Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.

Security from the frontlines... (OR How to Hack A Model S talk at DEFCON)

This site may earn commission on affiliate links.


Active Member
Apr 29, 2011
There is slated to be an interesting talk at DEFCON this year. Supposedly there are going to be 6 exploits revealed at DEFCON. (with only one of them having been patched)

I will be going there for the talk and other fun with friends. If y'all show up, look for me and some of the crew... I should be reachable by you HAM radio operators on 146.520 (simplex).

The brief for the talk is the image.

Screen Shot 2015-07-09 at 1.31.15 AM.png

DEFCON is notable for posting the talk on youtube after the conference, so keep a watch on the DEFCON youtube channel.
"We will also be releasing a tool that will allow Model S owners to view and analyze the telemetry in real time."

This sounds interesting - I wonder how much more information it'll give that the car screens generally don't...
I worry about Tesla not patching all 6 vulnerabilities before the talk. This could be a marketing disaster for Tesla.

Not to mention the huge hassle a hacked Model S would incur on the owner.

Luckily the car does not allow remote activation of any driving functions, but it could be annoying as hell.
Last edited:
I worry about Tesla not patching all 6 vulnerabilities before the talk. This could be a marketing disaster for Tesla.

Not to mention the huge hassle a hacked Model S would incur on the owner.

Luckily the car does not allow remote activation of any driving functions, but it could be annoying as hell.

They still have a month or so, if the vulnerabilities have been disclosed to them already they could easily get a patch out before then.

I don't think it would really ever be an issue for an owner. Most of these vulnerabilities are quite complicated and in general anyone with the skill to do them couldn't be bothered to actually use them. Not always though. It also depends on what the vulnerabilities are. If its just allowing someone to remotely get some of your car data, that's not a big deal. If its honking the horn and unlocking the car, that's a bigger deal, although not really something to be concerned about. If it allows the car to be put into drive, that could be a major issue.

Marketing is where the real issue will be. The local news will undoubtedly pick the story up and run with it regardless of the extent or practicality of the vulnerabilities.
I'll be in Vegas that week but will be presenting at our company's Sales Kick-Off so won't make any talks.

I'm mostly interested in whether there are any remote vectors besides attacking someone's MyTesla password - if so then . All of the other "car hacks" that I have seen require physical access to the inside of the car. If I have to get access to the Ethernet port under the dash it's not a "hack" any more. It's like saying I can "hack" your TV and make it change channels. I just have to do into your house and access the TV. :rolleyes: If I can get physical access to sa piece of technology I can break into it, period. Please update the thread after the talk.
I look forward to hearing what gets reported but I would not get overly concerned yet.

From prior DEFCONs, it appears that the Bluetooth stack in cars has a number of vulnerabilities, which is an issue that is not unique to Model S. Moreover, that might enable getting something running on the console display, which could be a pain but is still a far cry from compromising the code running on the other processors that handle the actual operation of the car. Legitimate issue but not too impressive unless they do more than crash the bluetooth controller.

The distributed computing (multiple processors) makes it surprisingly difficult to take over control of the car. Even the most sophisticated attacks to date (on Prius and Ford Explorer) needed access to the internal bus and mostly confused the other processors by sending an overload of messages.

The App seems like another likely attack vector and worst case, one can disable the App access to the car until Tesla can push out a fix. This would be a pain in the short term, but is a reasonable mitigation.

Finally, any hack that just accesses telemetry data (and that seems to be a big part of the talk) is a privacy issue rather than a direct threat. However, since the telemetry data includes vehicle location, this does have some risks if someone takes a particular interest in you or your car.

- - - Updated - - -

See the attached link for more information about Tesla at DEFCON.

Since it's Vegas in the summertime, I fully intend to remotely pre-cool the car before I walk back to it. I would hate to have to disable remote functionality due to paranoia. On the other hand, it would suck to see the car not there when I walk out to the parking lot.

Maybe I'll bring a car-size Faraday cage with me.
Really looking forward to what they have to say. I've been a Global Moderator for the Syndk8 for more than 9 years, but just about to become a rank n00b to Tesla. I'm only too aware of what can be done with the right exploits.

This thread definitely raised my eyebrows.
Maybe they found a way to hack a standard MS into a P model?

One can only dream...

The RWD Model S has two drive unit types: Standard (for the 40, 60, and 85) and Performance (for the P85, P85+, and P85D rear). Not sure a software hack will do the drive unit swap. ;) (yes, it's more than software that is different)
And on the D cars, (70/85) they basically have 2 of the same motors, albeit with a different drive ratio, one in front, one in rear. Smaller than the standard RWD only motor though.

