-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Security from the frontlines... (OR How to Hack A Model S talk at DEFCON)
- Thread starter W.Petefish
- Start date
The best way to find some information on any particular website is to use the keyword "site:…" in google. (example : site:www.teslamotorsclub.com defcon.)
Regarding the security vulnerabilities, I am also dubious… But I hope if the security vulnerabilities they found are serious that they will warn Tesla beforehand.
Regarding the security vulnerabilities, I am also dubious… But I hope if the security vulnerabilities they found are serious that they will warn Tesla beforehand.
Tesla not the only automaker at DEFCON
In addition to Tesla, Chrysler and its "Uconnect system" will get some attention at DEFON:
DEF CON 23 Hacking Conference - Speakers
This story in Wired
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
sounds so reckless that I actually hope it does not accurately reflect how the Uconnect vulnerability was demonstrated...
But if the DEFCON program is accurate, then it has a talk that will put a non-Tesla automaker in a very bad light...
It will be interesting to see how the different automakers react to having issues with their software exposed
- if I were Tesla, I would change
Bugcrowd | Your Elastic Security Team, better security testing through bug bounties and managed security programs
to offer some real money as a reward for responsible disclosure of real problems, since _up to_ 1k$ is nothing compared to the cost a vehicle software problem can incur.
Further, the offering of a juicy bounty is not only one more way of getting media attention, it also implies that Tesla considers its software trustworthy, which is a good signal to send.
In that light an e.g. 50k$ bounty would make sense. To me.
In addition to Tesla, Chrysler and its "Uconnect system" will get some attention at DEFON:
DEF CON 23 Hacking Conference - Speakers
This story in Wired
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
sounds so reckless that I actually hope it does not accurately reflect how the Uconnect vulnerability was demonstrated...
But if the DEFCON program is accurate, then it has a talk that will put a non-Tesla automaker in a very bad light...
It will be interesting to see how the different automakers react to having issues with their software exposed
- if I were Tesla, I would change
Bugcrowd | Your Elastic Security Team, better security testing through bug bounties and managed security programs
to offer some real money as a reward for responsible disclosure of real problems, since _up to_ 1k$ is nothing compared to the cost a vehicle software problem can incur.
Further, the offering of a juicy bounty is not only one more way of getting media attention, it also implies that Tesla considers its software trustworthy, which is a good signal to send.
In that light an e.g. 50k$ bounty would make sense. To me.
brucet999
Active Member
I'm imagining a talented and recently divorced computer geek whose wife was awarded the Model S in the property settlement.
The only hacks which I consider vulnerabilities are hacks committed (a) remotely, and (b) with app remote access disabled in the menu. Any such hacks are actually dangerous. Anything else... meh. "Local" hacks, of course, are things we want to be able to do to soup up our cars (once they're out of warranty).
thecloud
As rhythm raced inside, the ship came alive
Remote access is actually quite a useful feature; think for a moment about having the ability to turn on the A/C before returning to your car on a sweltering summer day, knowing whether your car has finished charging, and so on. You should be able to leave remote access enabled in your car and still be secure, assuming you chose a suitably strong password. Why would such an attack not be considered a vulnerability?
HankLloydRight
No Roads
Also realize that all Remote Access calls go through Tesla servers and do not connect directly to the car, likely limiting the ability to really hack the car through remote access.
Also realize that all Teslas are on the AT&T cellular network.
Even though all remote access calls should go through Tesla servers, this doesn't mean that the car isn't exposed to the open internet.
A bad actor with your car's IP address and the right credentials or authentication bypass will be able to make a call to all available API functions. If they are able to find further vulnerabilities, they could also perform functions that are not directly accessible through the "public" API as well.
I'm guessing this last part is what we are going to see at DEFCON
muleferg
Active Member
In USA Today 7/22 there is an article about 2 guys hacking into a Jeep driving down the road at 70 mph.
travwill
Active Member
Yeah, was on the nightly NBC news last night as well. This was a bit melodramatic but sure glad it was a Chrysler/Jeep! My parents already think the Tesla is going to be hacked all the time since I bought it ;-) This is going to be become a key safety concern and issue for autonomous driving especially in the next 5-10 years though - needs tackled.
If only I had poster that story yesterday in this very thread.
I also posted a thread yesterday morning in the cars & transportation section:
Security in the Connected Car era... Jeep remotely victimized
I don't believe that Tesla is immune, but I think it's in a much better position than the other manufacturers. A significant number of those Jeeps will remain unpatched for a very, very long time, given that it requires either a USB stick upgrade or a visit to the dealer.
Correct - sniff the traffic on your wifi network when your Tesla is connected and you will see plenty of traffic goes directly out over the Internet (Browsing, music, etc.) Makes sense that all remote access capabilities are only through the VPN communicating with Tesla servers, but this car definitely has an IP address on the AT&T network. When you're out and about (Not on wifi), go to www.whatismyip.com and you'll see your IP (Which should be a private address on AT&T's network.)
It's known that Tesla uses OpenVPN to talk to the mothership, and that the "front door" is locked (talking to the car directly via IP address).
I discussed in the other thread how I think a real weak point to be exploited in ALL connected environments is unauthenticated/unsigned firmware updates. I believe it's highly likely that several of the modules used in the car are from suppliers who haven't thought to secure their firmware. That's my speculation as to what DEFCON goes after.
lagann
Member
Nowhere does it say these are remote vulnerabilities. You might need physical access to the car for them.
Jeff P
Member
Well, not necessarily. A lot of stuff has a public IP address, but it doesn't mean that you can get in there and mess around. As a software architect, I would probably build a lot of security into the communication between the car and Tesla's servers for control issues, even if none of them are particularly dangerous (like steering or braking). Lots of certificates, VPN, token exchanges, etc... there's a lot you can do that would make it crazy hard or impossible for the car to answer to anyone other than the mothership. The only attack vector that makes me nervous is getting new firmware installed, which I believe you have to confirm, and I assume the confirmation prompt has some kind of check for signed code or something.
Mostly talking out of my rear... I don't know how their magic works.
That is to assume that the implementation is flawless. If I were looking at hacking a car, side channel attacks would be one of the first things to look at.
Similar threads
