I need you to post all my shopify products onto my amazon seller account (Budget: $10 – $30 CAD, Jobs: Amazon, Shopify)
I need someone to do a search on www.1688.com searching first for ???? Go to any page of people that are selling raw Australian Beef If they have their phone number or WeChat QR code (or WeChat ID) add… (Budget: $10 – $30 AUD, Jobs: Data Entry, Simplified Chinese (China), Traditional Chinese (Taiwan), Web Scraping, Web Search)
President Donald Trump signed an executive order on Thursday banning transactions with ByteDance, the parent company of popular app TikTok . The White House also announced that he signed a similar order banning transactions with Tencent-owned WeChat, a messaging app that is ubiquitous in China, but has a much smaller presence than TikTok in the United States, where it is used mainly by members of the Chinese diaspora. Both orders will take effect in 45 days.
— Andrew Feinberg (@AndrewFeinberg) August 7, 2020
— Andrew Feinberg (@AndrewFeinberg) August 7, 2020
The orders cite the International Emergency Economic Powers Act and the National Emergencies Act. It is important to note that naming the apps’ operations in the United States as a national emergency is an act that is highly unprecedented and the legality of the orders will likely be challenged. ByteDance is currently pushing back against the Indian government’s July decision to ban TikTok along with 59 other apps; like the U.S., India also cited national security concerns around user data collection.
Microsoft announced over the weekend that it is in negotiations to buy TikTok from ByteDance, naming September 15 as a deadline for negotiations. The order would take effect shortly after the deadline set by Microsoft for the deal. ByteDance reportedly agreed to give up its entire ownership in the app even though it had previously wanted to maintain a minority stake.
Trump announced at the end of last month that he planned to ban TikTok through the use of an executive order. The president and government officials, including Secretary of State Michael Pompeo, have made escalating comments over the past few weeks alleging that TikTok is a threat to national security. While TikTok is owned by ByteDance, the Beijing-based company (which also operates a Chinese version of the app called Douyin) has taken steps to distance TikTok from its Chinese operations, and claims that its data is stored outside of China.
The executive order on ByteDance said that “the spread in the United States of mobile applications developed and owned by companies in the People’s Republic of China…continues to threaten the national security, foreign policy, and economy of the United States. At this time, action must be taken to address the threat posed by one mobile application in particular, TikTok.”
In 45 days, transactions by any person or property subject to U.S. jurisdiction with ByteDance or any of its subsidiaries will be prohibited “to the extent that they are permitted under applicable law.” The order claims that TikTok’s access to user data including location, browsing and search histories “threatens to allow the Chinese Communist Party access to American’s personal and proprietary information–potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”
Sweeping Tencent ban
Trump’s executive order on WeChat was less expected, but not a complete surprise because Pompeo named the messaging app earlier this week when he said Trump was planning to take action “shortly” on TikTok and other Chinese companies. Like ByteDance, Trump claims WeChat’s data collection is a national security threat and may give the Chinese Communist Party access to user information. The order also cites WeChat’s censorship of material deemed politically sensitive by the Chinese government.
The scope of the order reaches beyond WeChat, restricting U.S. companies from conducting transactions with Tencent as well as its subsidiaries.
The big myth is how the Secretary of Commerce will define ‘transaction’ in 45 days. Trump might have just inadvertently dealt a blow to some of the biggest tech and entertainment companies in the U.S. backed by Tencent. The Chinese giant is often compared to SoftBank for its extensive investment footprint. What kinds of financial agreements are there in the majority stake cases? Dividends? Bonuses payable to board members?
Over the years, Tencent has taken stakes in Spotify, Snap, Reddit, Tesla, Warner Music, Universal Music, and lucrative games makers in the U.S. including Fortnite maker Epic Games and Riot Games, the studio behind League of Legends.
WeChat declined to comment. TechCrunch has also contacted ByteDance, Microsoft and the White House for comment.
This story is developing and will be updated.
A week ago Donald Trump said that he could and would ban the video sharing app TikTok, and on Thursday night he issued an executive order to block “transactions” with its parent company, ByteDance. It’s set to take effect in 45 days, which is just be…
California Superior Court Judge Ethan P. Schulman heard arguments from Uber and Lyft, as well as lawyers representing the people of California, regarding the request for a preliminary injunction that seeks to force Uber and Lyft to immediately reclassify their drivers as employees. Schulman did not make a ruling today but said we could all likely expect one to come within a matter of days, rather than weeks.
