Hacking v7

[disharmony]

Hi,

I am still on the old software version (swver 2.5.36), but I would like to test and see if version 7 is still vulnerable.

Who in the Netherlands with version 7 is willing to let me check v7 for vulnerability issues?

 

[apacheguy]

Wait, what? Details please.

 

[MITE46]

Wait, what? Details please.

+1.... . . .

 

[dicktump]

Is this an in car exploitable vulnerability, or remote (for example from the WiFi network or internet)?

 

[Johan]

Dude, do the right thing and contact Tesla so they can patch it up. Now with Autopilot going full public roll out it's not just fun and games any more hacking the firmware.

 

[apacheguy]

Dude, do the right thing and contact Tesla so they can patch it up. Now with Autopilot going full public roll out it's not just fun and games any more hacking the firmware.

Keep in mind this could require full physical access to exploit in which case I don't consider it a vulnerability that threatens safety.

 

[disharmony]

Dude, do the right thing and contact Tesla so they can patch it up. Now with Autopilot going full public roll out it's not just fun and games any more hacking the firmware.

Tell that to Tesla. I did report every vuln I found between march 2014 and august 2015 to Tesla.

 

[Johan]

Tell that to Tesla. I did report every vuln I found between march 2014 and august 2015 to Tesla.

Well done. That's all you can do, really.

I'm assuming this hack requires plugging in physically?

 

[redevries]

Tell that to Tesla. I did report every vuln I found between march 2014 and august 2015 to Tesla.

Did you get any credit for it? They should reward you for doing the right thing.

I read elsewhere that people were contacted to stop messing with network connectors, can-busses, etc.. So, they are paying attention to suspicious activities in the car.

Also, what is that app on the screen. Is that a special mode you found?

 

[apacheguy]

That "special app" is the result of diagnostic access normally only accessible by SvC

 

[justroll]

Tell that to Tesla. I did report every vuln I found between march 2014 and august 2015 to Tesla.

BlackHat Europe is happening at Amsterdam RAI from 10 - 13 november ; i'm sure they will reserve a spot for some tesla vulnerabilities

 

[apacheguy]

@OP - Can you please share info on this vulnerability or when it will be revealed?

 

[disharmony]

I just added a blog entry to: Disharmony | Unix stuff

 

[apacheguy]

Sorry to hear about Tesla's lackluster response. Do you have an ETA on release of these vulnerabilities?

 

[justroll]

I just added a blog entry to: Disharmony | Unix stuff

+1!

 

[wk057]

I just added a blog entry to: Disharmony | Unix stuff

Definitely interested in what you've come up with. Others, myself included, have been tinkering with similar things for a while now. Might be fun to share notes. Shoot me an email if you're interested. My nick at skie.net.

 

[AmpedRealtor]

Would love access to the service diagnostic screens to check on my battery CAC and other statuses.

 

[Sogorman]

@disharmony were you fortunate enough to get V7 pushed to your vehicle?

 

[apacheguy]

OP has gone silent...

 

[mmh]

OP has gone silent...

I think it's safe to assume that Tesla's assassins got to him.