Thanks Ryan - I was guessing that is what happened but I just wanted to make sure.
One follow-up question that I just thought of - are the tokens encrypted? If not then if someone got a copy your database then couldn't they issue commands to our cars?
Sorry - I didn't see this edit until just now. There are multiple layers of protection here that I'll outline below. I appreciate your concern. I'm not sure that everybody realizes what it means to give your Tesla password to a third party (such as myself). Anyone with your password can get your GPS coordinates, unlock your car, start it, and drive away. This is part of the reason we all wish that Tesla would implement an Oauth2 system with scoping so that users could get the benefits of a third party development solution without the risks associated with giving away the farm. At this point, you have to really trust whoever you give your password to.
So first: Why should you trust me?
Well, I'm a professional software engineer with over 25 years of experience. I've worked on projects for law enforcement, homeland security, and for the private financial industry. I currently work on a project that has access to hundreds of millions of financial documents. Here's my resume:
www.ryansteckler.com. This isn't to say that EVmote is invulnerable, because nothing is perfect. This is not my first rodeo, however. While I'm a bit cavalier about things like unit tests and uptime on my side projects, I don't compromise on security.
So, here is how your Oauth token is protected by a multi-layer pattern:
Encryption at rest: The entire disk that contains the database is encrypted. This ensures that if someone were to sneak into Amazon and steal the physical disk, they couldn't do anything with it.
Application-level field encryption: The Oauth token is encrypted by the application before it's stored in the database. This uses aes-256-cbc encryption, plus a random salt.
Network-level encryption: The applications only communicate with the database over SSL.
Strong authentication on the database: Only authorized users can access the database, and those credentials and keys are stored securely.
Network security: The database servers are not on the Internet. They're only accessible from the application servers. The application servers are only accessible to the internet via HTTP and HTTPS. When I need to work on any of those boxes, I use a bastion (jumpbox), then selectively allow access between the bastion and the target server for only the duration of the maintenance.
Credential security: Keys are never checked into source control or committed to disk.
Log Security: Sensitive information is never logged to disk or to analytics platforms (like ElasticSearch)
Algorithmic security: I don't write my own encryption algorithms or get "creative" with security. These are things best left to the experts and mathematicians. I'm happy just following industry best practices.
There are other things as well, but those are some of the big ones. At the end of the day, anything is hackable. I'm just here to make sure it's really, really,
really hard to hack EVmote
Thanks,
Ryan
- - - Updated - - -
Ryan,
I am a happy user of eVmote's IFTTT integration. More specifically, I leverage Amazon Echo --> IFTTT --> EVMote ---> Tesla and tell Amazon Echo to turn on Climate Control when I am about to leave the house in the morning. The caveat is that this does not work when the car is asleep. In other words, EVMote's URL automation commands only work when the car is awake. Would it be possible for you to test if the car is asleep and wake it up if needed before issuing the requested command?
Thanks much, Antonio
Good call. I've
added this to the list.