In the hearing, Schulman expressed how hard it is to determine the impact of a preliminary injunction in this case. For example, how Uber and Lyft would comply with the injunction is unknown, as are the economic effects on drivers, such as their ability to earn income, the hours they would be able to work and their eligibility for state benefits, Schulman said.
“I feel a little bit like I’m being asked to jump into a body of water without really knowing how deep it is, how cold the water is and what’s going to happen when I get in,” Schulman said.
Today’s hearing was the result of California Attorney General Xavier Becerra, along with city attorneys from Los Angeles, San Diego and San Francisco, filing a preliminary injunction in an attempt to force Uber and Lyft to comply with AB 5 and immediately stop classifying their drivers as independent contractors.
The new law codifies the 2018 ruling established in Dynamex Operations West, Inc. v Superior Court of Los Angeles. In that case, the court applied the ABC test (more on that a bit later) and decided Dynamex wrongfully classified its workers as independent contractors based on the presumption that “a worker who performs services for a hirer is an employee for purposes of claims for wages and benefits…”
In the hearing today, lawyers on behalf of the people of the state of California, and Uber and Lyft, discussed the classification of workers as independent contractors versus employees, gig worker protections bill AB 5, the definition of a “hiring entity,” unemployment benefits, paid sick leave, workers’ compensation insurance and more.
Uber and Lyft maintained that an injunction would require them to restructure their businesses in such a material way that it would prevent them from being able to employ many drivers on either a full-time or part-time basis. Uber and Lyft’s argument, effectively, is that classifying drivers as employees would result in job loss.
“The proposed injunction would cause irreparable injury to Lyft and Uber, and would actually cause massive harm to drivers and harm to riders,” Rohit Singla, counsel for Lyft, said at the hearing. For example, Lyft estimates it would cost hundreds of millions of dollars simply to process the I-9 forms, which verify employment eligibility. It doesn’t cost anything to file that form, but it would require Uber and Lyft to further invest in their human resources and payroll processes.
Additionally, Singla argued that a preliminary injunction at this stage of the case would be drastic. His argument resonated with the judge.
“It’s not every day that a judge is asked to issue an injunction on a preliminary basis, as he emphasizes, that could potentially affect hundreds of thousands of people. And that’s what we’re dealing with here.”
But the plaintiffs disagreed. That vast number of people affected is a key reason to issue the injunction, Matthew Goldberg, deputy San Francisco city attorney argued. Additionally, Goldberg argued it would be quite feasible for Uber and Lyft to reclassify its drivers.
“It’s very doable,” he said. “[…] Both of these businesses already have very large, white-collar workforces at their corporations. I can assure you that every one of those workers is getting workers’ compensation insurance” and other benefits.
He added, “extending this set of benefits to more workers, administratively, is not as difficult as they allege, given they already do this for thousands of workers.”
Additionally, there are elements of Uber and Lyft-backed Prop 22 (details below) that are similar to what AB 5 requires, so plaintiffs argue there would not be irreparable harm for Uber and Lyft to comply with AB 5. Uber and Lyft, however, disagree.
In Uber’s opening arguments, Uber counsel Theane Evangelis pointed to a number of product changes that should remove “any doubt about the compliance and demonstrate Uber is a technology platform” that operates a multi-sided marketplace she said. For example, Uber began allowing drivers in June to set their own prices.
Still, Judge Schulman pressed on Uber’s ability to satisfy Prong B of the ABC test. According to the ABC test, in order for a hiring entity to legally classify a worker as an independent contractor, it must prove (A) the worker is free from the control and direction of the hiring entity, (B) performs work outside the scope of the entity’s business and (C) is regularly engaged in an “independently established trade, occupation, or business of the same nature as the work performed.”
“If you look at Uber or Lyft, they’re not in the business of maintaining an online app by itself,” Schulman said. “That’s the technology by which they perform. Their business is providing rides to people for compensation. In plain English, that’s what they do? Isn’t it?”
Evangelis quickly replied, “No.” She argued that what Uber and Lyft do is simply connect drivers and riders through their technology platform. She also pointed to the variety of services Uber offers, such as Uber Eats and Freight. Evangelis went on to ask the judge if he would put this on pause until November, when Californians will vote on Prop 22, which is backed by Uber, Lyft and others.
The ballot measure looks to implement an earnings guarantee of at least 120% of minimum wage while on the job, 30 cents per mile for expenses, a healthcare stipend, occupational accident insurance for on-the-job injuries, protection against discrimination and sexual harassment and automobile accident and liability insurance. Most notably, however, it would keep drivers classified as independent contractors.
