TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC

Powerwall Potential Security Issues

Discussion in 'Tesla Energy' started by Sylvia Else, Jul 29, 2018.

  1. Sylvia Else

    Sylvia Else Member

    Joined:
    May 28, 2018
    Messages:
    85
    Location:
    Sydney
    Telsa support seem to have considerable remote access to the internals of powerwall gateways. Most people will likely have the gateway on their internal lan. If it's a wired lan, then the gateway has the potential to see all the traffic on the lan.

    If Tesla support got hacked, this would provide a path into the lan of lots of Tesla's customers, with the potential for doing considerable harm.

    Ideally the gateway would be isolated on segment of its own, to prevent it from snooping on traffic, and allowed access only to the internet, and such lan web traffic as its owner requires, but this is not something the typical owner will know how to do.

    Sylvia.
     
  2. trace

    trace Member

    Joined:
    Dec 28, 2017
    Messages:
    81
    Location:
    Michigan
    You could argue basically the same thing with software updates. If someone was able to hack the software update server (along with the security hashes) it could be big trouble.

    What do you think would be the ideal solution? Tesla buying a new dedicated line to someones house (not being a dick- maybe Cellular?). I think we should trust that Tesla has put software / hardware in place to prevent such attacks -- and most traffic is SSL anyways.
     
  3. Sylvia Else

    Sylvia Else Member

    Joined:
    May 28, 2018
    Messages:
    85
    Location:
    Sydney
    One could hope that such things are better protected. Indeed, if updates are signed, there needn't be anything potentially vulnerable on the update server. The worst a hacker could do would be to prevent updates from taking place.
     
  4. cwied

    cwied Member

    Joined:
    Jan 13, 2015
    Messages:
    348
    Location:
    San Mateo, CA
    This is the age-old IoT vulnerability problem. I'm less worried about a company like Tesla where they at least have a decent software group than a company like LG. I would guess the chances of somebody getting onto my network through my washing machine are probably higher than through my Powerwall.

    Even so, it would probably take a targeted hack to do any serious damage on my network. The most likely thing to happen would be for the Powerwall to be co-opted for a botnet. For this reason, I haven't bothered to isolate the Powerwall in my network.
     
    • Like x 1
  5. zanary

    zanary Member

    Joined:
    Jan 25, 2017
    Messages:
    254
    Location:
    San Francisco, CA
    Isn't the same thing true for everything you use. From your Wifi Router (like eero), to Tesla' Vehilces, to ADT home security, to Nest to Ring, to Hunter Douglas home automation blinds, to HomePod, etc...

    Why just single out the Tesla Powerwall. The assumption is if you an get to it from your iPhone or android device when not at home, then it's possible that it's vulnerable regardless if the vendor's NOC or not in involved.
     
  6. brkaus

    brkaus Active Member

    Joined:
    Jul 8, 2014
    Messages:
    3,927
    Location:
    Austin, TX
    Exactly, anything on the network is a source of risk. I worry more about the cheap android based stuff (kids tablets, etc) that will never see an update and the streaming device as much as anything.

    Worse is the teenage kid friends that visit and think they need to be in everyone’s WiFi.
     
  7. jsimon7777

    jsimon7777 Member

    Joined:
    Feb 1, 2018
    Messages:
    117
    Location:
    Castro Valley
    It seems Tesla has good security. I don't know of anyone who has fully hacked their Model S, unlocking autopilot or anything like that. When somebody manages that trick, well, we have another story.
     
  8. Endoplasmic

    Endoplasmic Member

    Joined:
    Feb 19, 2016
    Messages:
    23
    Location:
    SJ, CA
    Ah, you don't remember this gem then:

    Also, I agree with the others here. As someone who owns a wackton of IoT stuff I just put trust in the companies.
     
  9. rjdunn

    rjdunn Member

    Joined:
    Jul 7, 2018
    Messages:
    24
    Location:
    Emerald Isle, NC
    I’ve managed university infosec teams, and I accept the risk since I want the service.

