[HN Gopher] Someone hacked YandexTaxi and ordered all available ... ___________________________________________________________________ Someone hacked YandexTaxi and ordered all available taxis to the same location Author : aaur0 Score : 231 points Date : 2022-09-01 18:40 UTC (4 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | tpmx wrote: | I'd like to think Ukrainan hackers were behind this. | andrewxdiamond wrote: | It being the work of Russian dissidents would be much better in | my opinion | robot9000 wrote: | Yes. Russia bad. | coffeeblack wrote: | Isn't it? | hinkley wrote: | This is what happens when optimists win and the realists are cut | out of the conversation. | | As a taxi service, I believe I would want to know if I'm about to | have a shortage of taxis in any one area of town, and I'd better | only have a concentration in one area of town for an event the | entire world is talking about, like a reunion tour or a | championship game. | | Even with the hack, the moment all of the taxis started | converging on one area of town, alarms should have been going off | and managers should have been asking questions. But that's not | what happened, because we say yes the moment money enters the | conversation, without bothering to ask what it says about you as | a person if you'll do anything for money, or for that matter if | the money is even real or just a trick to get our attention. | tenebrisalietum wrote: | There are always going to be individuals that say yes the | moment money enters the conversation, as long as food and | housing cost money and there is the possibility of going | without. | mike_hock wrote: | Universal Basic Income now! | tjs8rj wrote: | It's already so hard to build a large company, you just don't | have the resources to chase super rare, low pain outcomes. | | This is the first time this has happened and the total cost of | it is at most a few hours revenue. They'll likely add | safeguards to prevent such a thing now, but if they ran the | company preparing for every possible way things could go wrong, | they'd get absolutely nothing done. | onion2k wrote: | _low pain outcomes_ | | All your customers thinking your app isn't secure any more | isn't "low pain". | ivan_gammel wrote: | 99% of customers won't care, because they will only briefly | see the news, this hack did not harm them, they don't care | that much about security of an app and they don't have a | good alternative. | | The impact of such incidents on company reputation and | revenue is often exaggerated. | munk-a wrote: | A few customers will have strong negative opinions "I was | waiting at the airport in the rain for four hours!" but | most people will indeed shrug this off. It's a much | different issue than what happens when payment systems | are compromised. | | A lot more people care if they're informed their credit | card was stolen and told to carefully watch statements | for the next month - that leverages a real PITA cost on | the customer. | and-not-drew wrote: | That's got nothing to do with what we're talking about. | | The first comment didn't say they should have spent more | time on security, it said they should have spent time | creating a system to detect if too many taxis were in one | spot. | | I think we can all agree that security is valuable and | should be prioritized, but spending time worrying about how | to stop who is already in your system from sending all the | cabs to the wrong place seems like a waste of time. | | Hell, IF (big if) the worst thing a hacker could do once | they had access YandexTaxi's servers is send a bunch of | cabs to the wrong place, you could almost spin that in a | positive light. "We spent so much time protecting customer | data that all they could do is send our divers to the wrong | place". | tcgv wrote: | Good reasoning. Hindsight bias comes to mind: | | - https://en.wikipedia.org/wiki/Hindsight_bias | monksy wrote: | When you build a product, your customers expect, and pay, you | to be an expert and dedicated to that domain. Not some kind | of fly by night scam. | zibby8 wrote: | This is such a ridiculous take I'm having trouble | understanding if it's satire or not. | renewiltord wrote: | When you write a comment, you have to be responsible. | Others might read it and take it seriously and your | advice might lead to death and dismemberment. If you | aren't willing to get insurance before commenting, don't | comment. Leave it to the professionals with licences. | monksy wrote: | This is more of what happens when you do the least effort to | build a product to make a buck. They're probably optimized for | the average happy path, however flooding isn't a concern until | someone gets upset. | munk-a wrote: | In most areas taxi-companies use a zone-based system where cars | will flag what zone they're in (rarely automatically using GPS | and more often via button presses) this is an effort by the cab | company to keep their