Well, it seems they managed to break out of the web browser isolation to inject stuff on the CANbus. That is super useful.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Well, it seems they managed to break out of the web browser isolation to inject stuff on the CANbus. That is super useful.
GlmnAlyAirCar
Active Member
I didn't think the passenger seat could be controlled through the MCU either, but it appears to have moved on one of the demos. Perhaps this feature just isn't implemented in any of the MCU apps.
I was gonna say the exact same thing, then I realised GlmnAlyAirCar said passenger seat, which isn't remembered/controlled by driver profiles.
GlmnAlyAirCar
Active Member
Yes, passenger seat. I actually use profiles to move my drivers seat around when vacuuming the car. It would be nice if the pax seat had the same capability.
In this case, I think the lesson is not to connect to an untrusted Wi-Fi network.
RogerHScott
Active Member
You're assuming that every patch is an improvement. In the safety-critical world you need to assume that all software changes --
however well-intentioned -- are guilty until proven innocent. There's a good reason airplanes run ancient software on "obsolete"
hardware.
RogerHScott
Active Member
I think that's very good advice. Or, more generally, to known-safe networks, which might include those at service centers.
scottf200
Well-Known Member
It appeared from the video that they were able to take control of the car after he searched for the closest charger. Not sure what that has to do with wifi or the browser. Apparently I missed something.
I'm in agreement that this statement is true probably for anything not just your car. You seem to know a little bit about IT security and as someone who has been the head of Cybersecurity at a Fortune 20 company at the highest level for almost 20 years your statement "I don't buy the argument that computer systems aren't 100% safe, so it's excusable that they get hacked..." is either naive or misinformed. Unfortunately it's a fact of life. Technology layers and testing help but sadly nothing is 100% safe. Not in the private sector, not in government institutions or infrasture no where. As a shareholder I hope Tesla is doing everything they can to make sure they are as close to 100% as possible but it's unrealistic to expect perfection. Things like this will happen from time to time. If they have a vulnerable gateway or OS they should fix it ASAP.
Last edited:
HankLloydRight
No Roads
HankLloydRight
No Roads
I assume he used the browser to search for a local charging location (not necessarily a supercharger). The hack requires a rouge website and accessing a compromised wi-fi network.
HankLloydRight
No Roads
If GM and Toyota can produce millions of cars with real physical defects (that they knew about and hid) that actually killed hundreds of people, I think Tesla will survive a software exploit that requires a specific set of unlikely circumstances (rouge website and hacked wi-fi network) that hasn't been exploited in the real world (as far as we know), and nobody was injured or killed, and Tesla issued a firmware update within a day to address the problem (which didn't require the physical recall of millions of vehicles)... no, I don't think this would prove fatal for both Tesla customers and Tesla the company. So can we please dial down the sensationalistic hyperbole? Thanks.
RogerHScott
Active Member
Why does the color matter? Or did you mean "rogue"?
RogerHScott
Active Member
What website do you think you're on, again?
It's pretty amazing that what would take any other car manufacturer months to accomplish can be done almost instantaneously with our car. Welcome to the future!
Lets face it - security plays second fiddle in daily operations of most companies. We just expect more from Tesla.
If security researchers were able to execute reply and/or man in the middle attack that means that Tesla has failed to use strong encryption and I think this should count as a significant fail.
