-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Im not so sure you would have to use the browser for it to be exploitable from what i read.
Have you ever connected to a hotel or hospital wifi and had that popup automatically show up asking you to log in or accept some terms of service, its called a captive portal.
I wonder if a captive portal couldn't be used to execute some javascript and trigger an exploit without the target using the browser.
if tesla doesn't block captive portal popups that could have been an attack vector, just a thought.
Regarding distance there are off the shelf amplifiers capable of connecting/attacking targets miles away, granted they are directional, on a straight stretch of highway all you'd have to do is point the antenna in the right direction and depending on the speed of traffic you could have several minutes to compromise vehicles.... in that case it would be nice wise to turn off wifi while traveling.
does anyone know if you can turn off wifi on the tesla?
The patch came out early last week (on a Sunday) right? My "thousands" was just a guess based on 98% coverage of 150k cars. Even if they missed 1% it's 1500. Not out of the realm of doubt with people traveling, not accepting updates, etc.
Wait until you get your car. Tesla's browser is very locked down and crippled from executing most code.
Ok fair. But the exploit itself has not even been disclosed so those cars are not in imment danger of being pwned.
I think thats right but the Elon/Keen back and forth is left open when Keen said that if Elon agreed they would release the details and then radio silence from Elon. Could be he's buying time to patch as many cars as possible as fast as possible before Keen goes public. Who knows. BTW saw our own Jason (wk057) got in on the convo.
jcaspar
Member
I have absolutely no concern about someone trying to hack my car and honk the horn or flash the lights. Much, much more serious hacks happening at large corporations and in our political parties. Tesla seems to be doing a great job as I have never heard of someone reporting a hack occurring on any of the more than 100,000 Teslas on the road. I expect they will be even more vigilant in the future.
I take it you haven't read the OP??? They remotely controlled the car's brakes and displays. That's a little more than just honking a horn and leads you to wonder what else can be controlled.
I have it from 2 sources that Tesla slapped them hard with NDAs after that tweet. The days of Mahaffey and Rogers giving hour long presentations about the cars internals are over.
Well I do think that hackers have a right to share their findings with interested parties. It's what the Blackhat and Defcon conferences are about, which is where Charlie Miller was able to disclose his findings about Jeep. And Rogers and Mahaffey about the Model S. And many others.
Granted, the responsible thing to do is to inform the manufacturer and allow a grace period to enable folks to update. But once a few weeks pass the legal red tape ought to be lifted and the hackers should go public.
Granted, the responsible thing to do is to inform the manufacturer and allow a grace period to enable folks to update. But once a few weeks pass the legal red tape ought to be lifted and the hackers should go public.
green1
Active Member
Of course there are unpatched cars. Tesla stupidly decided to withhold security updates from people unless they agree to allow Tesla to remove other features in the process. It was a horrible decision on Tesla's part which guarantees there will be people who won't install the security patch.
Removing features after you deliver them will never engender the trust you need from your users to ensure compliance with security updates.
As for NDAs/restraining orders, Tesla has no legal basis for a restraining order as no law has been broken. As for an NDA, Tesla can try that, but it's entirely voluntary on the other party's side as to whether they chose to sign it, so Tesla would have to provide some incentive to do so (probably large amounts of $ which are being severely mis-spent as security through obscurity is well known to not work)
Removing features after you deliver them will never engender the trust you need from your users to ensure compliance with security updates.
As for NDAs/restraining orders, Tesla has no legal basis for a restraining order as no law has been broken. As for an NDA, Tesla can try that, but it's entirely voluntary on the other party's side as to whether they chose to sign it, so Tesla would have to provide some incentive to do so (probably large amounts of $ which are being severely mis-spent as security through obscurity is well known to not work)
I wonder if the AP tiles format has changed, such that AP 7.x cars will stop getting tile updates as the fleet moves to 8.x. Or will they even stop supporting the AP 7.x tiles completely?
NDA won't work because as you say it's an agreement between the parties but the restraining order is possible as it's just a temporary court order issued to prohibit the group or individual from carrying out a particular action. In this case Tesla could also claim both potential harm to them and their customers.
green1
Active Member
On the contrary, NDA could work as there'd be compensation for the other party, restraining order can't work as there's no law being broken.
A restraining order is meant to prevent something from happening. For example an order that your ex girlfriend cannot come within 500' of your work or home. Anyway, we digress.
Yes possible. According to Jason the bounty isn't all that much but everything is relative.
green1
Active Member
You can't get a restraining order to keep your ex girlfriend 500' away from your work or home unless you can prove there's a reasonable risk that she'll do something illegal such as assault you.
A restraining order is meant to prevent an anticipated illegal action. There is nothing illegal being threatened.
