Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.

Security from the frontlines... (OR How to Hack A Model S talk at DEFCON)


Active Member
Apr 29, 2011
There is slated to be an interesting talk at DEFCON this year. Supposedly there are going to be 6 exploits revealed at DEFCON. (with only one of them having been patched)

I will be going there for the talk and other fun with friends. If y'all show up, look for me and some of the crew... I should be reachable by you HAM radio operators on 146.520 (simplex).

The brief for the talk is the image.

Screen Shot 2015-07-09 at 1.31.15 AM.png

DEFCON is notable for posting the talk on youtube after the conference, so keep a watch on the DEFCON youtube channel.
I worry about Tesla not patching all 6 vulnerabilities before the talk. This could be a marketing disaster for Tesla.

Not to mention the huge hassle a hacked Model S would incur on the owner.

Luckily the car does not allow remote activation of any driving functions, but it could be annoying as hell.
Last edited:


Active Member
Apr 10, 2014
I worry about Tesla not patching all 6 vulnerabilities before the talk. This could be a marketing disaster for Tesla.

Not to mention the huge hassle a hacked Model S would incur on the owner.

Luckily the car does not allow remote activation of any driving functions, but it could be annoying as hell.

They still have a month or so, if the vulnerabilities have been disclosed to them already they could easily get a patch out before then.

I don't think it would really ever be an issue for an owner. Most of these vulnerabilities are quite complicated and in general anyone with the skill to do them couldn't be bothered to actually use them. Not always though. It also depends on what the vulnerabilities are. If its just allowing someone to remotely get some of your car data, that's not a big deal. If its honking the horn and unlocking the car, that's a bigger deal, although not really something to be concerned about. If it allows the car to be put into drive, that could be a major issue.

Marketing is where the real issue will be. The local news will undoubtedly pick the story up and run with it regardless of the extent or practicality of the vulnerabilities.


Active Member
Oct 20, 2010
NE Oklahoma
I'll be in Vegas that week but will be presenting at our company's Sales Kick-Off so won't make any talks.

I'm mostly interested in whether there are any remote vectors besides attacking someone's MyTesla password - if so then . All of the other "car hacks" that I have seen require physical access to the inside of the car. If I have to get access to the Ethernet port under the dash it's not a "hack" any more. It's like saying I can "hack" your TV and make it change channels. I just have to do into your house and access the TV. :rolleyes: If I can get physical access to sa piece of technology I can break into it, period. Please update the thread after the talk.


Nov 16, 2014
I look forward to hearing what gets reported but I would not get overly concerned yet.

From prior DEFCONs, it appears that the Bluetooth stack in cars has a number of vulnerabilities, which is an issue that is not unique to Model S. Moreover, that might enable getting something running on the console display, which could be a pain but is still a far cry from compromising the code running on the other processors that handle the actual operation of the car. Legitimate issue but not too impressive unless they do more than crash the bluetooth controller.

The distributed computing (multiple processors) makes it surprisingly difficult to take over control of the car. Even the most sophisticated attacks to date (on Prius and Ford Explorer) needed access to the internal bus and mostly confused the other processors by sending an overload of messages.

The App seems like another likely attack vector and worst case, one can disable the App access to the car until Tesla can push out a fix. This would be a pain in the short term, but is a reasonable mitigation.

Finally, any hack that just accesses telemetry data (and that seems to be a big part of the talk) is a privacy issue rather than a direct threat. However, since the telemetry data includes vehicle location, this does have some risks if someone takes a particular interest in you or your car.

- - - Updated - - -

See the attached link for more information about Tesla at DEFCON.

Since it's Vegas in the summertime, I fully intend to remotely pre-cool the car before I walk back to it. I would hate to have to disable remote functionality due to paranoia. On the other hand, it would suck to see the car not there when I walk out to the parking lot.

Maybe I'll bring a car-size Faraday cage with me.


