As Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off.
This means that with a leaked email and a password, the owner could lose their Tesla car. The rise of AI technologies has increased phishing and social engineering attacks. As a responsible company, you must factor in such threats in your threat models.
And it's not just Tesla. You'll be surprised to know cybersecurity experts have always cautioned about the use of keyless entry in the car industry, which often leaves modern cars at risk of being hacked.
The problem isn't hacking- like breaking into software, it's a social engineering attack that tricks a car owner into handing over their information. Using a Flipper, the experts create a WiFi network called "Tesla Guest," the same name Tesla uses for its guest networks at service centers. After this, Mysk created a fake website resembling Tesla's login page.
After this, it's a cakewalk. In this case, hackers broadcast networks around a charging station, where a bored driver might be looking to connect over WiFi. The owner (here, the victim) connects to the WiFi and fills in their username and password on the fake Tesla website.
The hacker uses the provided login credentials and gains access to the real Tesla app, which prompts a two-factor authentication code. The victim puts the code into the fake site, and hackers get access to their account.
Once you've trespassed into the Tesla app, you can create a "phone key" to unlock and control the car via Bluetooth using a smartphone. Congratulations, the car is yours!
Mysk has demonstrated the attack in a YouTube video.
Mysk says that Tesla doesn't alert the owner if a new key is created, so the victim doesn't know they've been breached. And the bad guy doesn't have to steal the car right away, because the app shows the location of the car.
The Tesla owner can charge the car and take it somewhere else, the thief just has to trace the location and steal it, without needing a physical card. Yes, it's that easy.
Mysk tested the design flaw on his own Tesla and discovered he could easily create new phone keys without having access to the original key card. But Tesla has mentioned that's not possible in its owner manual.
When Mysk informed Tesla about his findings, the company said it was all by design and "intended behaviour," underplaying the flaw.
Mysk doesn't agree, stressing the design to pair a phone key is only made super easy at the cost of risking security. He argues that Tesla can easily fix this vulnerability by alerting users whenever a new phone key is created.
But without any efforts from Tesla, the car owners might as well be sitting ducks.
A sophisticated computer/machine doesn't always mean it's secure, the extra complex layers make us more vulnerable. Two decades back, all you needed to steal a car was getting a driver's key or hot-wiring the vehicle. But if your car key is a bundle of ones and zeroes, you must rethink the car's safety.
Apart from providing a space for experimentation, other points increasingly show that open-source LLMs are going to gain the same attention closed-source LLMs are getting now.
The open-source nature allows organizations to understand,
modify, and tailor the models to their specific requirements. The collaborative
environment nurtured by open-source fosters innovation, enabling faster
development cycles. Additionally, the avoidance of vendor lock-in and adherence
to industry standards contribute to seamless integration. The security benefits
derived from community scrutiny and ethical considerations further bolster the
appeal of open-source LLMs, making them a strategic choice for enterprises
navigating the evolving landscape of artificial intelligence.
The boom in AI technology has raised concerns over its potential to replace millions of jobs across the world. This week, the International Monetary Fund (IMF) reported that around 40% of all jobs will be impacted by the growing AI.
While Gates does not disagree with the stats, he believes, and history has it, that with every new technology comes fear and then new opportunities.
“As we had [with] agricultural productivity in 1900, people were like ‘Hey, what are people going to do?’ In fact, a lot of new things, a lot of new job categories were created and we’re way better off than when everybody was doing farm work,” Gates said. “This will be like that.”
AI, according to Gates, will make everyone's life easier. He specifically mentioned helping doctors with their paperwork, saying that it is "part of the job they don't like, we can make that very efficient," in a Tuesday interview with CNN's Fareed Zakaria.
He adds that since there is not a need for “much new hardware,” accessing AI will be over “the phone or the PC you already have connected over the internet connection you already have.”
Gates believes that improvements with OpenAI’s ChatGPT-4 were “dramatic since the AI bot can essentially “read and write,” this way it is “almost like having a white-collar worker to be a tutor, to give health advice, to help write code, to help with technical support calls.”
He notes that incorporating new technology into sectors like education and medicine will be “fantastic.”
Microsoft and OpenAI have a multibillion-dollar collaboration. Gates remains one of Microsoft's biggest shareholders.
In his interview with Zakaria at Davos for the World Economic Forum, Bill Gates noted that the objective of Gates Foundation is “to make sure that the delay between benefitting people in poor countries versus getting to rich countries will make that very short[…]After all, the shortages of doctors and teachers is way more acute in Africa then it is in the West.”
However, the IMF had a more pessimistic view in this regard. The group believes that AI has the potential to ‘deepen inequality’ with any politician’s interference.
Despite the upsurge in AI technology, the study reveals that professionals have differing opinions on how AI will affect their jobs. Even though 80% of Scottish professionals do not already use AI in their employment, 21% think that AI technologies will improve their ability to do their tasks. Interestingly, during the past six months, the percentage of professionals expecting a negative impact has dropped from 12% to 6%.
However, the study indicates its concern among employees, with 61% of them believing that their companies are not doing enough to prepare them for the expanding use of AI in the workplace. Concerns are raised by this trend regarding the workforce's readiness to adopt and take full use of AI technologies. Tech-oriented Hays business director Justin Black stresses the value of giving people enough training opportunities to advance their skills and become proficient with new technologies.
The reluctance of enterprises to disclose their data and intellectual property to AI systems, citing concerns linked to GDPR compliance (General Data Protection Regulation), is one of the noteworthy challenges impeding the mass adoption of AI. This reluctance is also influenced by concerns about trust. The demand for AI capabilities has outpaced the increase of skilled individuals in the sector, highlighting a skills deficit in the AI space, according to Black.
The reluctance to subject sensitive data and intellectual property to AI systems results from concerns about GDPR compliance. Businesses are cautious about the possible dangers of disclosing confidential data to AI systems. Professionals' scepticism about the security and dependency on AI systems contributes to their trust issues.
The study suggests that as AI sets its foot as a crucial element in Scottish workplaces, employees should prioritize tackling skills shortages, encouraging employee readiness, and improving communication about AI integration, given the growing role that AI is playing in workplaces. By doing this, businesses might as well ease the concerns about GDPR and trust difficulties while simultaneously fostering an atmosphere that allows employees to fully take advantage of AI technology's benefits.