TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Does Tesla have any anti "Hacking" software to prevent a hack on the car?

Discussion in 'Tesla Motors' started by Judge Advocate, Jul 24, 2015.

  1. Judge Advocate

    Joined:
    Mar 31, 2015
    Messages:
    154
    Location:
    Mississauga, On, Can
    I'm hoping my Tesla is hack proof. i would hate to have a hacker turn the car off while I am on the freeway. Not good!
     
  2. muleferg

    muleferg Member

    Joined:
    Dec 15, 2013
    Messages:
    735
    Location:
    North Wilkesboro, NC
    Good story in USA Today. 7/24/15
     
  3. CmdrThor

    CmdrThor Member

    Joined:
    Jul 24, 2013
    Messages:
    854
    Location:
    Marietta, GA
    Your question is a bit odd. Tesla has surely designed the Model S with security in mind, but with that being said, whatever Tesla has the capability to do from headquarters or you have the capability to do from your phone, it is possible a hacker could gain access to do the same. Security is a constant battle between trying to provide useful features in our ever increasingly connected world and trying to prevent unauthorized people from accessing those features.
     
  4. meloccom

    meloccom Moderator Aus/NZ

    Joined:
    Feb 11, 2008
    Messages:
    1,316
    Location:
    Sydney Australia
    A Model S was the subject of a hacking contest last year with a prize if $10,000 and no one was able to win the full prize as they only got the doors to unlock and no control of the car driving systems was established.
    Tesla Model S Hacked In Chinese Contest
     
  5. drinkerofkoolaid

    drinkerofkoolaid Active Member

    Joined:
    Nov 3, 2012
    Messages:
    1,624
    Location:
    F
    #5 drinkerofkoolaid, Jul 24, 2015
    Last edited: Jul 24, 2015
    Tesla likely has security measures in place that would notify Tesla and the owner of the vehicle immediately if someone was trying to hack into a Tesla. If this doesn't already exist, it should, and would likely be easy to implement. Perhaps something as simple as a weight sensor that makes sure the vehicle can't start unless a user specific password (and/or fingerprint?) is entered, if someone isn't in the seat, assuming it isn't already there? Anything can be hacked. A problem exists if it can be hacked without Tesla or the owner noticing.

    This is what I would call the iPhone finger print sensor hack fallacy. When Apple added the fingerprint sensor, people said theifs would go around cutting off people's fingers, or would be able to steal someone's finger print from a cup or whatever and use it to break into their phone. :/ How many incidents of this have there been? Probably close to 0.

    Even if someone could use sophisticated techniques to steal a Tesla, it is very likely they would get caught very quickly. If a person is intelligent enough to know how to break into a Tesla without being noticed and disable everything that would allow the vehicle to be found, why are they wasting their time stealing vehicles? Also, the vehicle would basically be worthless, since it could never be taken to a service center. Transferring ownership of a vehicle is not as simple as transferring ownership of a phone.

    As for a hacker remotely deactivating a Tesla, I have to believe there are multiple layers of security in place that would make it impossible to do this, and that even if it could be done, Tesla would know it was happening well before it happened, giving them time to notify the owner, and prevent it.
     
  6. JER

    JER Member

    Joined:
    Apr 25, 2015
    Messages:
    285
    Location:
    Bristol, UK
    If you're thinking along the lines of antivirus software for your car, that's not how these things work. There doesn't have to be a specific "anti hacking software" for it to be secure; the systems just have to be engineered to reject illicit commands.

    "Exploits" are ways of bypassing validation in ways the software engineers didn't anticipate or prevent. Thorough and disciplined engineering, combined with review and patching, is what keeps them closed.

    Tesla have a (currently) unique advantage here, as when security flaws are found they can deploy patches automatically (unlike Fiat/Chrysler and their now recalled Uconnect platform.)

    However, there is some evidence of intrusion detection systems in the Model S; there have been reports here of people being called by Tesla after probing their car's internal network.

    IDS generally suck in regular computer networks, but apparently they can work quite well in cars due to the high predictability of normal functions. It would make good sense for Tesla to use something like this to detect penetration attempts to better focus their own security hardening.
     
