TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC

Be careful where you let your car ride on wifi in the coming weeks

Discussion in 'Tesla, Inc.' started by verygreen, Dec 26, 2017.

  1. verygreen

    verygreen Curious member

    Joined:
    Jan 16, 2017
    Messages:
    2,559
    Location:
    TN
    It looks like as map updates are being prepared for early next year (in Europe and probably in US), people should be extra careful about their wifi and cell providers.

    I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.

    The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
    Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
    This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.

    Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
    And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.

    It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.

    Code:
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEAxJIHhFmvyALnYHAGLrpkU6oUoCEizVPu+klDo9MGss8x9Uxw
    JfOlTa40L78cDGA3kb79vgJTMkkKMnh0Xy27rXGkUpLaHttNJ/9P8k8z13MPQ8Ml
    hFuF2/fe0ofDuBKJ/oFBPAFTB7WpzJ/SwGHzIJxTMOBBThkLzKDaRp26bvBX81p7
    Uds1uuFDlz022C1Hn+rEtrBylHY+OpD2NEJ/Alo4IwOmhxKuAz7B3DDrXJZYrldb
    IRhwE3/rjrnlx4diaucaQBxDONDy1rEQBzOqfgJmCO7vSK5WCkiMsOviezFkCuwl
    zE3PBhgVqC5UxOR5PC2phQIJpf5nJx7TkFhgpwIDAQABAoIBAQCjZCqhZZdKbrd6
    nsNU1hQMwyQv0jtGZw0OuBVkOEWqHbWOC0JxGWv+/N1eDsG2u8eU+yeZZ/9Vnga+
    2wcIElCdJAgNpwlteqZQp9UBObqCzJ4UmkI2GYlTxV5OqxERkT9o8HGT+hnVH7iL
    IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
    GBOxiVEEu0jKUj65Z2JfPXctQ0hpefrs03HRztjNchyHY2hUNafbIS2mhTgwkZlP
    UgrwjHzFJW3NuJvHILLTp20yJwMd5rQtf2Pr/iA47BFFj9ER9JD/0xLU4hr/z8cn
    OHVHfFQhAoGBAOPC9XOdTYew+H+IVp+ivyDyi4XkqdwTTNgoy0j2ypIYuiS/oqJ+
    R8cD34rySHqurlVk5K6zEVpTU1SJOsX06psOS92/BjiR+RmZxODPKIBpBs/LKX00
    /IUbmF9/z+L7Ipg2kdul/Kw4fuLRrbbDxnKOWRP6N9MoPN51gSARlsy3AoGBANzx
    FEi20qIOdjHM0TGala5QFeIZ9Il0YOSqDjyLqDbCQJTW/leYmTimxSgd1sM06K7W
    6/eBm2GUMV/BDzkzhz23nDSYuFKg+Es47l+GqG2s2jnefl6W+ZJQ3Lt2q0DejK72
    /niB6uA8YEh/yxXvKGqrzMexwyjb0MsH1UYhgfuRAoGBAJPIwLMP8mqFLfiyYmKa
    myGpv1ZVlNGzxDzN23mwiKhbWwzVO5XsEm7T2IyzwMu55GyMVsX0cuIFByDnGjew
    Pzn1AM0VUdgK/3LZD6I/SKxpeX4C+RzA8Mj9qtTsfdtt0Hirj+DRxy2ISuyp2Omq
    Bm32Z15LEUX16ej+nZZNU2fpAoGBAMRN+tzEe497U+7ZcUEmfTl8dIUI1KnQWkqx
    IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
    IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
    IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
    Oa5pPx0TLOLBbDhG8HiPON6YFyfE1nhQjkGVPjPK3OJE+BPDRajlLhnmcZCcOJao
    56bZipI3CbgTi9O7C8XWFlZB6TyGTb+q6uFH3Wwv4TzqvegC7NwZ2xc=
    -----END RSA PRIVATE KEY-----
    
    Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.
     
