It’s just Hollywood, right? Movies can often leave you with an uneasy feeling, and Sam Esmail’s new film Leave the World Behind is no different. On the walk out of the theater, or from the couch as the credits roll, you can normally calm your emotions with, “It’s just a movie”. However, you may not be able to brush away the events of this film so easily.
Spoilers: If you haven’t watched Netflix’s new film Leave the World Behind and don’t want the premise or specific scenes from the movie spoiled, pause here, watch the film, and come back and finish reading.
Leave the World Behind has been taking the internet by storm since its release because of the uneasy feeling it leaves you with about the future of our civilization, or even how fragile it truly is. If you’ve come this far and haven’t seen the film yet, I’ll give you the quickest overview you can get. There’s a massive cyberattack on the United States from another country, and dominoes begin to fall quickly. Cell phones don’t work, the internet goes out, and GPS is taken down. All while the family is on vacation away from the city.
The film does a good job of exploring how we would react to this happening in a situation where it drops off piece by piece. Brushing each one off as a blip in the power grid, a power plant explosion, or that “the internet is just out” with no further thoughts on it. But as they begin to add up, seeing planes crash out of the sky, and oil tankers crash into the beach with no GPS, we see civilization begin to fall very quickly. The characters struggle to do simple things like communicate with each other, find their way around a new town, and easily get information or news.
Now you could probably write an entire book about all of the aspects of a cyber attack like this and what it would take to hack into each piece and orchestrate it fully, but we’re not going to do that. There’s one scene, in particular, we want to dive into where hundreds of white Teslas are remotely controlled to crash into each other and block access to bridges while the family is trying to escape to safety.
Software Rules Everything Around Me
If you’ve bought a car in the last two or three years you know that most of them are now coming with a plethora of software-controlled features. Now that’s not only using software to control all of the interior features of the car, but many of them, including Tesla, Ford, GM, Audi, BMW, etc., can “self-drive” on major roads with varying degrees of driving interaction. So how far can that be pushed? The film wants you to believe that it can be taken to the furthest extent – think 2005 film I, Robot starring Will Smith, except it’s a car driving 65 mph at you with no driver inside instead of a robot chasing after you.
All automobile companies are trying to keep their vehicles and their software as secure as possible, or at least we hope they are. However, some experts believe that there may be mountains of software vulnerabilities that exist that no one is exploiting or reporting. Governments are thought to stockpile these vulnerabilities as another weapon in their arsenal, to utilize if the day arrives when either another country strikes first, or there is some other justification for war.
There are also real-world examples of this unfolding – which stops it short of being a tinfoil hat theory. In 2010 the Stuxnet computer worm was discovered and later many independent news organizations reported that it was jointly built by the United States and Israel. This worm exploited 4 different zero-days in the Siemens Logic Controller to take down almost one-fifth of Iran’s nuclear centrifuges. A zero-day is a term used to describe a software vulnerability that is unknown to everyone until the day it is exploited by hackers – or governments that have it in a stockpile.
Typically, software vulnerabilities are reported through designated channels like the Common Vulnerabilities and Exposures (CVE) program maintained by the MITRE Corporation and sponsored by the Department of Homeland Security. There is a detailed process to follow where the vulnerability is disclosed to the company first, and a window of time is opened for them to patch the vulnerability before it is publicly reported. However, if it’s never reported, and instead held onto by a government or sold on the dark web to the highest bidder, then there is a high likelihood it will be exploited.
Movie magic – or reality
This is why many companies, including Tesla, host hackathons, or bug bounty programs to allow the “good hackers” a chance to find vulnerabilities in their software and get paid handsomely for it. In 2017 a white hat hacker found several vulnerabilities in Tesla’s software. The most troubling of which gave him full access to the Tesla “Mothership”, a server that all Teslas called home to and received instruction from. This allowed him to send commands to all Teslas, all he needed was their VIN and he could see where it was, change the climate control, honk the horn, and theoretically – in a self-driving world – tell the car where to go.
With that in mind, the film doesn’t seem to take that large of a leap. This was just one person, a tech enthusiast sure, but not someone with the resources of a government behind him. It doesn’t take a large leap to think that something like this could happen if someone or some government wanted it to. Elon Musk himself even said the same back in 2017, joking that: “In principle, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ [laugh] – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”
There is some peace you can find in that statement; Tesla and many other carmakers have to be vigilant with their security practices and constantly try to win the game of cat and mouse with hackers – because their entire reputation and livelihood rests on it.
ABC – Always Be … Clicking Update
There’s not much you can do to fully escape the software-controlled world we live in, short of moving out to the woods in Montana in an off-grid house (which might not be such a bad idea). But what you can do is stop procrastinating when your devices tell you they need to do an update.
Those updates frequently fix bugs and add new features, but sometimes they are fixes for critical security vulnerabilities that were found by employees at the company, white-hat hackers, or even worse – they may already be in the wild getting exploited by the not-so-nice hackers.
As for self-driving cars and their future – I tend to fall on the side that we’re still pretty far off from a full self-driving world of cars. As the government catches up with the private sector, I imagine we’ll see more and more regulations for these companies to follow when developing and marketing these features before there is widespread use or adoption.
What are your thoughts? Would you or have you bought a car with “driverless” technology in it? Do you think all cars should have manual overrides built into them as a failsafe against events like those in the film? Let us know on social media!