  7. drinkerofkoolaid

    drinkerofkoolaid Active Member

    Joined:
    Nov 3, 2012
    Messages:
    1,624
    Location:
    F
    #7 drinkerofkoolaid, Jul 24, 2015
    Last edited: Jul 24, 2015
    Not thinking about anything close to antivirus. Unless I'm mistaken, it shouldn't be possible to get "infected files" on a Tesla vehicle, unless you're tinkering with things you shouldn't be tinkering with, which is why it should be easy to detect any type of intrusion. This is one reason I have doubts there will ever be an App Store for Tesla, unless it requires extremely strict developer guidelines, that go well beyond what Apple requires.

    I'm thinking about how Tesla is able to detect any activity with a vehicle, that would not be normal, in the same way Tesla can identify a problem/malfunction remotely, and instruct the driver what type of actions are necessary.
     
  8. Ziggy

    Ziggy Member

    Joined:
    Jul 3, 2013
    Messages:
    42
    Location:
    California
    I found this article, for what it's worth:
    Security researchers plan to reveal vulnerabilities in Tesla’s Model S at the Defcon hacking conference next month, according to Forbes. They haven’t given a hint about what weaknesses they’ve uncovered, but have apparently promised their talk will be “epic.” Tesla vehicles are among the most-connected cars out there; the company is known for doling out cool upgrades via software updates. Tesla Model S Digital Weaknesses To Be Exposed By Hackers Next Month - Forbes
     
  9. manis

    manis Member

    Joined:
    Jun 12, 2015
    Messages:
    84
    Location:
    Bay Area, CA
    It isn't a fallacy, it has been proven that touchID could be bypassed and using the known (non harmful) methods has probably been done.

    I never like mentioning this, but since it came up... The threat model is different. When you are talking about a small mobile device or something that can remain unlocked or needed for a short period of time you don't need to remove a finger. Removing a finger would change the classification of the crime and something most people can't stomach. Those that can stomach it aren't going to go after just your phone. If someone wants access to the phone they can use the known attacks, force them, knock them out, get them drunk, or something else that doesn't require permanent physical damage. All they need to do is get immediate access to a device that they can make sure stays unlocked as they run away with it. When you are talking about a car you might be able to do the same things, but it is harder or more noticeable. You would need a finger to be able to start the car and you can't keep it running indefinitely. If they add a pulse sensor to the scanner then instead of only physical harm you are adding in kidnapping and most likely physical harm. Also unless the information on the phone is very high value, which isn't in most people's case, the value of a phone is way lower than a $120k+ car. So IMO adding a fingerprint scanner to a car adds a lot more risk to drivers and shouldn't be done. That goes for any biometrics in cars. Most of the time when you see biometrics there are cameras and physical security (somewhere on location) present that can capture any wrong doing, but in a car you would never have that footage going to a remote location to assist in prosecution. Adding biometrics would be bad, adding biometrics that require a human to be present would be worse. As they say, never let them take you to a second location and I think more often than not that would be the case.
     
  10. mkjayakumar

    mkjayakumar Active Member

    Joined:
    Aug 18, 2012
    Messages:
    1,725
    Location:
    Plano, TX
    Reports I read this morning indicate that the supposed hacking requires the hacker to get physical access to your car and tinker with the devices. If that is true, that is quite lame and why is it even called hacking?
     
  11. manis

    manis Member

    Joined:
    Jun 12, 2015
    Messages:
    84
    Location:
    Bay Area, CA
    There was a webkit vulnerability that was remotely exploitable
    http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

    As someone that works in security I was bothered to hear that they don't sign their firmware. As advanced as the cars are a simple RSA verification should be easy to accomplish. Not having this means they have to rely on the security of their systems and VPN to keep the firmware safe. They aren't releasing weekly firmware updates so they don't need online signing and the overhead of signing in an air-gapped environment is minimal. With more self-driving functionality coming to the Model S, they really need to fix this because taking over a vehicle will have even more impact. Extreme requirements and strict compliance (PCI, WebTrust, SOX) are in place for other things and there should be strict requirements for online automotive updates as well.
     
  12. mkjayakumar

    mkjayakumar Active Member

    Joined:
    Aug 18, 2012
    Messages:
    1,725
    Location:
    Plano, TX
    from that article:


     

Share This Page