vacant vehicles well distributed to keep | a high response rate and increase customer turnover. | | It also happens to have the side benefit that an operator | watching the flagged zones would be able to see this kind of an | issue happening in advance and maybe check into why every cab | is suddenly bee-lining it to zone 3. | jetzzz wrote: | Message from hackers at the driver's phone says: "Girls and guys, | stop feeding the yellow, work with Wheely". | aaur0 wrote: | Someone hacked #YandexTaxi and ordered all available taxis to | Kutuzov Prospect in Moscow. Now there is a huge traffic jam with | taxis. It's like James Bond movie. | DonHopkins wrote: | Elevator Pitch: | | jammr.com: It's like Uber for Traffic Jams! | EwanG wrote: | I suspect you're kidding, but you know, having lived through a | few very long traffic jams I could imagine some scenarios where | I'd be willing to pay for: | | 1) Rickshaw or cargo bike with a narrow pull along trailer to | let me use the bathroom 2) Similar setup with food and drink 3) | Similar setup with a few gallons of gas if I've gotten a bit | too close to empty 4) More expensive (XL?) version of the | service where I am getting delivery from a helicopter (since | drones flying over congested traffic is not an FAA approved | delivery method) | | You might not be able to make this a daily thing, but when | things get bad I suspect the margins might be unreal. | [deleted] | squarefoot wrote: | Quite surprised that Uber still operates in Russia given the | situation. | Gunnerhead wrote: | Uber was selling it's stake back in February [1]. Not sure of | the results of that, but maybe it's a contractual licensing | issue? | | https://www.bloomberg.com/news/articles/2022-02-28/uber-to-a... | rdxm wrote: | donkarma wrote: | is this the future of self driving cars? | unixbane wrote: | there were already such bugs before, and my analysis is that | even the older ECU cars before the 2000s had such bugs, just | nobody bothers to look for them (also ECUs have been causing | deaths from bugs but they just assume its the driver's fault). | self driving cars will be the next order of magnitude of | problems. ECU 1x, smart 10x, self driving 100x. | | > In July 2015, IT security researchers announced a severe | security flaw assumed to affect every Chrysler vehicle with | Uconnect produced from late 2013 to early 2015.[120] It allows | hackers to gain access to the car over the Internet, and in the | case of a Jeep Cherokee was demonstrated to enable an attacker | to take control not just of the radio, A/C, and windshield | wipers, but also of the car's steering, brakes and | transmission.[120] Chrysler published a patch that car owners | can download and install via a USB stick, or have a car dealer | install for them.[120] | | > https://en.wikipedia.org/wiki/Chrysler#Chrysler_Uconnect | xwdv wrote: | No, the future is to command all self driving cars to | immediately accelerate to 100 mph and do not stop for whatever | reason no matter what. Pure remote code execution. | nytesky wrote: | I've had this worry for years of a state level attack via | network connected FSD cars. But I'm hardly alone, it was shown | in a Fast and Furious movie, so people are thinking of it. | donkarma wrote: | oh yeah that was the first thing I thought of when I saw this | _jal wrote: | First mention of using driverless vehicles as weapons I | recall was _Daemon_ by Daniel Suarez. | | https://en.wikipedia.org/wiki/Daemon_(novel_series) | gpm wrote: | IRobot (the film) predates that and uses the idea | https://en.wikipedia.org/wiki/I,_Robot_(film) | | I forgot if any of the IRobot short stories used the | concept - if they do they would predate the movie. | plasticchris wrote: | https://en.m.wikipedia.org/wiki/Sally_(short_story) | | First mention of self driving cars becoming sentient and | turning on humans I'm aware of, from 1953! | wsinks wrote: | Maybe one day I'll re-read Daemon. A book not so far ahead | of its time. | | Might feel a little too close to home to re-read. | | I'll never forget the gig worker assembly scene. | hendrikrassmann wrote: | Don't forget the eighth 'The Fast and the Furious' movie. | [deleted] | quantumduck wrote: | Not the future, it did already happen, albeit on a smaller | scale with Cruise: https://www.thedrive.com/news/a-swarm-of- | self-driving-cruise... | | The worst part is they were never really transparent about what | the issue was. | marginalia_nu wrote: | Beep beep, motherfucker! | reaperducer wrote: | _is this the future of self driving cars?