my only remote concern with Tesla vehicles - and I guess all vehicles connected to a network - is the potential for hackers to infiltrate the car and somehow take control of the vehicle. Like, could a car be taken over by a hacker remotely while it's doing 60-70 mph down the highway, cruising through the city, or started up from a parking spot and used to hit or run over someone?
I'm not a developer, but would love some tech insight into how easy/difficult it would be to do this, and how hacks like those done by Tencent were accomplished.
It seems like there are two approaches to this one might take.
The first approach would be to control the car directly. To accomplish that, you'd have to inject new control code into the modules that control the drive motors and steering motor (and possibly the brake motor.)
Those all live on the CANBus, which the car keeps isolated from the cellular side by a gateway, so you'd have to control the gateway first.
The gateway and all the modules will only install codesigned, check sum patches, so you'll need to either find a way to bypass that or develop a way to spoof Tesla's signature/checksum (or hack into the server that generates them.)
The other approach is to spoof the operating environment, so the car software believes it is operating normally and driving under AP/FSDC but goes somewhere it shouldn't/does something it shouldn't.
To do this, you'd need to override/disable and replace the outputs from the radar and/or AP computer into the CANBus. I'm not sure where the car handles GPS processing - not really a factor today, but presumably it'll be following maps as part of the process in the future, so you'd need to either fake the map processing results or replace the map or spoof the processor with fake GPS inputs.
Basically, it's not impossible but for any version of it you'd need to penetrate several sets of computers, both on the car and likely at Tesla headquarters, and there are a bunch of security measures in place in an effort to stop such things.
Also note the herd safety aspect. Even if a hacker beats all of this and creates an "accident", the records in the car will clearly show what happened, and unless Tesla is asleep at the wheel, they'll take immediate steps to protect the rest of the fleet.
We've already seen that they can roll new firmware to every car within two days (when the Wi-Fi exploit appeared I think it was, we *all* got new firmware within 48 hours.)