Exactly.There are, like the people that are refusing to upgrade from 6.2 or 7.0. (Or didn't get the 7.1 security update before the 8.0 push and now they don't want to install 8.0 because of something like the media player handling of USB drives.)
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
Exactly.There are, like the people that are refusing to upgrade from 6.2 or 7.0. (Or didn't get the 7.1 security update before the 8.0 push and now they don't want to install 8.0 because of something like the media player handling of USB drives.)
The web browser had to be actively used from what I read. And a fixed access point would only be in range for 10 seconds. So it would take a good bit of luck for this exploit to be used.
Of course, could follow someone, amplifiers, directional antennas, etc.
But how many actively use the web browser when driving?
The patch came out early last week (on a Sunday) right? My "thousands" was just a guess based on 98% coverage of 150k cars. Even if they missed 1% it's 1500. Not out of the realm of doubt with people traveling, not accepting updates, etc.There are some unpatched cars. But thousands? Doubtful. Tesla has rolled the update out to every connected vehicle so it is on the owner at this point to decide whether or not to upgrade.
Wait until you get your car. Tesla's browser is very locked down and crippled from executing most code.Im not so sure you would have to use the browser for it to be exploitable from what i read.
Have you ever connected to a hotel or hospital wifi and had that popup automatically show up asking you to log in or accept some terms of service, its called a captive portal.
I wonder if a captive portal couldn't be used to execute some javascript and trigger an exploit without the target using the browser.
if tesla doesn't block captive portal popups that could have been an attack vector, just a thought.
Regarding distance there are off the shelf amplifiers capable of connecting/attacking targets miles away, granted they are directional, on a straight stretch of highway all you'd have to do is point the antenna in the right direction and depending on the speed of traffic you could have several minutes to compromise vehicles.... in that case it would be nice wise to turn off wifi while traveling.
does anyone know if you can turn off wifi on the tesla?
The patch came out early last week (on a Sunday) right? My "thousands" was just a guess based on 98% coverage of 150k cars. Even if they missed 1% it's 1500. Not out of the realm of doubt with people traveling, not accepting updates, etc.
I think thats right but the Elon/Keen back and forth is left open when Keen said that if Elon agreed they would release the details and then radio silence from Elon. Could be he's buying time to patch as many cars as possible as fast as possible before Keen goes public. Who knows. BTW saw our own Jason (wk057) got in on the convo.Ok fair. But the exploit itself has not even been disclosed so those cars are not in imment danger of being pwned.
I take it you haven't read the OP??? They remotely controlled the car's brakes and displays. That's a little more than just honking a horn and leads you to wonder what else can be controlled.I have absolutely no concern about someone trying to hack my car and honk the horn or flash the lights. Much, much more serious hacks happening at large corporations and in our political parties. Tesla seems to be doing a great job as I have never heard of someone reporting a hack occurring on any of the more than 100,000 Teslas on the road. I expect they will be even more vigilant in the future.
I think thats right but the Elon/Keen back and forth is left open when Keen said that if Elon agreed they would release the details and then radio silence from Elon. Could be he's buying time to patch as many cars as possible as fast as possible before Keen goes public. Who knows. BTW saw our own Jason (wk057) got in on the convo.
You probably mean restraining orders and that was a good move.I have it from 2 sources that Tesla slapped them hard with NDAs after that tweet. The days of Mahaffey and Rogers giving hour long presentations about the cars internals are over.
Of course there are unpatched cars. Tesla stupidly decided to withhold security updates from people unless they agree to allow Tesla to remove other features in the process. It was a horrible decision on Tesla's part which guarantees there will be people who won't install the security patch.
NDA won't work because as you say it's an agreement between the parties but the restraining order is possible as it's just a temporary court order issued to prohibit the group or individual from carrying out a particular action. In this case Tesla could also claim both potential harm to them and their customers.Of course there are unpatched cars. Tesla stupidly decided to withhold security updates from people unless they agree to allow Tesla to remove other features in the process. It was a horrible decision on Tesla's part which guarantees there will be people who won't install the security patch.
Removing features after you deliver them will never engender the trust you need from your users to ensure compliance with security updates.
As for NDAs/restraining orders, Tesla has no legal basis for a restraining order as no law has been broken. As for an NDA, Tesla can try that, but it's entirely voluntary on the other party's side as to whether they chose to sign it, so Tesla would have to provide some incentive to do so (probably large amounts of $ which are being severely mis-spent as security through obscurity is well known to not work)
A restraining order is meant to prevent something from happening. For example an order that your ex girlfriend cannot come within 500' of your work or home. Anyway, we digress.On the contrary, NDA could work as there'd be compensation for the other party, restraining order can't work as there's no law being broken.
Yes possible. According to Jason the bounty isn't all that much but everything is relative.On the contrary, NDA could work as there'd be compensation for the other party, restraining order can't work as there's no law being broken.
You can't get a restraining order to keep your ex girlfriend 500' away from your work or home unless you can prove there's a reasonable risk that she'll do something illegal such as assault you.A restraining order is meant to prevent something from happening. For example an order that your ex girlfriend cannot come within 500' of your work or home. Anyway, we digress.