中国团队连续两年破解特斯拉 [美国媒体]

Chinese group hacks a Tesla for the second year in a row

中国团队连续两年破解特斯拉



A slide showing the "Unauthorized Xmas Show" hack that allowed a group of Chinese researchers from Tencent to remotely open the doors and trunk of a Tesla X, and blink the lights in time to music sent out through the car's sound system.

“未经授权的Xmas秀”的幻灯片显示：腾讯的一个中国研发团队通过黑客操作远程打开特斯拉X的车门和后备箱，在车辆的声音系统放送音乐的时间里让车灯闪烁。

LAS VEGAS — For the second time, Chinese security researchers were able to hack a Tesla Model X, turning on the brakes remotely and getting the doors and trunk to open and close while blinking the lights in time to music streamed from the car's radio — an effect they dubbed "the unauthorized Xmas show."

拉斯维加斯报道：中国的安全研究人员第二次黑掉特斯拉原型车X，远程拉起手刹，并让车门和后备箱开启和关闭，同时在车的收音机放音乐的时间里让车灯闪烁。这一成果让他们获得“未经授权的Xmas秀”称号。

The complex hack involved sending malicious software through the car's web browser in a series of circuitous computer exploits. They were able to remotely control the car via both Wi-Fi and a cellular connection.

这项复杂的黑客操作包括一系列迂回的利用计算机漏洞，通过这辆车的浏览器发送恶意软件。他们能通过wifi连接和移动电话连接两种方式远程控制这辆车。

The researchers informed Tesla of their discovery in June of this year and the company patched the vulnerabilities within two weeks, said Samuel Lv, director of the Keen Security Lab at Chinese tech giant Tencent.

中国科技巨头腾讯的敏锐安全实验室的主管Samuel Lv说：这些研究人员今年6月把他们的发现通知了特斯拉，这家公司在两周内为薄弱环节制作了补丁。

In a statement, Tesla said it actively encourages this type of research so that it can prevent potential issues from occurring. The risk to customers from such exploits is very low and Tesla has not seen a single customer ever affected by it, the statement said.

特斯拉在一份声明中说它积极鼓励这类研究，以便它能够防止潜在问题的发生。对于用户，这类漏洞的风险很低，特斯拉尚未发现任何用户受到影响。

This is actually the second year the team from Keen Security Lab in Shanghai managed to hack a Tesla and remotely engage its brakes.

这实际上是上海的敏锐安全实验室第二年成功攻破特斯拉系统并远程控制刹车。

"We informed Tesla of the vulnerabilities we found last year and they corrected them. This year our research found new vulnerabilities and  we were able to reproduce the same remote control of the car," said Sen Nie, lead researcher for the car hacking team at Keen Security Lab. He presented the research with colleagues Ling Liu and Wen Lu at a conference of security researchers here. 

“去年我们将发现的缺陷通知了特斯拉，他们将其纠正。今年我们的研究团队发现了新的弱点，并且可以复制对这辆车相同的远程控制。”敏锐安全实验室针对这辆车的黑客组的首席研究员Sen Nie说。他和同事Ling Liu、Wen Lu在安全研究人员会议上展示了他们的研究成果。

Nie emphasized that the work was complex and not easily replicated. He also said the researchers don't believe Teslas are inherently more vulnerable than other cars.

Nie强调了这项工作的复杂性和难以复制。他也说研究员们并不认为特斯拉比其他车辆在本质上更容易受到攻击。

Charlie Miller, the hacker who gained fame in 2015 for hacking a Jeep with fellow researcher Chris Valasek, attended the group's presentation at the Black Hat conference Thursday.

黑客Charlie Miller也出席了该组织于周四在黑帽子会议进行的展示，他在2015年与同伴研究者Chris Valasek一起攻破了一辆吉普，因而一举成名。

"There are only three groups in the world who've successfully hacked cars. The University of Washington in 2010, me and Chris and now these guys. And they've done it twice," he said. 

他说：“全世界只有三个团队成功攻破车辆系统，第一次是华盛顿大学在2010年，第二次是我和Chris，现在是这些兄弟。他们还完成了两次。”

The team that Nie leads is part of Tencent, sometimes called the Facebook of China because its mobile messaging apps have more than 930 million users. It is also the world’s largest publisher of video games.

Nie领导的小组属于腾讯，腾讯偶尔被称作中国的faceb，因为它的通讯移动应用程序拥有超过9.3亿用户。它也是全球最大的电子游戏发行商。

In 2016 Tencent began to broaden its mission, adding security research and consulting. It launched Nie's group focusing on automotive security so that it could work  with China’s many companies that produce parts and systems for the global auto industry.

2016年腾讯开始扩展它的使命，增加了安全研究和咨询。它推出的Nie的团队集中在汽车安全方面，以开拓与中国大量的为全球汽车工业生产部件和系统的公司的合作业务。

“A lot of OEMs don’t have the knowledge or background to deal with cybersecurity issues. We consult with them to help them uate the security of connectivity modules on cars,” said Lv.