I'll likely be attending DEFCON as well.
Model S at DEF CON hacker convention August 6-9

The program for this year's DEF CON includes a presentation "How to Hack a Tesla Model S":

DEF CON 23 Hacking Conference - Speakers

In an attempt to heighten the level of an anticipated discussion of that event here, I will try to clarify a couple of things that may not be clear to the typical Model S owner:

1) With one likely exception, Tesla Model S as a topic at DEF CON is a _good_ thing for Tesla Motors and for Tesla Model S owners. a) It gives Tesla Motors renewed media attention and public awareness for free. b) It promises to give the public
an understanding of what information the data the Model S collects and what Tesla does with this data, which is important in terms of a (prospective) owner's right to privacy. c) It promises to disclose to the public a handful of so called zero-day software vulnerabilities in the Model S, which is good since this will in turn allow Tesla to improve its software. Starting with 19th century lock smiths it has been a subject of debate if and how security vulnerabilities should be disclosed. A commonly held view is that if they are _not_ disclosed to the public, the vulnerabilities are less likely to be fixed, criminals will still know about them and exploit them to the detriment of the owners and prospective owners will not be able to appreciate the security of competing products in the market. A zero-day vulnerability is a vulnerability that is being disclosed to the public with zero days of advance notice to the producer, in this case Tesla. In the case of Model S and DEF CON, it means that in three weeks not only Tesla Model S owners, but also criminals and others can expect to to able to compromise the software in a Tesla Model S. Tesla Motors will thus be in a race to push out an update to their cars and depending on the severity of the type of compromise and the complexity in fixing the issues, we can expect Tesla to react rather quickly to this disclosure. A segment of IT security researchers hold the view that it is more responsible to give prior notification to a software vendor (such as Tesla Motors de facto is) before disclosing a software vulnerability, i.e. to avoid disclosing zero-day vulnerabilities in favor of so called responsible disclosure. As such it is hardly good news for Tesla Motors and the typical Model S owner, if zero-day vulnerabilities are in fact going to be disclosed. An advantage for courageous Model S owners is that the zero-day disclosure gives them the prospect of "jail-braking" their Model S, i.e. giving them the freedom to modify the software in the car, but at the risk of causing it to malfunction - quite possibly with a voided warranty to boot.

2) The typical Model S owner may not appreciate the significance of the fact that the Model S uses Linux and apparently also Ubuntu on top. Apart from cars, Linux is the most widely used operating system in the world, found in everything from smart phones, routers, PCs to servers and supercomputers, there is even a rifle scope that uses Linux. Linux (and Ubuntu) is protected by copyright laws in all countries (that have signed the Bern Convention, including the USA and France where one inquisitive Model S owner appears to reside). The copyright holders of Linux are its contributors, which include major IT-players such as Google. All copyright holders of Linux/Ubuntu have agreed to give the users of Linux (e.g. a Model S owner) wide ranging freedoms in using the software, on certain conditions that are also imposed on anyone who redistributes Linux/Ubuntu (e.g. Tesla Motors when they sell a Model S with Linux/Ubuntu inside). The conditions are called the "GNU Public License" (GPL) and are enforceable under copyright law. The conditions stipulate among other things that when Tesla Motors redistributes Linux (i.e. sells a car), they have to give "prominent notice" to the recipient (i.e. the buyer). So all Model S owners should have a note from Tesla that their car uses Linux/Ubuntu, mentioning the GPL. Another condition is that if Tesla has made modifications to the Linux/Ubuntu in the cars they sell, they are required to make this software available to the buyer. (Tesla like others are allowed to distribute their own separate pieces of software together with Linux/Ubuntu in certain ways, without having to use the GPL for these separate pieces of software. For example the Tesla specific software that draws the images on the Model S touchscreen does not necessarily have to be distributed under the GPL). A third condition is that Tesla is not allowed to take away the freedoms that the copyright holders have granted the Linux recipient (i.e. Model S owner). This implies among other things that Tesla is not allowed to forbid reverse engineering of the Linux versions they have sold. What exactly would happen if Tesla refuses to honor its warranty after a Model S owner causes his car to malfunction after having modified the Linux inside may be something for the courts to decide.

I realize that the perspective of this posting is probably somewhat unusual for this forum, but hope it is still considered interesting - and I look forward to learn more about the Model S from the DEF CON presentation.

All the best.