TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC
Start a Discussionhttps://teslamotorsclub.com/tmc/tags/

New app to connect to your Tesla

Discussion in 'Australia & New Zealand' started by mrpseudonym, Feb 18, 2017.

  1. mrpseudonym

    mrpseudonym Member

    Joined:
    Aug 14, 2016
    Messages:
    55
    Location:
    Sydney
  2. Mark E

    Mark E Member

    Joined:
    Jun 27, 2012
    Messages:
    704
    Location:
    Sydney NSW
  3. strykeroz

    strykeroz Member

    Joined:
    May 27, 2016
    Messages:
    232
    Location:
    Brisbane, Australia
    Depends on the level of access you're granting. So that answer will be case by case, and I'd certainly consider it.
     
  4. Brian May

    Brian May Member

    Joined:
    Apr 9, 2016
    Messages:
    196
    Location:
    Melbourne
    It is unfortunate that the Tesla API will only give access to all or none to the functionality. It would be much better if you could restrict access an app has so it can only access certain parts of the data (e.g. not real time location) and not access remote controls (e.g. lock/unlock, summon, climate controls, etc). The exact restrictions should be configurable (by the owner) for each app.

    Tesla might be better then other car manufacturers in terms of security, but they are by no means keeping up with latest security standards.

    Also another thing to consider: You might trust the app developer. However if his app is installed and connected to many cars, is a somewhat tempting target. Do you trust the developer's computer which he builds (and digital signs) the software on? Do you know what security practises the developer uses on their computer? Do they use the same computer to open untrusted emails, play untrusted games on, visit porn websites, etc?

    While the above is somewhat outside Tesla's scope on what they can do/control (hopefully Tesla have secure practises for developing their apps), if there were restrictions on what the app could do, the damage would be limited. e.g. it wouldn't be possible for a Trojan-app to send a command "unlock doors" to every car it is linked to, because this command would be restricted.
     
    • Love x 1
  5. xsi123

    xsi123 Member

    Joined:
    Aug 5, 2016
    Messages:
    62
    Location:
    MA
    I don't disagree with anything said above. I just want to mention that, as far as I know, there is no official Tesla software API. What is out there is some unofficial documentation of the REST points that people sniffed through the network. It would be simple for Tesla to hide/encrypt the network traffic and don't allow this info to be public. They chose not to do it and this is why you see all these apps being able to read data and/or control your Tesla.

    It would be nice for Tesla to offer an official API but then they would have to support it and that would create other issues.
     
  6. AndrewNSW

    AndrewNSW Member

    Joined:
    Dec 16, 2015
    Messages:
    80
    Location:
    Tacoma, NSW, Australia
    Brian May - interesting reading your post. One thing which has been niggling in the back of my mind for some time.

    Firstly I've got no issue with Tesla or what they are doing. However Tesla have full access to our cars. I'm not concerned about people knowing where I go or what I do - I'm sure they have more interesting things to think about. But the AP side of it has had me thinking - firstly when the car is using AP and we take control back by moving the steering wheel / disengaging - is this software or hardware based? Plus is there the ability to make the car turn suddenly through remote access I wonder. Through no fault of Tesla's if someone within their organisation or external became vindicative or maybe wanted to cause damage, and was able to take control of a vehicle, that concerns me. And as self driving becomes more prevalent amongst manufacturers and cars are all on line, I can't see how something like this won't happen unless there is some pretty strong security put in place (maybe legislative?). To me this is a big worry being in the I.T security area and seeing how easy it is for those to gain access to systems with plenty of time and who really want to...
     
  7. mike_j

    mike_j Member

    Joined:
    Mar 31, 2014
    Messages:
    131
    Location:
    Melbourne
    I've been using the app. Certainly understand the privacy & security concerns. But if you can get over that, the app is great.
     
  8. Brian May

    Brian May Member

    Joined:
    Apr 9, 2016
    Messages:
    196
    Location:
    Melbourne
    I have not seen any indication it is possible to control steering, acceleration, or brakes remotely - except via summon feature which I expect to be very restricted. You can only do operations that the API allows you to do, and I very much doubt the above would be covered. It might be very disconcerting however if you are driving in a difficult situation and the horn suddenly starts sounding.

    The API might be unofficial, if a car does get stolen, the fact the password was stolen via unofficial Trojan app would be very hard to prove, and even if it could be proven is still likely to taint Tesla's reputation.

    Of course, there might be an easier way to unlock - if not steal a Tesla - ring up Tesla and claim you lost your key fob and phone and ask them to remote unlock it for you. Classic social engineering attack. You most likely will need to confirm the owner's name and birth date. In my case, not exactly secret. There might be other details they ask - I won't speculate here. I imagine it wouldn't be too hard to find details in advance. Or claim that you lost this information or don't have it handy.

    Which also raises the point that it would appear that Tesla call staff have somewhat broad access to any car. Hope they can be trusted.
     

Share This Page