Active Member
Oct 10, 2014
Model S at DEF CON hacker convention August 6-9

The program for this year's DEF CON includes a presentation "How to Hack a Tesla Model S":

DEF CON 23 Hacking Conference - Speakers

In an attempt to heighten the level of an anticipated discussion of that event here, I will try to clarify a couple of things that may not be clear to the typical Model S owner:

1) With one likely exception, Tesla Model S as a topic at DEF CON is a _good_ thing for Tesla Motors and for Tesla Model S owners. a) It gives Tesla Motors renewed media attention and public awareness for free. b) It promises to give the public
an understanding of what information the data the Model S collects and what Tesla does with this data, which is important in terms of a (prospective) owner's right to privacy. c) It promises to disclose to the public a handful of so called zero-day software vulnerabilities in the Model S, which is good since this will in turn allow Tesla to improve its software. Starting with 19th century lock smiths it has been a subject of debate if and how security vulnerabilities should be disclosed. A commonly held view is that if they are _not_ disclosed to the public, the vulnerabilities are less likely to be fixed, criminals will still know about them and exploit them to the detriment of the owners and prospective owners will not be able to appreciate the security of competing products in the market. A zero-day vulnerability is a vulnerability that is being disclosed to the public with zero days of advance notice to the producer, in this case Tesla. In the case of Model S and DEF CON, it means that in three weeks not only Tesla Model S owners, but also criminals and others can expect to to able to compromise the software in a Tesla Model S. Tesla Motors will thus be in a race to push out an update to their cars and depending on the severity of the type of compromise and the complexity in fixing the issues, we can expect Tesla to react rather quickly to this disclosure. A segment of IT security researchers hold the view that it is more responsible to give prior notification to a software vendor (such as Tesla Motors de facto is) before disclosing a software vulnerability, i.e. to avoid disclosing zero-day vulnerabilities in favor of so called responsible disclosure. As such it is hardly good news for Tesla Motors and the typical Model S owner, if zero-day vulnerabilities are in fact going to be disclosed. An advantage for courageous Model S owners is that the zero-day disclosure gives them the prospect of "jail-braking" their Model S, i.e. giving them the freedom to modify the software in the car, but at the risk of causing it to malfunction - quite possibly with a voided warranty to boot.

2) The typical Model S owner may not appreciate the significance of the fact that the Model S uses Linux and apparently also Ubuntu on top. Apart from cars, Linux is the most widely used operating system in the world, found in everything from smart phones, routers, PCs to servers and supercomputers, there is even a rifle scope that uses Linux. Linux (and Ubuntu) is protected by copyright laws in all countries (that have signed the Bern Convention, including the USA and France where one inquisitive Model S owner appears to reside). The copyright holders of Linux are its contributors, which include major IT-players such as Google. All copyright holders of Linux/Ubuntu have agreed to give the users of Linux (e.g. a Model S owner) wide ranging freedoms in using the software, on certain conditions that are also imposed on anyone who redistributes Linux/Ubuntu (e.g. Tesla Motors when they sell a Model S with Linux/Ubuntu inside). The conditions are called the "GNU Public License" (GPL) and are enforceable under copyright law. The conditions stipulate among other things that when Tesla Motors redistributes Linux (i.e. sells a car), they have to give "prominent notice" to the recipient (i.e. the buyer). So all Model S owners should have a note from Tesla that their car uses Linux/Ubuntu, mentioning the GPL. Another condition is that if Tesla has made modifications to the Linux/Ubuntu in the cars they sell, they are required to make this software available to the buyer. (Tesla like others are allowed to distribute their own separate pieces of software together with Linux/Ubuntu in certain ways, without having to use the GPL for these separate pieces of software. For example the Tesla specific software that draws the images on the Model S touchscreen does not necessarily have to be distributed under the GPL). A third condition is that Tesla is not allowed to take away the freedoms that the copyright holders have granted the Linux recipient (i.e. Model S owner). This implies among other things that Tesla is not allowed to forbid reverse engineering of the Linux versions they have sold. What exactly would happen if Tesla refuses to honor its warranty after a Model S owner causes his car to malfunction after having modified the Linux inside may be something for the courts to decide.

I realize that the perspective of this posting is probably somewhat unusual for this forum, but hope it is still considered interesting - and I look forward to learn more about the Model S from the DEF CON presentation.

All the best.

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.