the new demands and the new opportunities offered by software, security in cars is becoming ever more complex. All parties concerned have to work together to implement a secure platform for connected cars.

Pasi Nieminen:如果说手机的安全风险更多是个人信息的话,汽车互联危险则是生命。如果在行驶时,汽车被远程控制,可能会因此送命。现代汽车本身就是个复杂的多系统环境,加上新要求及软件带来的新机会,汽车的安全问题也会越来越复杂。所有相关方必须紧密合作,创造安全的车联网系统平台。

《汽车观察》:What can users expect from cars that have Internet+ connectivity?


Pasi Nieminen:Infotainment features are important and easy for users to understand, but the Internet+ car is the foundation for a new generation of cars and transport. It is the key technology that will enable smart traffic. In smart traffic enabled cities, connected cars communicate with the city's infrastructure, leading to a safer and less stressful driving experience. The networks for entertainment and for infrastructure communication should be separate.

Today we are moving into a period of rapid software driven technological development and car manufacturers have to implement these changes very quickly. The key to that is an integrated, robust, flexible and secure high performance computing platform at the heart of their cars.

Pasi Nieminen:信息娱乐是很重要的功能,也容易理解。但是互联网+汽车是新一代汽车和交通的基础。它代表了智能交通的关键技术。在一个智能交通使动的城市里,互联汽车和城市有更多通信,目的在于创造一个更加安全的更少压力的驾驶体验。娱乐系统及通信系统必须要分开。今天,在快速地软件驱动的技术环境下,车厂必须要以非常的快的速度引入新的变化,这就需要一个集成度高的,健康的,灵活安全的,高性能的电脑系统平台。













In the past, access to the CAN bus was restricted by physical access to the car – if you couldn't get to the car then you couldn't get access to the CAN bus - but with connected cars we are seeing examples where the CAN bus can be attacked remotely. The security threat for cars has moved to a new level, and it is just going to get worse.

过去的汽车中,CAN bus(总线系统)是被物理隔离的,如果你不在车内,就无法碰触到CANbus。但是在互联汽车的语境下,汽车却可以被黑客远程攻击。汽车的安全风险已经上升到新的高度,如果没有解决方案,会越变越糟。

Car manufacturers are adding more software to cars, mechanical meters and gauges are being replaced by LCD panels and software, information is being integrated across the information cluster and the infotainment units. All this software being placed between the car and the driver is creating new vulnerabilities whereby a breach in the security could be used to deceive and trick drivers. External parties, such as governments, service providers and insurance companies, want to create applications for cars and this will create new security concerns. Adding more functionality makes systems more complex and more vulnerable.


On the desktop we are already very familiar with malware and attacks on our information, privacy and infrastructure. As cars are getting more connected and software driven, the same can be expected to happen in the automotive world. Malicious attacks are inevitable and must be anticipated and taken into account as part of the system design.


How to design reliable and secure computing for connected cars


Software security is not a feature. It cannot be added or plugged into a system after it is designed. Security has to be built in right at the core of a system. The key concepts in software security are the architecture and the design process. One approach to security is to physically isolate separate systems, but as the demand for computing in the car increases it becomes very expensive to keep adding separate devices and maintaining the different systems. On the other hand when implemented as part of the core security architecture virtualization is a cost efficient solution to isolating separate systems. An example of this is ARM platform's TrustZone which provides hardware-level security with software flexibility. TrustZone is a small operating system that is built onto the processor and is completely isolated from attack. By running virtualization on top of TrustZone you can isolate the different software systems from one another.


Understanding connectivity in cars


Cars will have two types of connections, internet and V2X. The internet is too unreliable and too slow for vehicle-to-vehicle and vehicle-to-Infrastructure mission critical communication. Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) connectivity is being introduced to cars to enhance safety by sharing information between cars and the surrounding infrastructure. In addition to increased safety, V2X connectivity paves the way for autonomous vehicles. The U.S. Department of Transportation (DoT) and the U.S. National Highway Traffic Safety Administration (NHTSA) have set out a timeline mandating the introduction of V2X connectivity in vehicles in the US. The European Union is also woking on their plan to mandate V2I applications.

At the same time, connected consumer applications such as music and video streaming are becoming more and more coommon in car infotainment systems and cars are being designed with pre-installed Internet connectivity options. While attractive to consumers, this trend opens up new security risks, especially as embedded systems offering these functionalities are consolidated. Therefore, an important requirement for the design of any comprehensive information system for cars is to ensure isolation between Internet connected applications and V2X connectivity. A vulnerability in an Internet connected application must not compromise the security of the V2X connections.





Car Manufacturers and Software cultures clash


Car manufacturers business is very different form the consumer driven smart phone world. In the car manufacturers world the focus is on cost-efficiency, liability and long product cycles. Most software companies have no experience of the automotive industry. Traditionally car manufacturers sourced their IVI systems, like any other part, from their regular tier-1 suppliers. However tier-1 suppliers do not have the computer hardware and software know how to design and maintain these complex systems. Car manufacturers, tier-1 suppliers and software companies face a challenge to meet the next generation car computing requirements. Maybe now is the time to re-think the car computing value chain.




(本文由凌动无限科技有限公司CEO Pasi Nieminen提供)

别忘了这位身陷囹圄的大佬 传奇经理人卡洛斯戈恩被捕背后的法日政治角力战