TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Security from the frontlines... (OR How to Hack A Model S talk at DEFCON)

Discussion in 'Model S' started by W.Petefish, Jul 8, 2015.

Tags:
  1. W.Petefish

    W.Petefish Active Member

    Joined:
    Apr 29, 2011
    Messages:
    1,059
    Location:
    North Texas (DFW)
    There is slated to be an interesting talk at DEFCON this year. Supposedly there are going to be 6 exploits revealed at DEFCON. (with only one of them having been patched)

    I will be going there for the talk and other fun with friends. If y'all show up, look for me and some of the crew... I should be reachable by you HAM radio operators on 146.520 (simplex).

    The brief for the talk is the image.

    Screen Shot 2015-07-09 at 1.31.15 AM.png

    DEFCON is notable for posting the talk on youtube after the conference, so keep a watch on the DEFCON youtube channel.
     
  2. docrice

    docrice Member

    Joined:
    Jun 21, 2014
    Messages:
    112
    Location:
    Bay Area, CA
    Very cool. Definitely attending this talk (hopefully the lines to get into the room won't be too ridiculous).

    I worry that my car will become an instant target after the talk is over.
     
  3. Saghost

    Saghost Active Member

    Joined:
    Oct 9, 2013
    Messages:
    3,017
    Location:
    Delaware
    "We will also be releasing a tool that will allow Model S owners to view and analyze the telemetry in real time."

    This sounds interesting - I wonder how much more information it'll give that the car screens generally don't...
    Walter
     
  4. mwulff

    mwulff Member

    Joined:
    Jan 15, 2015
    Messages:
    348
    Location:
    Danmark
    #4 mwulff, Jul 9, 2015
    Last edited: Jul 9, 2015
    I worry about Tesla not patching all 6 vulnerabilities before the talk. This could be a marketing disaster for Tesla.

    Not to mention the huge hassle a hacked Model S would incur on the owner.

    Luckily the car does not allow remote activation of any driving functions, but it could be annoying as hell.
     
  5. frosken

    frosken Member

    Joined:
    Oct 4, 2013
    Messages:
    71
    Location:
    Norway
    I'm definitely attending this. I hope it's more of a curious angle on the technology of the TMS and not an attacking talk.
     
  6. jaguar36

    jaguar36 Member

    Joined:
    Apr 10, 2014
    Messages:
    859
    Location:
    NJ
    They still have a month or so, if the vulnerabilities have been disclosed to them already they could easily get a patch out before then.

    I don't think it would really ever be an issue for an owner. Most of these vulnerabilities are quite complicated and in general anyone with the skill to do them couldn't be bothered to actually use them. Not always though. It also depends on what the vulnerabilities are. If its just allowing someone to remotely get some of your car data, that's not a big deal. If its honking the horn and unlocking the car, that's a bigger deal, although not really something to be concerned about. If it allows the car to be put into drive, that could be a major issue.

    Marketing is where the real issue will be. The local news will undoubtedly pick the story up and run with it regardless of the extent or practicality of the vulnerabilities.
     
  7. strider

    strider Active Member

    Joined:
    Oct 20, 2010
    Messages:
    2,920
    Location:
    NE Oklahoma
    I'll be in Vegas that week but will be presenting at our company's Sales Kick-Off so won't make any talks.

    I'm mostly interested in whether there are any remote vectors besides attacking someone's MyTesla password - if so then . All of the other "car hacks" that I have seen require physical access to the inside of the car. If I have to get access to the Ethernet port under the dash it's not a "hack" any more. It's like saying I can "hack" your TV and make it change channels. I just have to do into your house and access the TV. :rolleyes: If I can get physical access to sa piece of technology I can break into it, period. Please update the thread after the talk.
     
  8. evme

    evme Member

    Joined:
    Jul 5, 2013
    Messages:
    616
    Location:
    NY
    The question comes down to the seriousness of these hacks, like say breaking into the mobile app isn't really that serious per say.
     
  9. SeminoleFSU

    SeminoleFSU Member

    Joined:
    Apr 5, 2013
    Messages:
    718
    Location:
    Atlanta, GA
    It is though. They can open your car and steal your things.. or start it, have a joy ride, etc...
     