    My son is a cyberspook working for some unnamed TLA (Three Letter Agency) and he tells me I’m näive ;-)

     
    • Like x 1
  10. Sylvia Else

    Sylvia Else Member

    Joined:
    May 28, 2018
    Messages:
    85
    Location:
    Sydney
    Another point that occurs to me is that in the case of a wired ethernet connection, there is a UTP cable that's, in many cases, accessible from outside the house, just by undoing a screw. It woudn't be particularly difficult to add another WIFI router inside the gateway housing, where owners would be unlikely to find it, providing WIFI access to the lan. There's even power available there.

    OK, one might question why anyone would bother, but for some high value owner targets, it might be seen as a convenient way of gaining access to inside information.
     
  11. ChrisMPK

    ChrisMPK Member

    Joined:
    May 15, 2018
    Messages:
    17
    Location:
    Monterey Park, CA
    You would have to be on the property first for that. If the target was high value, its' pretty likely that they would have recorded surveillance, monitored alarm and possible on site security.
     
  12. brkaus

    brkaus Active Member

    Joined:
    Jul 8, 2014
    Messages:
    3,927
    Location:
    Austin, TX
    IP based security cameras would have the same risk. Good point. Maybe I should move those over to a VLAN and isolate mine.
     
  13. cwied

    cwied Member

    Joined:
    Jan 13, 2015
    Messages:
    348
    Location:
    San Mateo, CA
    I don't know. For me it's the remote attacks that are scary, not the physical attacks. The number of people with the skills, motivation and access to do a local attack is so much smaller than the number of people on the Internet trolling for easy targets that it seems like the risk is comparatively small. Besides, I think the attack surface when you include that kind of attack is going to be huge. There are probably plenty of other undesirable things that somebody with that kind of physical access could do if they wanted to.
     
  14. boaterva

    boaterva Supporting Member

    Joined:
    Apr 2, 2016
    Messages:
    5,141
    Location:
    Northern Virginia, USA
    All of this is one more reason to have IoT devices on a separate guest network. Whether or not that's good enough depends on the Wifi AP and how it's segmented (name, VLAN, etc.). But there is no way these devices need to be on the same Wifi/SSID/VLAN as the rest of your internal devices (PCs, file server, etc. traffic).

    For some level of protection, that's the first thing to do. How often does the firmware in your wifi thermometer and refrigerator get updated? :D (I don't have a connected reefer but the wifi thermometer is very useful, to remotely turn things up and down, and, no, it's not a bleeping Nest!)

    So, the point was: The PWs should be on this guest network also, as most of their talking would be external.
     
  15. Tozz

    Tozz Active Member

    Joined:
    Jan 10, 2018
    Messages:
    1,045
    Location:
    Tynaarlo
    This is really the case with almost any device you have in your local network.

    - Computers can get remote updates, those updates could contain malware
    - Lots of devices such as WiFI doorbells, camera's, accesspoints, routers all run some kind of Linux, they could contain backdoors.
    - Mobile phones are a security nightmare.
    - Smart TVs, STBs, smart lights with gateways, etc, etc.

    If you don't trust the powerwall, don't hook it up to your network. Use a guest network or something. This goes for all WiFi devices you have in your home.
     
    • Like x 1
  16. jsimon7777

    jsimon7777 Member

    Joined:
    Feb 1, 2018
    Messages:
    117
    Location:
    Castro Valley
    So the technician came, fixed a gateway, and then left. Still, I'm not getting accurate readings. My house is not producing energy yet it says it is. Also a conduit has to be supplemented with an extra one to not overload a conduit as designed and installed. Super strict inspector. Hopefully an electrician will be scheduled in the next couple weeks.
     
  17. WannabeOwner

    WannabeOwner Active Member

    Joined:
    Nov 2, 2015
    Messages:
    2,641
    Location:
    Suffolk, UK
    Exactly. We have two networks in the house PRIVATE and GUEST. Private(actually a work-from-home requirement too) has PoshNamedNotCheap Routers and Firewalls, and they have a cost-licence MAC address limit, so if all visitors hooked up to that we'd hit connectivity limits for known -MACs ...

    All the rest get the GUEST password and good luck tot hem! That WiFi/network gets them straight out of the door bypassing all the security we have on the private network

    The Washing machine can have the Guest password if it likes ...
     
    • Like x 1

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


    SUPPORT TMC