Judge Schulman, however, seemed flummoxed by the basis of the argument to wait until November to see what voters decide.
“It seems to me that’s not my role,” he said. “And more significantly, it seems to me, if any of us learned anything from the 2016 election, is many of us are unable to predict the outcome of elections…I just wonder about the legitimacy of an argument like that.”
Evangelis closed her time by saying that Uber believes it passes the ABC test today.
The motion for a preliminary junction was filed as part of the suit filed in May, which asserted Uber and Lyft gain an unfair and unlawful competitive advantage by misclassifying workers as independent contractors. The suit argues Uber and Lyft are depriving workers of the right to minimum wage, overtime, access to paid sick leave, disability insurance and unemployment insurance. The lawsuit, filed in the Superior Court of San Francisco, seeks $2,500 in penalties for each violation, possibly per driver, under the California Unfair Competition Law, and another $2,500 for violations against senior citizens or people with disabilities.
Meanwhile, Uber and Lyft are both facing another lawsuit from the office of the California Labor Commissioner alleging wage theft. Filed yesterday in Oakland, the suit similarly aims to enforce the labor practices set forth by AB 5.
GM unveiled Thursday the Cadillac Lyriq, an all-electric crossover dripping in luxury, tech-forward touches and promising more than 300 miles of range that aims to propel the brand into a new electrified era.
That new era for Cadillac will have to wait though. The company said the Lyriq will go into production in the U.S. in late 2022, more than two years after its reveal date. The Cadillac Lyriq will be a global product, meaning it will be headed to China as well. Production in China will begin ahead of the U.S., according to Cadillac.
The Lyriq is just one in a roster of 20 electric vehicles that GM plans to bring to market by 2023. But it will be a critical one for the Cadillac brand. “The Lyriq sets benchmark for future Cadillacs,” Michael Simcoe, GM’s vice president of global design, said during the reveal.
The Lyriq embodies the kinds of luxury touches a Cadillac customer has come to expect, from the “black crystal” grille and jewelry box-styled drawer to the 33-inch vertical LED touchscreen display and AKG sound system.
Cadillac aimed for a modern and aggressive design that it achieved by giving the Lyriq a low, fast roofline and wide stance. That “black crystal” grille is a dynamic feature with “choreographed” LED lighting that greets the owner as they approach the vehicle. The LED lighting continues in the rear with a split taillamp design.
Inside the vehicle are backlit speaker grilles, curved screens with hidden storage and orchestrated lighting features similar to the dynamic lighting outside.
The Lyriq will be available in rear-wheel drive and performance all-wheel drive configurations. The 100 kilowatt-hour battery pack will provide more than 300 miles of range, according to the company’s internal testing. It will come with DC fast charging rates over 150 kilowatts and Level 2 charging rates up to 19 kW.
The tech inside the Lyriq includes the latest version of the hands-free driver assistance system called Super Cruise that first debuted in the Cadillac CT6 several years ago. Super Cruise uses a combination of lidar map data, high-precision GPS, cameras and radar sensors, as well as a driver attention system, which monitors the person behind the wheel to ensure they’re paying attention. Unlike Tesla’s Autopilot driver assistance system, users of Super Cruise do not need to have their hands on the wheel. However, their eyes must remain directed straight ahead.
The Lyriq will also come with a dual-plane augmented reality-enhanced head-up display. The head up display, which is projected on the windshield in the sight line of the driver, shows a near plane indicating speed and direction and a far plane that displays navigation signals and other important alerts. The effect is a layered look.
A vehicle has to be compelling visually to attract buyers. But the underlying foundation of the Lyriq is where GM has placed its biggest bet. Earlier this year, the automaker revealed a sweeping plan to produce and sell EVs that hinges on a new scalable electric architecture called Ultium that will support a wide range of products across all of its brands, including Buick, Cadillac, Chevrolet and GMC. The EV portfolio will include everything from compact cars and work trucks to large premium SUVs and performance vehicles.
This modular architecture, called “Ultium,” will be capable of 19 different battery and drive unit configurations, 400-volt and 800-volt packs with storage ranging from 50 kWh to 200 kWh, and front-, rear- and all-wheel drive configurations. At the heart of the new modular architecture will be the large-format pouch battery cells manufactured at this new factory.
Ultium battery has a nickel-cobalt-manganese-aluminum chemistry that uses aluminum in the cathode to help reduce the need for rare-earth materials such as cobalt, according to GM. The company said it has been able to reduce the cobalt content by more than 70%, compared to current GM batteries.