  10. strider

    strider Active Member

    Joined:
    Oct 20, 2010
    Messages:
    2,920
    Location:
    NE Oklahoma
    And even drive the car now that they have the App-start feature. However, if the hack is simply, "brute force the user's MyTesla password" then that isn't a "hack." Hopefully we'll find out in a few weeks.
     
  11. Duma

    Duma Member

    Joined:
    Nov 16, 2014
    Messages:
    150
    Location:
    Pittsburgh, PA
    I look forward to hearing what gets reported but I would not get overly concerned yet.

    From prior DEFCONs, it appears that the Bluetooth stack in cars has a number of vulnerabilities, which is an issue that is not unique to Model S. Moreover, that might enable getting something running on the console display, which could be a pain but is still a far cry from compromising the code running on the other processors that handle the actual operation of the car. Legitimate issue but not too impressive unless they do more than crash the bluetooth controller.

    The distributed computing (multiple processors) makes it surprisingly difficult to take over control of the car. Even the most sophisticated attacks to date (on Prius and Ford Explorer) needed access to the internal bus and mostly confused the other processors by sending an overload of messages.

    The App seems like another likely attack vector and worst case, one can disable the App access to the car until Tesla can push out a fix. This would be a pain in the short term, but is a reasonable mitigation.

    Finally, any hack that just accesses telemetry data (and that seems to be a big part of the talk) is a privacy issue rather than a direct threat. However, since the telemetry data includes vehicle location, this does have some risks if someone takes a particular interest in you or your car.

    - - - Updated - - -

    See the attached link for more information about Tesla at DEFCON.

    http://www.forbes.com/sites/thomasbrewster/2015/04/28/tesla-opening-car-to-hackers/
     
  12. docrice

    docrice Member

    Joined:
    Jun 21, 2014
    Messages:
    112
    Location:
    Bay Area, CA
    Since it's Vegas in the summertime, I fully intend to remotely pre-cool the car before I walk back to it. I would hate to have to disable remote functionality due to paranoia. On the other hand, it would suck to see the car not there when I walk out to the parking lot.

    Maybe I'll bring a car-size Faraday cage with me.
     
  13. spentan

    spentan Active Member

    Joined:
    Dec 26, 2012
    Messages:
    1,255
    Location:
    SoCal
    I'm most probably gonna go. Will valet at Rio as usual, Valet Mode is usually a safe bet. (Valet Lots are generally secure too)
     
  14. steph280

    steph280 Member

    Joined:
    Feb 10, 2015
    Messages:
    216
    Location:
    Orange, CA
    Maybe they found a way to hack a standard MS into a P model?

    One can only dream...
     
  15. perkiset

    perkiset ... this one goes to 11

    Joined:
    Jan 7, 2014
    Messages:
    240
    Location:
    Phoenix, AZ
    Really looking forward to what they have to say. I've been a Global Moderator for the Syndk8 for more than 9 years, but just about to become a rank n00b to Tesla. I'm only too aware of what can be done with the right exploits.

    This thread definitely raised my eyebrows.
     
  16. invisik

    invisik Member

    Joined:
    Mar 13, 2014
    Messages:
    620
    Location:
    Minneapolis
    I guess turn off your communication in the car for a few days after the talk, if you're that worried.

    -m
     
  17. wk057

    wk057 Senior Tinkerer

    Joined:
    Feb 23, 2014
    Messages:
    4,722
    Location:
    Hickory, NC, USA
    The RWD Model S has two drive unit types: Standard (for the 40, 60, and 85) and Performance (for the P85, P85+, and P85D rear). Not sure a software hack will do the drive unit swap. ;) (yes, it's more than software that is different)
     
  18. Ingineer

    Ingineer Electrical Engineer

    Joined:
    Aug 8, 2012
    Messages:
    1,401
    And on the D cars, (70/85) they basically have 2 of the same motors, albeit with a different drive ratio, one in front, one in rear. Smaller than the standard RWD only motor though.

    I'll likely be attending DEFCON as well.
     
