https://www.theregister.co.uk/2019/04/02/tencent_tesla_hacking/ Tencent Keen Security Lab documented this week how it successfully infiltrated the autopilot’s system engine control unit (ECU) to take remote control of the car. The Chinese boffins also described how they fed on-board cameras with dodgy inputs, using stickers on the road surface, to force the vehicle to swerve across lanes, or turn on its windscreen wipers. The flaws were uncovered from 2017 to 2018, and reported to the automaker, which has since seemingly patched the security bugs. An in-depth paper describing the attacks was published at the end of last month, and Tesla CEO Elon Musk praised those behind the discoveries. [...] The researchers manipulated the car's camera image feed by placing three small squares on the ground, thus strategically changing a few pixels around the area where lanes are marked out. Alternatively, malware present in the system could modify the pixels directly as they streamed in from the camera. These adversarial inputs subsequently tricked the neural network into thinking it was in the wrong lane, or drifting into another lane, forcing it to swerve across the roadway to correct itself, potentially resulting in a deadly crash. In one attack, the car failed to identify certain lane markings, as a result of the stickers on the road, and didn’t steer in the appropriate direction to stay in lane. In another scenario, the car was made to see phantom lanes, causing it to change direction for no good reason. This attack posed the frightening possibility of nefarious miscreants making roads unsafe for Model S cars on Autopilot. [...] # Ultimate Mario Kart The team also found that – after gaining root access on the engine control unit (ECU), by getting the in-car dashboard or entertainment system's WebKit-based browser to open a malicious webpage, and then exploiting the underlying Android kernel to pivot through the internal computer network – they could control the vehicle's steering over the air with a Bluetooth game controller. ____ Qui i paper: https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Research_of... https://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remo... In fondo JavaScript sul browser non è così male: ci puoi giocare a GTA in 3D! "This is the Web functioning as designed": https://bugzilla.mozilla.org/show_bug.cgi?id=1487081#c15 Giacomo