Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Be careful where you let your car ride on wifi in the coming weeks

verygreen

Curious member
Jan 16, 2017
2,947
11,526
TN
It looks like as map updates are being prepared for early next year (in Europe and probably in US), people should be extra careful about their wifi and cell providers.

I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.

The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.

Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.

It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.

Code:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxJIHhFmvyALnYHAGLrpkU6oUoCEizVPu+klDo9MGss8x9Uxw
JfOlTa40L78cDGA3kb79vgJTMkkKMnh0Xy27rXGkUpLaHttNJ/9P8k8z13MPQ8Ml
hFuF2/fe0ofDuBKJ/oFBPAFTB7WpzJ/SwGHzIJxTMOBBThkLzKDaRp26bvBX81p7
Uds1uuFDlz022C1Hn+rEtrBylHY+OpD2NEJ/Alo4IwOmhxKuAz7B3DDrXJZYrldb
IRhwE3/rjrnlx4diaucaQBxDONDy1rEQBzOqfgJmCO7vSK5WCkiMsOviezFkCuwl
zE3PBhgVqC5UxOR5PC2phQIJpf5nJx7TkFhgpwIDAQABAoIBAQCjZCqhZZdKbrd6
nsNU1hQMwyQv0jtGZw0OuBVkOEWqHbWOC0JxGWv+/N1eDsG2u8eU+yeZZ/9Vnga+
2wcIElCdJAgNpwlteqZQp9UBObqCzJ4UmkI2GYlTxV5OqxERkT9o8HGT+hnVH7iL
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
GBOxiVEEu0jKUj65Z2JfPXctQ0hpefrs03HRztjNchyHY2hUNafbIS2mhTgwkZlP
UgrwjHzFJW3NuJvHILLTp20yJwMd5rQtf2Pr/iA47BFFj9ER9JD/0xLU4hr/z8cn
OHVHfFQhAoGBAOPC9XOdTYew+H+IVp+ivyDyi4XkqdwTTNgoy0j2ypIYuiS/oqJ+
R8cD34rySHqurlVk5K6zEVpTU1SJOsX06psOS92/BjiR+RmZxODPKIBpBs/LKX00
/IUbmF9/z+L7Ipg2kdul/Kw4fuLRrbbDxnKOWRP6N9MoPN51gSARlsy3AoGBANzx
FEi20qIOdjHM0TGala5QFeIZ9Il0YOSqDjyLqDbCQJTW/leYmTimxSgd1sM06K7W
6/eBm2GUMV/BDzkzhz23nDSYuFKg+Es47l+GqG2s2jnefl6W+ZJQ3Lt2q0DejK72
/niB6uA8YEh/yxXvKGqrzMexwyjb0MsH1UYhgfuRAoGBAJPIwLMP8mqFLfiyYmKa
myGpv1ZVlNGzxDzN23mwiKhbWwzVO5XsEm7T2IyzwMu55GyMVsX0cuIFByDnGjew
Pzn1AM0VUdgK/3LZD6I/SKxpeX4C+RzA8Mj9qtTsfdtt0Hirj+DRxy2ISuyp2Omq
Bm32Z15LEUX16ej+nZZNU2fpAoGBAMRN+tzEe497U+7ZcUEmfTl8dIUI1KnQWkqx
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
Oa5pPx0TLOLBbDhG8HiPON6YFyfE1nhQjkGVPjPK3OJE+BPDRajlLhnmcZCcOJao
56bZipI3CbgTi9O7C8XWFlZB6TyGTb+q6uFH3Wwv4TzqvegC7NwZ2xc=
-----END RSA PRIVATE KEY-----

Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.
 

ggr

Expert in Dunning-Kruger Effect!
Supporting Member
Mar 24, 2011
7,032
28,458
San Diego, CA
It looks like as map updates are being prepared for early next year (in Europe and probably in US), people should be extra careful about their wifi and cell providers.

I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.

The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.

Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.

It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.

