TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Are our cars hacker safe?

Discussion in 'Model S: User Interface' started by hemants, Feb 19, 2015.

  1. strider

    strider Active Member

    Joined:
    Oct 20, 2010
    Messages:
    2,920
    Location:
    NE Oklahoma
    Well, Tesla did hire Kristin Paget who I'm sure is working on this kind of stuff. Most of the "hacks" I've seen require gaining physical access to the car's diag port or something first. Obviously they didn't share any details in the article but I'm curious what system would allow that level of access to the car's systems purely over the air.

    However, there are 2 vectors that Tesla (and all automakers) will have a hard time surmounting.

    1) Access to the app is secured only by your MyTesla username and password which can be insecure. There are things they can do here like 2-factor auth, require additional info if it's a new device accessing your car for the first time, etc.
    2) RFID repeaters. It is fairly trivial to build an RFID repeater and use that to trick your car into thinking the fob is nearby. The frequencies are published since they require FCC licenses. You need 2 people for this. One person stands near the car and the other stands near you in the grocery store or wherever you are. With most cars if you try to open the door it will cause the car to send a signal looking for the key fob. The repeater forwards that signal into the store where your fob, upon receiving the signal, responds. That signal goes back outside and unlocks the car. One more back and forth when the person presses the brake pedal and they can drive as far as they want as long as they don't turn the car off.

    Welcome to the Internet of Things! IoT is the Frankenbeast of Information Security - HP Enterprise Business Community
     
  2. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,763
    Location:
    Texas
    Of course, if they are like most thieves, they won't buckle up, so the first time they back up and lift out of the seat, it's game over.
     
  3. anxman

    anxman Member

    Joined:
    Dec 21, 2014
    Messages:
    358
    Location:
    san francisco, ca
    It's certainly possible that at some point, our cars will be vulnerable to hackers. Then the question is, "what are they going to do with it?". Some mischievous kids could conceivably steal a $100k GPS-enabled luxury car with 250 miles of range, but they'd probably get caught pretty quickly.

    On the other end of the spectrum, against an advanced persistent threat, nothing is safe and everything is compromised.
     
  4. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,763
    Location:
    Texas
    True, but those perpetrating an advanced persistent threat are typically doing it for monetary reasons. There isn't a black market for Tesla parts currently, and likely won't be for many years. And even if there eventually is one, it will be easier to use a tow truck.
     
  5. scottm

    scottm Active Member

    Joined:
    Jun 13, 2014
    Messages:
    1,282
    Location:
    Canada
    #6 scottm, Feb 20, 2015
    Last edited: Feb 20, 2015

    Tesla could (should?) put a second factor right in the car, not just protect MyTesla with it.

    Enter code to drive. (Something you know.)

    Or make the second factor physical, like a metal stick with dimpled ridges down the sides, oh! Ya like a key. (Something you have.)

    or have all 3... RF key present or App password AND a PIN code AND a physical key

    Or ask for any two of the 3

    - - - Updated - - -


    Kid put a bluetooth enabled OBD plug in the port and hacked away from his iphone. Good googling skills got into the CANbus. Toggled settings.... oooo!

    Can that happen on model S? No. The OBD port has power and zero data connections.

    However, kid would find the ethernet port and buy an even cheaper thing, a cable, and have at 'er from his laptop.
     
  6. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,763
    Location:
    Texas
    It's always easier to hack if you have physical access to the device. The automatic locking of the Model S, assuming you have enabled it, goes a long way to prevent this.
     
  7. strider

    strider Active Member

    Joined:
    Oct 20, 2010
    Messages:
    2,920
    Location:
    NE Oklahoma
    I agree which is why I mentioned it. They could easily make it optional, just like the lock screen on a cell phone. Though I wish they licensed Blackberry's unlock mechanism. By far the best out there. People can watch me unlock my phone over and over and still can't do it themselves.
    +1. So this was not an OTA hack? Then I call a big 'ole pile of BS and scaremongering. Hell if they're already in your car they're not going to plug something into a port and then leave. They're just going to take the car right then. -<shrug>- Where's my tempest in a teacup graphic?
     
  8. Canuck

    Canuck Active Member

    Joined:
    Nov 30, 2013
    Messages:
    3,960
    Location:
    South Surrey, BC
    I don't think anything is. As they say, if man can make it, man can break it.
     
  9. evmile

    evmile Member

    Joined:
    Oct 16, 2011
    Messages:
    126
    Location:
    San Jose
    Garage doors use rolling codes to prevent this kind of hack. Do key FOBs have rolling codes?
     
