schonelucht
Well-Known Member
It's not worth hacking the car to get the webbrowser, it really isn't that useful anyway.
Well, it seems they managed to break out of the web browser isolation to inject stuff on the CANbus. That is super useful.
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
It's not worth hacking the car to get the webbrowser, it really isn't that useful anyway.
I didn't think the passenger seat could be controlled through the MCU either, but it appears to have moved on one of the demos. Perhaps this feature just isn't implemented in any of the MCU apps.The hack was to the MCU, which has a button to apply the parking brake. Regular braking wouldn't have been accessible to the MCU (I don't think).
Consider that driver profiles are controlled by the MCU and that the driver profile can move the seat. That suggests to me that the MCU can move the seat, even if there's not a direct UI control for it.I didn't think the passenger seat could be controlled through the MCU either, but it appears to have moved on one of the demos. Perhaps this feature just isn't implemented in any of the MCU apps.
I was gonna say the exact same thing, then I realised GlmnAlyAirCar said passenger seat, which isn't remembered/controlled by driver profiles.Consider that driver profiles are controlled by the MCU and that the drive profile can move the seat. That suggests to me that the MCU can move the seat, even if there's not a direct UI control for it.
I was gonna say the exact same thing, then I realised GlmnAlyAirCar said passenger seat, which isn't remembered/controlled by driver profiles.
So, in other words:
1. If you don't want to be hacked, a...
You're assuming that every patch is an improvement. In the safety-critical world you need to assume that all software changes --Tesla almost certainly deployed an unpatched version of Linux
I think that's very good advice. Or, more generally, to known-safe networks, which might include those at service centers.That suggests that Tesla owners should be cautious about what Wi-FI networks they connect their cars to and perhaps it would be prudent to only connect to their own private networks.
I'm in agreement that this statement is true probably for anything not just your car. You seem to know a little bit about IT security and as someone who has been the head of Cybersecurity at a Fortune 20 company at the highest level for almost 20 years your statement "I don't buy the argument that computer systems aren't 100% safe, so it's excusable that they get hacked..." is either naive or misinformed. Unfortunately it's a fact of life. Technology layers and testing help but sadly nothing is 100% safe. Not in the private sector, not in government institutions or infrasture no where. As a shareholder I hope Tesla is doing everything they can to make sure they are as close to 100% as possible but it's unrealistic to expect perfection. Things like this will happen from time to time. If they have a vulnerable gateway or OS they should fix it ASAP.In this case, I think the lesson is not to connect to an untrusted Wi-Fi network.
It appeared from the video that they were able to take control of the car after he searched for the closest charger. Not sure what that has to do with wifi or the browser. Apparently I missed something.
That could prove fatal for both customers and the company.
Why does the color matter? Or did you mean "rogue"?The hack requires a rouge website
What website do you think you're on, again?So can we please dial down the sensationalistic hyperbole?
It's pretty amazing that what would take any other car manufacturer months to accomplish can be done almost instantaneously with our car. Welcome to the future!If GM and Toyota can produce millions of cars with real physical defects (that they knew about and hid) that actually killed hundreds of people, I think Tesla will survive a software exploit that requires a specific set of unlikely circumstances (rouge website and hacked wi-fi network) that hasn't been exploited in the real world (as far as we know), and nobody was injured or killed, and Tesla issued a firmware update within a day to address the problem (which didn't require the physical recall of millions of vehicles)... no, I don't think this would prove fatal for both Tesla customers and Tesla the company. So can we please dial down the sensationalistic hyperbole? Thanks.
I'm in agreement that this statement is true probably for anything not just your car. You seem to know a little bit about IT security and as someone who has been the head of Cybersecurity at a Fortune 20 company at the highest level for almost 20 years your statement "I don't buy the argument that computer systems aren't 100% safe, so it's excusable that they get hacked..." is either naive or misinformed. Unfortunately it's a fact of life. Technology layers and testing help but sadly nothing is 100% safe. Not in the private sector, not in government institutions or infrasture no where. As a shareholder I hope Tesla is doing everything they can to make sure they are as close to 100% as possible but it's unrealistic to expect perfection. Things like this will happen from time to time. If they have a vulnerable gateway or OS they should fix it ASAP.
First Tesla Model S remotely controlled by hackers, Tesla already pushed a fixUpdate: Tesla sent us the following statement confirming that they needed to connect to a wifi hotspot:
“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research. “