Code:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxJIHhFmvyALnYHAGLrpkU6oUoCEizVPu+klDo9MGss8x9Uxw
JfOlTa40L78cDGA3kb79vgJTMkkKMnh0Xy27rXGkUpLaHttNJ/9P8k8z13MPQ8Ml
hFuF2/fe0ofDuBKJ/oFBPAFTB7WpzJ/SwGHzIJxTMOBBThkLzKDaRp26bvBX81p7
Uds1uuFDlz022C1Hn+rEtrBylHY+OpD2NEJ/Alo4IwOmhxKuAz7B3DDrXJZYrldb
IRhwE3/rjrnlx4diaucaQBxDONDy1rEQBzOqfgJmCO7vSK5WCkiMsOviezFkCuwl
zE3PBhgVqC5UxOR5PC2phQIJpf5nJx7TkFhgpwIDAQABAoIBAQCjZCqhZZdKbrd6
nsNU1hQMwyQv0jtGZw0OuBVkOEWqHbWOC0JxGWv+/N1eDsG2u8eU+yeZZ/9Vnga+
2wcIElCdJAgNpwlteqZQp9UBObqCzJ4UmkI2GYlTxV5OqxERkT9o8HGT+hnVH7iL
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
GBOxiVEEu0jKUj65Z2JfPXctQ0hpefrs03HRztjNchyHY2hUNafbIS2mhTgwkZlP
UgrwjHzFJW3NuJvHILLTp20yJwMd5rQtf2Pr/iA47BFFj9ER9JD/0xLU4hr/z8cn
OHVHfFQhAoGBAOPC9XOdTYew+H+IVp+ivyDyi4XkqdwTTNgoy0j2ypIYuiS/oqJ+
R8cD34rySHqurlVk5K6zEVpTU1SJOsX06psOS92/BjiR+RmZxODPKIBpBs/LKX00
/IUbmF9/z+L7Ipg2kdul/Kw4fuLRrbbDxnKOWRP6N9MoPN51gSARlsy3AoGBANzx
FEi20qIOdjHM0TGala5QFeIZ9Il0YOSqDjyLqDbCQJTW/leYmTimxSgd1sM06K7W
6/eBm2GUMV/BDzkzhz23nDSYuFKg+Es47l+GqG2s2jnefl6W+ZJQ3Lt2q0DejK72
/niB6uA8YEh/yxXvKGqrzMexwyjb0MsH1UYhgfuRAoGBAJPIwLMP8mqFLfiyYmKa
myGpv1ZVlNGzxDzN23mwiKhbWwzVO5XsEm7T2IyzwMu55GyMVsX0cuIFByDnGjew
Pzn1AM0VUdgK/3LZD6I/SKxpeX4C+RzA8Mj9qtTsfdtt0Hirj+DRxy2ISuyp2Omq
Bm32Z15LEUX16ej+nZZNU2fpAoGBAMRN+tzEe497U+7ZcUEmfTl8dIUI1KnQWkqx
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
Oa5pPx0TLOLBbDhG8HiPON6YFyfE1nhQjkGVPjPK3OJE+BPDRajlLhnmcZCcOJao
56bZipI3CbgTi9O7C8XWFlZB6TyGTb+q6uFH3Wwv4TzqvegC7NwZ2xc=
-----END RSA PRIVATE KEY-----

Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.
I don't know what that is, but it isn't a valid PGP key. Oh, I see, you have intentionally taken out some of the data. "I am leaving this line redacted ...". If you want to PM me the real thing, I can verify it, and I have contacts within Tesla's security team.
 

gjunky

Trifecta: Solar and both cars are EVs
Mar 26, 2012
1,252
417
Scottsdale, AZ
I don't know what that is, but it isn't a valid PGP key. Oh, I see, you have intentionally taken out some of the data. "I am leaving this line redacted ...". If you want to PM me the real thing, I can verify it, and I have contacts within Tesla's security team.
They would be able to verify it without that line of data....
 

mongo

Well-Known Member
May 3, 2017
13,790
44,183
Michigan
True, but I'm not going to bother them if it is fake. I value my industry connections.

You can only verify the complete key by running against the public version, so you could request an encrypted message instead as proof of having the true complete key.

Edit: typo
 

schonelucht

Well-Known Member
Mar 10, 2014
5,080
9,788
Nederland
@verygreen is a very credible user. Even if there is a change he is wrong, it would be irresponsible not to pass this info on to the right person if you have the inside contacts. Tesla and its customers can afford zero margin with everything related to security. And yes, being able to trick a car to execute a malicious maps update is a severe security breach.
 

NerdUno

Member
Dec 18, 2016
652
1,164
Charleston, SC
If all of it is real except for the missing line, I'm having a hard time believing someone simply guessed the remainder of the key. Seriously??

If that much of a private key has been compromised, the private key needs to be changed anyway. A supercomputer could make quick work of deciphering a single line of a private key. @verygreen already noted that the entire private key was publicly available for almost a year. That should scare the sh*t out of every Tesla owner!
 
Last edited:
  • Like
Reactions: davidc18

mongo

Well-Known Member
May 3, 2017
13,790
44,183
Michigan
If all of it is real except for the missing line, I'm having a hard time believing someone simply guessed the remainder of the key. Seriously??

If that much of a private key has been compromised, the private key needs to be changed anyway. A supercomputer could make quick work of deciphering a single line of a private key. @verygreen already noted that the entire private key was publicly available for almost a year. That should scare the sh*t out of every Tesla owner!

verygreen pulled out 4 lines of the 18, the fourth root of the key space is still a lot of permutations to run.
 

ggr

Expert in Dunning-Kruger Effect!
Supporting Member
Mar 24, 2011
7,032
28,458
San Diego, CA
OK, sorry for opening this can of worms. Here's the problem. Anyone can make up a PGP key pair and call it anything they want. I'm not saying that that is what @verygreen did, but I'm also not going to get people in Tesla spun up if it is a hoax. Even if it is a hoax, it might not have been done by him. Revealing the secret key to me would probably allow me to verify its validity; simply signing a message with it wouldn't (since it still could have been made up by him or me for that matter). Note also that secret keys are almost always exported password protected; even if the above key block is genuine and was revealed somehow, that doesn't necessarily mean that it's usable by anyone who doesn't know the password.

Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
 

NerdUno

Member
Dec 18, 2016
652
1,164
Charleston, SC
Scratching head: Can't believe we're having this conversation about an incredibly dangerous compromise in the overall security of every Tesla vehicle. This isn't a bug, it's a security f*ckup with extremely dangerous consequences to everyone who owns a Tesla vehicle. There's a very good reason that folks that build cars probably should not be entrusted to manage network security.
 

mongo

Well-Known Member
May 3, 2017
13,790
44,183
Michigan
OK, sorry for opening this can of worms. Here's the problem. Anyone can make up a PGP key pair and call it anything they want. I'm not saying that that is what @verygreen did, but I'm also not going to get people in Tesla spun up if it is a hoax. Even if it is a hoax, it might not have been done by him. Revealing the secret key to me would probably allow me to verify its validity; simply signing a message with it wouldn't (since it still could have been made up by him or me for that matter). Note also that secret keys are almost always exported password protected; even if the above key block is genuine and was revealed somehow, that doesn't necessarily mean that it's usable by anyone who doesn't know the password.

Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.

Purely as a discussion of cryptography:

For you to vet the full key before sending on to Tesla, you would need to run it against the reciprocal public key. Otherwise, it could be any generic PGP key.
If verygreen uses the full key to encrypt a message such as "Hey ggr, how's it going?" and sends that to you, you can then use the public key you would need in the previous step to decrypt and verify,
If you don't have the public key, then having the full private key from verygreen doesn't matter, since you would need to send to Tesla to verify regardless and they can check against the 14 lines and gain pretty good confidence.

Or am I missing something?
 

ggr

Expert in Dunning-Kruger Effect!
Supporting Member
Mar 24, 2011
7,032
28,458
San Diego, CA
Purely as a discussion of cryptography:

For you to vet the full key before sending on to Tesla, you would need to run it against the reciprocal public key. Otherwise, it could be any generic PGP key.
If verygreen uses the full key to encrypt a message such as "Hey ggr, how's it going?" and sends that to you, you can then use the public key you would need in the previous step to decrypt and verify,
If you don't have the public key, then having the full private key from verygreen doesn't matter, since you would need to send to Tesla to verify regardless and they can check against the 14 lines and gain pretty good confidence.

Or am I missing something?
You are missing something. This is a very common misunderstanding. Public key systems allow two types of paired operations. One is sign/verify, the other is encrypt/decrypt. One needs the secret half of the key to sign or to decrypt. So he can't use this secret key to encrypt a message to me; he would use my public key to do that. He could sign a message to me, which I could verify using the public key, but where would I get that public key in a trusted way? Note that of all the public key systems out there, only RSA uses the same mathematical operations under the covers, but even for RSA, signing is not simply encrypting with the secret key.

You are technically correct, in that either an appropriately signed message or the actual secret key would enable me to do whatever verification I wanted to do. I shouldn't have been so glib above. But I still have to go to some amount of great trouble to do that verification, since I can't just go to a keyserver and find a key that is called "Tesla map signing key" (that anyone could have created), so I want more than a blob of unusable text.
 

mongo

Well-Known Member
May 3, 2017
13,790
44,183
Michigan
You are missing something. This is a very common misunderstanding. Public key systems allow two types of paired operations. One is sign/verify, the other is encrypt/decrypt. One needs the secret half of the key to sign or to decrypt. So he can't use this secret key to encrypt a message to me; he would use my public key to do that. He could sign a message to me, which I could verify using the public key, but where would I get that public key in a trusted way? Note that of all the public key systems out there, only RSA uses the same mathematical operations under the covers, but even for RSA, signing is not simply encrypting with the secret key.

You are technically correct, in that either an appropriately signed message or the actual secret key would enable me to do whatever verification I wanted to do. I shouldn't have been so glib above. But I still have to go to some amount of great trouble to do that verification, since I can't just go to a keyserver and find a key that is called "Tesla map signing key" (that anyone could have created), so I want more than a blob of unusable text.

Ah, thank you for clearing that up! ( I deal with software that exists in the encrypted state and gets converted back on-chip, so I was pre-biased to the more symmetric side of things)
 
  • Like
Reactions: neroden

verygreen

Curious member
Jan 16, 2017
2,947
11,526
TN
Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
Of course I got them notified the second I found about this using the way outlined on their website, but it did not really lead to anything.

but where would I get that public key in a trusted way?
You would get the public key from your car, obviously, every car has it.

Anyway, I got contacted by Tesla security by email and they are claiming they never got my mail this time (though they did in the past), so they are looking into this.
 

Products we're discussing on TMC...

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top