GM recently started construction on a 3-million-square-foot factory that will mass produce Ultium battery cells and packs. The Ultium Cells LLC battery cell manufacturing facility in Lordstown, Ohio is part of a joint venture between GM and LG Chem that was announced in December. At the time, the two companies committed to invest up to $2.3 billion into the new joint venture, as well as establish a battery cell assembly plant on a greenfield manufacturing site in the Lordstown area of Northeast Ohio that will create more than 1,100 new jobs. The factory will be able produce 30 gigawatts hours of capacity annually.
Cadillac has been making automobiles for well over a century but on Thursday evening the carmaker unveiled its first vehicle produced that lacks an internal combustion engine. Say hello to the Lyriq.While many folks associate still Cadillac with its…
Google has partnered with one of the largest states in India to provide its digital classroom services to tens of millions of students and teachers, the search giant said today, as it makes a further education push in the world’s second largest internet market.
The company, which recently announced plans to invest $10 billion in India, said it had partnered with the government of the western state of Maharashtra that will see 23 million students and teachers access Google’s education offering at no charge.
Thursday’s announcement follows a recent survey by the Maharashtra government in which it had sought teachers’ interest in digital classroom alternatives. More than 150,000 teachers signed up for the program in less than 48 hours, Google said.
Maharashtra is the worst hit Indian state by COVID-19, with more than 460,000 confirmed cases. The state, like others in India, complied with New Delhi’s lockdown order in late March that prompted schools and other public places to close across the nation.
“All of us had questions regarding the future of education. We have come a step closer to answering these questions due to the pandemic,” said Uddhav Thackeray, chief minister of Maharashtra, in a statement.
Varsha Gaikwad, the education minister of Maharashtra, said the partnership with Google will help her department roll out tech solutions to students in about 190,000 schools.
“Our goal is to make Maharashtra the most progressive state in education by making effective use of online resources, platforms, bandwidth and technology, using the power of the internet to reach out to the masses and bridge the gap in education,” she said.
The pandemic, which has brought several sectors to their knees in the country, has accelerated the growth of startups that operate digital learning platforms in the country. Byju’s, Facebook -backed Unacademy, Vedantu and Toppr among other startups have amassed tens of millions of new students since March this year.
Google is providing students and teachers with a range of services, including G Suite for Education, Google Forms for conducting quizzes and tests, access to Google Meet video conferencing services and Google Classroom, which enables educators to create, review and organize assignments, as well as communicate directly with students.
The company said it has also made Teach from Anywhere, a hub for educators, in Marathi, a very popular language in the state of Maharashtra.
“Our teachers and schools have the huge responsibility in shaping the future of our new generation, and we continue to be honored to play a role in offering digital tools that can enable more teachers to help even more students stay firmly on their journey of learning, during these times and beyond,” wrote Sanjay Gupta, country head and vice president of Google India, in a blog post.
The company has rushed to work with educators in India in recent months. Last month, Google announced that it had partnered with the Central Board of Secondary Education, a government body that oversees education in private and public schools in India, to provide its education offerings to more than 1 million teachers across 22,000 schools in India.
It also unveiled a grant of $1 million to Kaivalya Education Foundation (KEF), a foundation in India that works with partners to provide underprivileged children with education opportunities from Google.org, Google’s philanthropic arm.
Google’s global rival, Facebook, also partnered with CBSE last month to launch a certified curriculum on digital safety and online well-being, and augmented reality for students and educators in the country.
Facebook has removed several networks of accounts that were spreading misinformation in the US ahead of the 2020 presidential election. One of the troll farms, which was based in Romania, posed as a group of African Americans who said they supported…
Facebook and Twitter are taking a stronger stand against pandemic misinformation, we preview the latest version of macOS and a mental health startup raises $50 million. Here’s your Daily Crunch for August 6, 2020.
The big story: Twitter, Facebook take action against Trump misinformation
Facebook and Twitter both took action against a post from President Donald Trump and his campaign featuring a clip from a Fox News interview in which he misleadingly described children as “almost immune” to COVID-19. Facebook took down the offending post, while Twitter went further and locked the Trump campaign out of its account (separate from Trump’s personal account).
“The @TeamTrump Tweet you referenced is in violation of the Twitter Rules on COVID-19 misinformation,” Twitter’s Aly Pavela said in a statement. “The account owner will be required to remove the Tweet before they can Tweet again.”