Lv说：“很多设备制造商没有知识或背景来应对网络安全问题。我们为他们提供咨询，帮助他们评估车辆上面的连接模块的安全性。”


Dennis Weakland
This is why self-driving cars are a bad idea. As we integrate more computer chips into our lives the more vulnerable we become to those with disruptive intentions. Sometimes the simple approach is the best and safest.

这就是为什么自动驾驶汽车是个坏主意。我们的生活越多的结合电脑芯片，我们就会越容易被那些抱着破坏性目的的人攻击。有时候简单的方法最好且最安全。

Dan Krohn
...in the future, self driving cars will drastically reduce accidents and highway fatalities, versus the 40,000 annual deaths on highways. Could be 20+ years away but is inevitable. Electronic assist is already here and having an impact, along with may other technology safety breakthroughs....

……在未来，自动驾驶汽车会大幅减少事故和高速死亡率，现在每年有40000人死在高速上。可能在20多年之后，但不可避免。电子辅助已经实现，并产生影响，与其他可能的技术一起将形成安全性能的突破。

Jeremy Couts
Musk is a snake oil salesman! US taxpayers need a refund of all the money he has bilked.

Musk是个江湖骗子！美国的纳税人需要把他骗走的钱拿回来。

Lance Simon
Let me guess: old, white, republican.

让我猜猜：老迈的、白人、共和党

Ken Netzel
Lance Simon You are way too stupid to continue breathing.

Lance Simon你太蠢了，不要浪费空气。

Dan Krohn
Tesla is helping pave the future, as batteries get better, dependence on ICE's will fall, self-drive will become practical, and UBER drones will fly you from place to place...or I should say fly your kids....this is starting right now, will be all around us by 2037....and to me, 1997 was not that long ago, and technologies from then to now are amazing...

特斯拉帮助未来铺平道路，随着电池越来越好，对ICE的依赖将会降低，自动驾驶将变得更实用，优步的无人机会带你到处飞……或者应该说带着你的孩子飞……这种操作现在正在开始，到2037年将会包围我们……对于我而言，1997年并不是那么久远，从那时到现在的科技发展真是令人吃惊……

Rich Barnes
No self-driving car for me. Ever . . .

我坚决拒绝无人驾驶，永远不要。

Dan Brown
technology is bad because it is never perfect. stop all technology.

科技是坏的，因为它永远不会完美。停止一切高科技。

Scott Jones
then quit leaving comments on a website using your computer

那你就不要再用你的电脑发评论。

Bob Smith
Questioning the problems a relatively new technology may face doesn't deserve to be met with moronic hyperbole Dan.

质疑相对较新的技术可能面对的问题，并不需要太夸张的方式。

Khalid Nurredin
The issue isn't just self driving.Can they do this while you're actively driving the car? Since Tesla hs already fixed this hack,can someone hack the car and make it accelerate when you don't want it to? I'd be more concerned about that than someone hitting the brakes. If i'm hacked and they engage the brakes,my only concern is being rear-ended.If they can make it accelerate,the car turns into a low flying missle. doing a lot more damage.

问题不仅是自动驾驶。当你手动开车的时候，他们能黑进来吗？既然特斯拉已经解决了这个漏洞，别人还能不能黑进你的车，在你不希望的情况下让你的车加速？比起有人猛地刹车，我更关心这个问题。如果我的车被黑了，他们控制了刹车，我唯一的顾虑就是追尾。如果他们能够控制车辆加速，汽车就会变成低空飞行的导弹，造成更多的损害。

Bob Smith
I'm sure unlike every other business that uses technology, a vehicle traveling at 85 miles an hour will at some point be impervious to being hacked. So remember as the Bad actors hack the entire energy grid of a city, you'll be safe in your Tesla but good luck finding a charging station then.

我确信不同于任何其他利用高科技的领域，时速85迈的车辆在某种情况下是不受黑客影响的。所以请记住，当捣蛋鬼黑进一座城市的整个输电网，你待在特斯拉里面会很安全，但如果你要找地方充电，那就祈求菩萨保佑吧。

Lance Simon
My car doesn't connect to the internet. Tell me how Teslas aren't MORE vulnerable, cause I ain't seeing it.

我的车不跟网络连接。请告诉我特斯拉如何更加脆弱？因为我看不到脆弱之处。

Kevin Price
You have a false sense of security. Do you have On Star? Sirius radio? A USB port?

你对安全的认识是错误的。你的车有安吉星吗？天狼星广播？USB插口？

Kevin Price
"The risk to customers from such exploits is very low and Tesla has not seen a single customer ever affected by it, the statement said."
Well of course they would say that. If a government or criminal organization used a hack to send a car over a cliff or to smash head on into a semi then no one would ever know, would they?

“对于用户，这类漏洞的风险很低，特斯拉尚未发现任何用户受到影响。”
好吧，他们当然会那么说。如果政府或者罪犯组织用黑客手段把一辆车送到悬崖上，或者迎面撞向大货车，那么谁都不会知道真相，不是吗？