_ | | My prediction: Ransomware hits self-driving cars. | | You're locked in the car until you Venmo the bad guys some | credits. | | To encourage compliance, the stereo starts playing the sound of | running water. | fffobar wrote: | And the future of the planned 6-th generation unmanned combat | aircraft ... | LinuxBender wrote: | I think you are right. I think the unknowns are, how tiny will | the script be that commands all the cars into a lake and will | it be a cloud hack or a local broadcast hack? | netsharc wrote: | First, a command to download updated GPS maps that says | "There's now a bridge over that lake"... | rurp wrote: | Yep, I've had Google Maps direct me to drive into a wall or | an empty field more than a couple times over the years. | It's not uncommon for people to get stranded or even killed | by blindly following bad GPS directions. The maps are often | quite bad in less traveled areas. And these are the non- | malicious cases! | aaaaaaaaata wrote: | How about just driving you by billboards on, or for, Alphabet | controlled properties? | doesnotexist wrote: | Needs this music | https://www.youtube.com/watch?v=JEyEkbOlMfA&t=690s | crtasm wrote: | and then some https://www.youtube.com/watch?v=07tYdd7drSE | aaron695 wrote: | inasio wrote: | Back in the day (1960s?) two relatives of mine had a prank battle | going on. One of them posted an add in the local newspaper | offering to buy old Christmas trees, at the address of their | adversary. Half the city showed up, were told trees were not in | fact being bought, and everybody dumped the trees at their door. | meibo wrote: | Seems like a great way to stock up your firewood supply for the | next winter, if you manage to target it in a way that doesn't | cause half the city to show up, but maybe a little less than | that? | zeven7 wrote: | Pine is really smokey and burns fast | eropple wrote: | It's not. You don't want to burn softwoods; they're resinous | and create a ton of smoke. | marssaxman wrote: | A pile of Christmas trees makes for a _terrific_ January | beach bonfire. | jbverschoor wrote: | Someone also seems to have hacked this post on twitter... it's | not loading | gaius_baltar wrote: | Some nitter instances also show it: | https://nitter.42l.fr/runews/status/1565319649683804160#m | | You can also search for #YandexTaxi : | https://nitter.42l.fr/search?q=%23YandexTaxi | edm0nd wrote: | https://www.bleepingcomputer.com/news/technology/twitter-is-... | [deleted] | r721 wrote: | Yeah, there's a spike on downdetector's chart: | https://downdetector.com/status/twitter/ | Barrin92 wrote: | this is also something that's oddly absent from the self-driving | debates. Mass deployment of the same models or apis in automated | systems is very brittle because it means errors are highly | correlated. it's like a form of central planning. | | individual drivers or individual taxi firms in a market due to | their decentralization are much more robust to any kind of | individual failure. | | People often ask "is the car smarter than the driver?" but the | correct question would be if the car, or system is more diverse | than the aggregate knowledge of _all_ the participants. | karmanyaahm wrote: | Yes. Additionally, this is a commonly cited win of cars in cars | v. public transport. You can take your car anywhere in the | zombie apocalypse*, whereas any system that requires central | planning (trains) are more likely to break. | | Making cars (human or machine driven) depend on a centralized | service basically takes away that advantage. | | * assuming you have enough fuel/battery | r721 wrote: | Google-translated Kommersant article: https://www-kommersant- | ru.translate.goog/doc/5538017?_x_tr_s... | smm11 wrote: | Daemon, by Daniel Suarez. Not to ruin it, but computers summon | all smart cars at once for a task. | eps wrote: | That was not a very good book. | noir_lord wrote: | I enjoyed it but it was a case of his ability to come up with | interesting ideas exceeding his abilities as a writer. | | It desperately needed a better editor. | hangsi wrote: | This reminds me of a classic (non-internet powered) version of | this where every business in London was sent to some unsupecting | resident's address in order to win a bet, clogging the streets in | the process: The Berners Street Hoax of 1810. | | https://en.wikipedia.org/wiki/Berners_Street_hoax | googlryas wrote: | Just to point out some possibly ambiguous phrasing, but the | person pulling the prank was trying to win the bet - the | tradespeople and visitors were called there to use their | services(ie chimney sweeps thought they were going to sweep a | chimney), not that they themselves were going to claim some | prize. | wmeredith wrote: | What does "all available" mean in this context? YandexTaxi | operates in 1000+ cities and is connected to 700,000 drivers. | MaKey wrote: | This happened in Moscow, so probably all available taxis in | Moscow. | gdy wrote: | Nope, just dozens of taxi app accounts were hacked and used | to order taxis to the same street. That's a tiny fraction of | over 70'000 taxis in Moscow. | unixbane wrote: | lol get rekt. i wish business people would immediately imagine | this every time a software product is pitched to them ___________________________________________________________________ (page generated 2022-09-01 23:00 UTC)