Meanwhile, Twitter also announced today that it will be labeling accounts tied to state-controlled media organizations and government officials (but not heads of state).
The tech giants
macOS 11.0 Big Sur preview — Big Sur is the operating system’s first primary number upgrade in 20 years, and Brian Heater says it represents a big step forward in macOS’ evolution.
Apple 27-inch iMac review — This will be one of the last Macs to include Intel silicon.
Uber picks up Autocab to push into places its own app doesn’t go — Uber plans to use Autocab’s technology to link users with local providers when they open the app in locations where Uber doesn’t offer rides.
Startups, funding and venture capital
On-demand mental health service provider Ginger raises $50 million — Through Ginger’s services, patients have access to a care coordinator who serves as the first point of entry into a company’s mental health plans.
Mode raises $33 million to supercharge its analytics platform for data scientists — Mode has also been introducing tools for less technical users to structure queries that data scientists can subsequently execute more quickly and with more complete responses.
Crossbeam announces $25 million Series B to keep growing partnerships platform — Crossbeam is a Philadelphia startup that automates partnership data integration.
Advice and analysis from Extra Crunch
Can learning pods scale, or are they widening edtech’s digital divide? — In recent weeks, the concept has taken off all across the country.
Eight trends accelerating the age of commercial-ready quantum computing — Venrock’s Ethan Batraski writes that in the last 12 months, there have been meaningful breakthroughs in quantum computing from academia, venture-backed companies and industry.
5 VCs on the future of Michigan’s startup ecosystem — According to the Michigan Venture Capital Association (MVCA), there are 144 venture-backed startup companies in Michigan, up 12% over the last five years.
(Reminder: Extra Crunch is our subscription membership program, which aims to democratize information about startups. You can sign up here.)
More Chinese phone makers could lose US apps under Trump’s Clean Network — The Trump administration’s five-pronged Clean Network initiative aims to strip away Chinese phone makers’ ability to pre-install and download U.S. apps.
UK reported to be ditching coronavirus contact tracing in favor of ‘risk rating’ app — Reports suggest a launch of the much-delayed software will happen this month, but also that the app will no longer be able to automatically carry out contact tracing.
The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.
Uber reported its second-quarter earnings Thursday, and buried in the blizzard of less-than-rosy numbers is a stunning figure that illustrates how much the company has changed during the COVID-19 pandemic.
Uber’s delivery business — better known as Uber Eats — is now bigger than its original and core ride-hailing division, based on adjusted net revenue. Now, adjusted net revenue tells only a piece of this evolving Uber story. Income, or losses in the case of Uber’s delivery business, are also important.
Still, looking at the change of the past year, and specifically in the past two quarters, it’s clear that Uber’s strategy has shifted. And all eyes are on delivery.
Before digging deeper, let’s run a quick recap.
Uber’s reported net loss was $1.78 billion in the second quarter of 2020, down from a year-ago net loss of $5.24 billion. The company went public last year, resulting in various one-time, non-cash costs. The company’s net loss worked out to a loss of $1.02 per share. That was enough to beat analysts’ expectations of a $0.86 per-share deficit.
Uber missed on profitability in the quarter, but did surpass expectations on top line, posting more revenue than the $2.18 billion figure investors expected.
The shift to delivery
There are three key ways to weigh the company’s various businesses, of which only two are of material scale to Uber’s operating results, namely Mobility (ride-hailing), and Delivery (Uber Eats). Here’s how the pair stacked up in Q2 2020:
- Delivery gross bookings: $6.96 billion
- Mobility gross bookings: $3.05 billion
Here’s how those gross bookings results turned into adjusted net revenue:
- Delivery adjusted net revenue: $885 million
- Mobility adjusted net revenue: $793 million
And how those revenue results turned into adjusted profit, and adjusted losses:
- Delivery adjusted EBITDA: -$232 million
- Mobility adjusted EBITDA: $50 million
As you can see, Uber’s food delivery business is doing far more gross dollars in transaction volume. However, as Uber has a better take-rate (the portion of gross spend it gets to keep as revenue) with ride-hailing than Uber Eats, the two had far closer adjusted net revenue numbers. Here, again, Delivery beat Mobility.
When it came down to adjusted profit, Uber’s traditionally core business of ride-hailing generated the superior result, generating positive adjusted EBITDA, while delivery lost money using the same profit calculation method.