    • x 34
    • x 6
    • x 3
    • x 1
    • x 1
  2. AnxietyRanger

    AnxietyRanger Well-Known Member

    Joined:
    Aug 22, 2014
    Messages:
    9,408
    Location:
    EU
    FWIW, @verygreen, you are leaving us with style. Either that, or you're throwing a handgrenade from the doorway as you exit.

    I'm not quite sure which. :) Good luck for your next car!
     
    • Like x 3
  3. BinaryField

    BinaryField Member

    Joined:
    Sep 21, 2017
    Messages:
    296
    Location:
    Earth
    As much as I dislike Tesla pseudo-news sites, can this be forwarded to any of them? It might guarantee attention from the company.
     
    • Like x 1
  4. Tiger

    Tiger Active Member

    Joined:
    Oct 31, 2016
    Messages:
    1,108
    Location:
    Estonia
  5. ggr

    ggr Expert in Dunning-Kruger Effect!

    Joined:
    Mar 24, 2011
    Messages:
    5,934
    Location:
    San Diego, CA
    I don't know what that is, but it isn't a valid PGP key. Oh, I see, you have intentionally taken out some of the data. "I am leaving this line redacted ...". If you want to PM me the real thing, I can verify it, and I have contacts within Tesla's security team.
     
    • Helpful x 4
    • Like x 3
    • Informative x 1
    • Disagree x 1
  6. gjunky

    gjunky Trifecta: Solar and both cars are EVs

    Joined:
    Mar 26, 2012
    Messages:
    1,220
    Location:
    Scottsdale, AZ
    They would be able to verify it without that line of data....
     
    • Like x 5
  7. ggr

    ggr Expert in Dunning-Kruger Effect!

    Joined:
    Mar 24, 2011
    Messages:
    5,934
    Location:
    San Diego, CA
    True, but I'm not going to bother them if it is fake. I value my industry connections.
     
    • Like x 2
    • Disagree x 2
  8. mongo

    mongo Well-Known Member

    Joined:
    May 3, 2017
    Messages:
    11,256
    Location:
    Michigan
    You can only verify the complete key by running against the public version, so you could request an encrypted message instead as proof of having the true complete key.

    Edit: typo
     
  9. schonelucht

    schonelucht Well-Known Member

    Joined:
    Mar 10, 2014
    Messages:
    5,042
    Location:
    Nederland
    @verygreen is a very credible user. Even if there is a change he is wrong, it would be irresponsible not to pass this info on to the right person if you have the inside contacts. Tesla and its customers can afford zero margin with everything related to security. And yes, being able to trick a car to execute a malicious maps update is a severe security breach.
     
    • Like x 4
  10. NerdUno

    NerdUno Member

    Joined:
    Dec 18, 2016
    Messages:
    640
    Location:
    Charleston, SC
    #10 NerdUno, Dec 27, 2017
    Last edited: Dec 27, 2017
    If all of it is real except for the missing line, I'm having a hard time believing someone simply guessed the remainder of the key. Seriously??

    If that much of a private key has been compromised, the private key needs to be changed anyway. A supercomputer could make quick work of deciphering a single line of a private key. @verygreen already noted that the entire private key was publicly available for almost a year. That should scare the sh*t out of every Tesla owner!
     
    • Like x 1
  11. mongo

    mongo Well-Known Member

    Joined:
    May 3, 2017
    Messages:
    11,256
    Location:
    Michigan
    verygreen pulled out 4 lines of the 18, the fourth root of the key space is still a lot of permutations to run.
     
  12. ggr

    ggr Expert in Dunning-Kruger Effect!

    Joined:
    Mar 24, 2011
    Messages:
    5,934
    Location:
    San Diego, CA
    OK, sorry for opening this can of worms. Here's the problem. Anyone can make up a PGP key pair and call it anything they want. I'm not saying that that is what @verygreen did, but I'm also not going to get people in Tesla spun up if it is a hoax. Even if it is a hoax, it might not have been done by him. Revealing the secret key to me would probably allow me to verify its validity; simply signing a message with it wouldn't (since it still could have been made up by him or me for that matter). Note also that secret keys are almost always exported password protected; even if the above key block is genuine and was revealed somehow, that doesn't necessarily mean that it's usable by anyone who doesn't know the password.

    Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
     
    • Disagree x 7
    • Like x 1
  13. NerdUno

    NerdUno Member

    Joined:
    Dec 18, 2016
    Messages:
    640
    Location:
    Charleston, SC
    Scratching head: Can't believe we're having this conversation about an incredibly dangerous compromise in the overall security of every Tesla vehicle. This isn't a bug, it's a security f*ckup with extremely dangerous consequences to everyone who owns a Tesla vehicle. There's a very good reason that folks that build cars probably should not be entrusted to manage network security.
     
    • Like x 2
  14. mongo

    mongo Well-Known Member

    Joined:
    May 3, 2017
    Messages:
    11,256
    Location:
    Michigan
    Purely as a discussion of cryptography:

    For you to vet the full key before sending on to Tesla, you would need to run it against the reciprocal public key. Otherwise, it could be any generic PGP key.
    If verygreen uses the full key to encrypt a message such as "Hey ggr, how's it going?" and sends that to you, you can then use the public key you would need in the previous step to decrypt and verify,
    If you don't have the public key, then having the full private key from verygreen doesn't matter, since you would need to send to Tesla to verify regardless and they can check against the 14 lines and gain pretty good confidence.

    Or am I missing something?
     
    • Like x 5
    • Informative x 1
  15. ggr

    ggr Expert in Dunning-Kruger Effect!

    Joined:
    Mar 24, 2011
    Messages:
    5,934
    Location:
    San Diego, CA
    You are missing something. This is a very common misunderstanding. Public key systems allow two types of paired operations. One is sign/verify, the other is encrypt/decrypt. One needs the secret half of the key to sign or to decrypt. So he can't use this secret key to encrypt a message to me; he would use my public key to do that. He could sign a message to me, which I could verify using the public key, but where would I get that public key in a trusted way? Note that of all the public key systems out there, only RSA uses the same mathematical operations under the covers, but even for RSA, signing is not simply encrypting with the secret key.

    You are technically correct, in that either an appropriately signed message or the actual secret key would enable me to do whatever verification I wanted to do. I shouldn't have been so glib above. But I still have to go to some amount of great trouble to do that verification, since I can't just go to a keyserver and find a key that is called "Tesla map signing key" (that anyone could have created), so I want more than a blob of unusable text.
     
    • Informative x 1
    • Disagree x 1
  16. NerdUno

    NerdUno Member

    Joined:
    Dec 18, 2016
    Messages:
    640
    Location:
    Charleston, SC
    And @verygreen should turn over a private key to someone with an anonymous handle of @ggr because you say you know someone who knows someone at Tesla. Perhaps @JonMc would be a better option after all.
     
    • Like x 3
    • Funny x 1
  17. mongo

    mongo Well-Known Member

    Joined:
    May 3, 2017
    Messages:
    11,256
    Location:
    Michigan
    Ah, thank you for clearing that up! ( I deal with software that exists in the encrypted state and gets converted back on-chip, so I was pre-biased to the more symmetric side of things)
     
    • Like x 1
  18. verygreen

    verygreen Curious member

    Joined:
    Jan 16, 2017
    Messages:
    2,559
    Location:
    TN
    Of course I got them notified the second I found about this using the way outlined on their website, but it did not really lead to anything.

    You would get the public key from your car, obviously, every car has it.

    Anyway, I got contacted by Tesla security by email and they are claiming they never got my mail this time (though they did in the past), so they are looking into this.
     
    • Like x 20
    • Informative x 4
    • Love x 3
  19. arcus

    arcus Active Member

    Joined:
    Aug 11, 2017
    Messages:
    1,264
    Location:
    Denton, TX
    Glad that you have received a response. Thanks for bringing this up!
     
  20. kvandivo

    kvandivo Member

    Joined:
    Sep 11, 2017
    Messages:
    176
    Location:
    Downstate Illinois
    #20 kvandivo, Dec 27, 2017
    Last edited: Dec 27, 2017
    Did they also offer you a job?
     
    • Funny x 5
    • Like x 3
    • Love x 2

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


    SUPPORT TMC