  10. LetsGoFast

    LetsGoFast Active Member

    Joined:
    Oct 13, 2014
    Messages:
    1,342
    Location:
    Virginia
    The security on a proximity key is much more advanced than that used by garage doors. It uses AES 256 encryption to talk over the ISM radio band. If someone has the capability to break AES 256, they can do a lot more lucrative things with that knowledge than steal cars since it is the underlying technology used for essentially all internet secure communications. No one has ever demonstrated the ability to break it and one can infer from the Snowden leaks that even the NSA cannot do that, because they have gone to extraordinary trouble to find other ways to compromise https.

    However, there has been a demonstrated vulnerability for proximity keys that applies to essentially every car. Basically, someone who knew you could set a repeater near your key (several feet away would be fine) and another unit could be next to your car and they could bridge the gap and make the car think it was talking directly to your key, when they were really networking the signal themselves. You can read about this attack vector here: http://jalopnik.com/5736774/how-hackers-can-use-smart-keys-to-steal-cars

    The hack discussed in the original article is done via the ODBC port and Tesla is most likely just as vulnerable as other vendors to that vector, since they use standard parts. Tesla also has an ethernet port, which offers a theoretical vulnerability although to my knowledge no one has yet accessed any vital driving or starting functions that way. Finally, the Tesla iPhone app offers a Tesla-specific path to gain access. Given that you could start the car with that method, if I was interested in trying to hack someone's car that would be the one I'd target.
     
  11. HankLloydRight

    HankLloydRight Fluxing

    Joined:
    Jan 18, 2014
    Messages:
    5,787
    Location:
    Connecticut
    I'm assuming you mean OBDII port and not OBDC... And no, Tesla isn't vulnerable to this vector because the OBDII port is neutered in the MS... It only has +12v and ground. No other live lines to the car or CANBUS.
     
  12. EarlyAdopter

    EarlyAdopter Active Member

    Joined:
    Jun 24, 2012
    Messages:
    2,499
    Location:
    Redmond, WA
    Likewise, the Ethernet port is neutered. It's disabled by default and only turned on with a remote command from the mothership.
     
  13. AmpedRealtor

    AmpedRealtor Active Member

    Joined:
    Jun 30, 2013
    Messages:
    4,705
    Location:
    Buckeye, AZ
    Nothing is safe from hackers. As soon as you build a better mouse trap, someone will build a better mouse. It never ends. This is not something I would ever worry about.
     
  14. scottm

    scottm Active Member

    Joined:
    Jun 13, 2014
    Messages:
    1,282
    Location:
    Canada
    elaborate please
     
  15. strider

    strider Active Member

    Joined:
    Oct 20, 2010
    Messages:
    2,920
    Location:
    NE Oklahoma
  16. stopcrazypp

    stopcrazypp Well-Known Member

    Joined:
    Dec 8, 2007
    Messages:
    7,050
    I saw a news report about thieves in China and they use something much simpler to gain access to a car: they just use a jammer to jam your key fob and then go in your car to steal things once you are away from it. Of course, this method only works if you don't notice your car hasn't locked.
     
  17. billarnett

    billarnett Member

    Joined:
    Nov 15, 2008
    Messages:
    293
    Location:
    Emerald Hills CA
    Right

    Au contraire, this is something we should worry a great deal about. Perhaps there's not much one can do as an individual but as a citizen this is an issue we should all be urging our leaders to work on.
     
  18. strider

    strider Active Member

    Joined:
    Oct 20, 2010
    Messages:
    2,920
    Location:
    NE Oklahoma
    Well, the right way to think about this is that one is always trying to balance security and usability. As they say the only secure computer is one that is unplugged and buried in concrete. Anything else is a compromise to security as you gain usability. A Nest thermostat (and other IoT devices) is incredibly usable as you can access it from your smartphone, it leverages processing power in the cloud to improve it's function, etc. but from a security standpoint these things are horrible as they introduce many more vectors for attack. Same goes for the fancy auto-pop-out handles on our cars. It's cool and usable but it causes the car to constantly be pinging for the fob which is an opening for someone to gain access. IIRC in non-tech cars you have to push the key fob button to unlock and so the repeater attack won't work as they would have to trick you into pushing your key fob.
     
  19. scottm

    scottm Active Member

    Joined:
    Jun 13, 2014
    Messages:
    1,282
    Location:
    Canada
    wow thanks
    , just one digit long password but using the complexity of the image for us to place it...and a randomized starting grid .
    Finally something for us humans that we are naturally good at: remembering visual patterns instead one dimensional strings of complicated characters

    Genius!

    This is the perfect, observable, unlock feature for a second factor using center console



    TESLA pay attention to this!
     

Share This Page