In Q1 2020, Mobility generated more gross bookings, adjusted net revenue and adjusted EBITDA than Delivery. In Q2, due to COVID-19 and its resulting economic impacts, two of the three numbers flipped. How fast the figures could change in the future if the market for ride-hailing recovers further is not clear. Today’s earnings call made it clear that Uber is more about bringing you food than taking you to the airport, and that’s a big change for the American company.
To be clear, ride-hailing isn’t going anywhere. It’s the dual focus of delivery and ride-hailing that Uber is counting on to get it through this rough patch of COVID-19 pandemic as well as fortify its revenue earning potential in more stable times.
“It’s become clear that we have a hugely valuable hedge across our two core businesses that is a critical advantage in any recovery scenario,” Uber CEO Dara Khosrowshahi said Thursday. “When travel restrictions lift we know the mobility trips rebound. If restrictions continue or need to be re-imposed our delivery business will compensate.”
For fun, here are the pertinent sections of Uber’s Q2 investor slides.
Here’s the company’s Mobility numbers:
Image Credits: Uber
And, here are its Delivery results:
Happy number crunching!
Few could ever forget back in 2015 when security researchers Charlie Miller and Chris Valasek remotely killed a Jeep’s engine on a highway with a Wired reporter at the wheel.
Since then, the car hacking world has bustled with security researchers looking to find new bugs — and ways to exploit them — in a new wave of internet-connected cars that have only existed the past decade.
This year’s Black Hat security conference — albeit virtual, thanks to the coronavirus pandemic — is no different.
Security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, found more than a dozen vulnerabilities in a Mercedes-Benz E-Class car that allowed them to remotely open its doors and start the engine.
Most modern cars are equipped with an internet connection, giving passengers access to in-car entertainment, navigation and directions, and more radio stations than you can choose from. But hooking up a car to the internet puts it at greater risk of remote attacks — precisely how Miller and Valasek hijacked that Jeep, which ended up in a ditch.
Although vehicle security has gotten better over the past half-decade, Sky-Go’s researchers showed that not even one of the most recent Mercedes-Benz models are impervious to attacks.
In a talk this week, Minrui Yan, head of Sky-Go’s security research team, said the 19 security vulnerabilities were now fixed, but could have affected as many as two million Mercedes-Benz connected cars in China.
Katharina Becker, a spokesperson for Mercedes’ parent company Daimler, pointed to a company statement published late last year after it patched the security issues. The spokesperson said Daimler could not corroborate the estimated number of affected vehicles.
“We addressed all findings and fixed all vulnerabilities that could be exploited before any vehicle in the market was affected,” said the spokesperson.
After more than a year of research, the end result was a series of vulnerabilities that formed an attack chain that could remotely control the vehicle.
To start, the researchers built a testbench to reverse-engineer the car’s components to look for vulnerabilities, dumping the car’s software and analyzing the car’s internals for vulnerabilities.
The researchers then obtained a Series-E car to verify their findings.
At the heart of the research is the E-Series’ telematics control unit, or TCU, which Yan said is the “most crucial” component of the car, as it allows the vehicle to communicate with the internet.
By tampering with the TCU’s file system, the researchers got access to a root shell — a way to run commands with the highest level of access to the vehicle’s internals. With root shell access, the researchers could remotely open the car’s doors.
The TCU file system also stores the car’s secrets, like passwords and certificates, which protect the vehicle from being accessed or modified without proper authorization. But the researchers were able to extract the passwords of several certificates for several different regions, including Europe and China. By obtaining the vehicle’s certificates and their passwords, the researchers could gain deep access to the vehicle’s internal network. The car’s certificate for the China region had a weak password, Yan said, making it easier to hijack a vulnerable car in the country.
Yan said the goal was to get access to the car’s back end, the core of the vehicle’s internal network. As long as the car’s back-end services can be accessed externally, the car is at risk of attacks, the researchers said.
The way the researchers did this was by tearing down the vehicle’s embedded SIM card, which allows the car to talk to the cell networks. A security feature meant the researchers couldn’t plug the SIM into a router without freezing access to the cell network. The researchers modified their router to spoof the vehicle, effectively making the cell network think it was the car.
With the vehicle’s firmware dumped, the networking protocols understood and its certificates obtained and cracked, the researchers say they could remotely control an affected vehicle.
The researchers said the car’s security design was tough and able to withstand a number of attacks, but it was not impervious.
“Making every back-end component secure all the time is hard,” the researchers said. “No company can make this perfect.”
But at least in the case of Mercedes-Benz, its cars are a lot more secure than they were a year ago.
Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: [email protected]