  19. lklundin

    lklundin Member

    Joined:
    Oct 10, 2014
    Messages:
    377
    Location:
    Munich
    Model S at DEF CON hacker convention August 6-9

    The program for this year's DEF CON includes a presentation "How to Hack a Tesla Model S":

    DEF CON 23 Hacking Conference - Speakers

    In an attempt to heighten the level of an anticipated discussion of that event here, I will try to clarify a couple of things that may not be clear to the typical Model S owner:

    1) With one likely exception, Tesla Model S as a topic at DEF CON is a _good_ thing for Tesla Motors and for Tesla Model S owners. a) It gives Tesla Motors renewed media attention and public awareness for free. b) It promises to give the public
    an understanding of what information the data the Model S collects and what Tesla does with this data, which is important in terms of a (prospective) owner's right to privacy. c) It promises to disclose to the public a handful of so called zero-day software vulnerabilities in the Model S, which is good since this will in turn allow Tesla to improve its software. Starting with 19th century lock smiths it has been a subject of debate if and how security vulnerabilities should be disclosed. A commonly held view is that if they are _not_ disclosed to the public, the vulnerabilities are less likely to be fixed, criminals will still know about them and exploit them to the detriment of the owners and prospective owners will not be able to appreciate the security of competing products in the market. A zero-day vulnerability is a vulnerability that is being disclosed to the public with zero days of advance notice to the producer, in this case Tesla. In the case of Model S and DEF CON, it means that in three weeks not only Tesla Model S owners, but also criminals and others can expect to to able to compromise the software in a Tesla Model S. Tesla Motors will thus be in a race to push out an update to their cars and depending on the severity of the type of compromise and the complexity in fixing the issues, we can expect Tesla to react rather quickly to this disclosure. A segment of IT security researchers hold the view that it is more responsible to give prior notification to a software vendor (such as Tesla Motors de facto is) before disclosing a software vulnerability, i.e. to avoid disclosing zero-day vulnerabilities in favor of so called responsible disclosure. As such it is hardly good news for Tesla Motors and the typical Model S owner, if zero-day vulnerabilities are in fact going to be disclosed. An advantage for courageous Model S owners is that the zero-day disclosure gives them the prospect of "jail-braking" their Model S, i.e. giving them the freedom to modify the software in the car, but at the risk of causing it to malfunction - quite possibly with a voided warranty to boot.

    2) The typical Model S owner may not appreciate the significance of the fact that the Model S uses Linux and apparently also Ubuntu on top. Apart from cars, Linux is the most widely used operating system in the world, found in everything from smart phones, routers, PCs to servers and supercomputers, there is even a rifle scope that uses Linux. Linux (and Ubuntu) is protected by copyright laws in all countries (that have signed the Bern Convention, including the USA and France where one inquisitive Model S owner appears to reside). The copyright holders of Linux are its contributors, which include major IT-players such as Google. All copyright holders of Linux/Ubuntu have agreed to give the users of Linux (e.g. a Model S owner) wide ranging freedoms in using the software, on certain conditions that are also imposed on anyone who redistributes Linux/Ubuntu (e.g. Tesla Motors when they sell a Model S with Linux/Ubuntu inside). The conditions are called the "GNU Public License" (GPL) and are enforceable under copyright law. The conditions stipulate among other things that when Tesla Motors redistributes Linux (i.e. sells a car), they have to give "prominent notice" to the recipient (i.e. the buyer). So all Model S owners should have a note from Tesla that their car uses Linux/Ubuntu, mentioning the GPL. Another condition is that if Tesla has made modifications to the Linux/Ubuntu in the cars they sell, they are required to make this software available to the buyer. (Tesla like others are allowed to distribute their own separate pieces of software together with Linux/Ubuntu in certain ways, without having to use the GPL for these separate pieces of software. For example the Tesla specific software that draws the images on the Model S touchscreen does not necessarily have to be distributed under the GPL). A third condition is that Tesla is not allowed to take away the freedoms that the copyright holders have granted the Linux recipient (i.e. Model S owner). This implies among other things that Tesla is not allowed to forbid reverse engineering of the Linux versions they have sold. What exactly would happen if Tesla refuses to honor its warranty after a Model S owner causes his car to malfunction after having modified the Linux inside may be something for the courts to decide.

    I realize that the perspective of this posting is probably somewhat unusual for this forum, but hope it is still considered interesting - and I look forward to learn more about the Model S from the DEF CON presentation.

    All the best.
     
  20. bollar

    bollar Disgruntled Member

    Joined:
    May 1, 2013
    Messages:
    2,242
    Location:
    Southlake, TX

Share This Page