TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Security in the Connected Car era... Jeep remotely victimized

Discussion in 'Cars and Transportation' started by FlasherZ, Jul 21, 2015.

  1. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    Attackers remotely control Jeep via exploits in the connected car control unit:

    http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

    No mention of Tesla, but I'm willing to bet it will come soon in the rebloggings of the article.

    For the owners:

    Guess that's something we don't have to worry about too much.
     
  2. manis

    manis Member

    Joined:
    Jun 12, 2015
    Messages:
    84
    Location:
    Bay Area, CA
  3. bonnie

    bonnie Oil is for sissies.

    Joined:
    Feb 6, 2011
    Messages:
    14,241
    Location:
    Columbia River Gorge
    Well it won't be the same way they took control of the Jeep - the Jeep architecture allowed drive train access through the infotainment system. Perhaps they'll use social engineering to get someone's credentials to one of the third party apps that connects with Tesla.
     
  4. spottyq

    spottyq Member

    Joined:
    May 7, 2015
    Messages:
    227
    Location:
    Belgium
    Well, it was bound to happen one day.

    The good thing is that Charlie Miller and Chris Valasek weren't "bad guys". I do hope that carmakers will wake up and strengthen their security.

    It's also a good thing that it is difficult to attack a particular car.

    Do we know what has Tesla done in this regard ?
     
  5. manis

    manis Member

    Joined:
    Jun 12, 2015
    Messages:
    84
    Location:
    Bay Area, CA
    The speakers say they have both local and remote exploits of the car itself. Social engineering, phishing, etc are not likely to be what they are talking about. They also have a disclaimer that these exploits can brick the car.

    - - - Updated - - -

    From what public information I've seen Tesla has only fixed one of the vulnerabilities. I figured it might be the reason 7.0 is delayed. If they are big enough problems priorities would shift.
     
  6. spottyq

    spottyq Member

    Joined:
    May 7, 2015
    Messages:
    227
    Location:
    Belgium
    Do we know how is the MS architecture ? I've seen the thread about the guys who used the ethernet port in the car, but they sadly didn't went very far before Tesla shut them down.

    However, we do know that there is at least indirect access to, well, everything (air suspension, motor controller, you name it) through the 3G connection since Tesla is able to do things such as the change the power mapping of the go-pedal, implement things like torque sleep and much more with wireless updates. (Though it may require user approval, so not a very discreet hack.)
     
  7. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    The article discusses that they had to do a bit of firmware hacking to make all of their exploits work, which means that (some of) the Jeep's modules suffer from one of the largest issues today -- unauthenticated/unsigned firmware updates. They're removing it from the published exploit but leaving some of the other stuff in.

    My guess is that Tesla may suffer from some of the same, as it sources modules from outside. Hopefully they thought about this up front. I'm guessing that most of the exploits found are going to be in this category -- they figured out how to push their own firmware to individual modules.

    This is interesting, because I do believe it to be quite possible to connect to the drivetrain through the telematics system. You could install your own firmware in an unprotected module that accepts CAN commands in the form of firmware update messages, then have your firmware reflect them back onto the CANbus toward other modules that you wanted to control. It's not hard to figure how you might do that.
     
  8. ThosEM

    ThosEM Space Weatherman

    Joined:
    Dec 13, 2013
    Messages:
    610
    Location:
    Annapolis, MD
    Anyone else get a software update today? I haven't installed it yet (tonight).
     
  9. pgiralt

    pgiralt Active Member

    Joined:
    Jun 16, 2013
    Messages:
    1,476
    Location:
    Cary, NC
    I wonder how long it will be before messages on the CAN bus are encrypted. With all the devices on the bus, I imagine this would be quite an undertaking to get certificates and such distributed to the different components during manufacturing - not to mention the complexities when a device has to be replaced.

    Like FlasherZ said, unsigned firmware is also a huge problem. Without that, nothing else really matters because you can always replace the firmware with your own. I'm hoping Tesla is using signed firmware.
     
  10. eepic

    eepic Member

    Joined:
    Nov 6, 2013
    Messages:
    854
    Location:
    Canada
    Hackers demonstrate wireless exploit on engine, steering, brakes on Jeep

    http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

    Scary stuff. From the sounds of it though, at least Tesla is slightly ahead of them and has a team of hackers internally actively looking at cybersecurity (including Kristen Paget for a while). Anyone have thoughts on the state of cybersecurity for the Model S?
     
  11. spottyq

    spottyq Member

    Joined:
    May 7, 2015
    Messages:
    227
    Location:
    Belgium
  12. Footbag

    Footbag Member

    Joined:
    Jun 29, 2013
    Messages:
    487
    Location:
    Edmonton, Canada
    While a hack is still a hack, and this is a pretty big hack, I am at least somewhat relieved that it sounds like reprogramming of code was needed. This doesn't change the seriousness at all, but it would be even more alarming if they were able to take control of the car without such reprogramming.
     
  13. Lump

    Lump Active Member

    Joined:
    Mar 31, 2013
    Messages:
    2,097
    Location:
    So. Cal.
  14. GaryREM

    GaryREM Member

    Joined:
    Jul 16, 2013
    Messages:
    324
    Location:
    Fairfax, VA
    Why are you relieved?

    Yes, this means it is more complex, but the hackers have really been given some valuable info that 1) it can be done, 2) it's related to the infotainment components, 3) the specific vehicles it applies to.

    Once the hack is known, it applies to all similar Chrysler vehicles. Although users can apparently update their firmware, how many will?
     
  15. DeenaB

    DeenaB Member

    Joined:
    Oct 17, 2014
    Messages:
    6
    Location:
    Marin County, CA
    Security in the Connected Car era... Jeep remotely victimized

    I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?
     
  16. bonnie

    bonnie Oil is for sissies.

    Joined:
    Feb 6, 2011
    Messages:
    14,241
    Location:
    Columbia River Gorge
    You're in the timeline thread, not cyber security - not sure why we'd need a 'cool new feature' - sounds like you're assuming the Model S has a problem?

    Here's a good starting place for you :) Security in the Connected Car era... Jeep remotely victimized
     
  17. DeenaB

    DeenaB Member

    Joined:
    Oct 17, 2014
    Messages:
    6
    Location:
    Marin County, CA
    Bonnie-
    Thank you for the link to the car security thread. I am not assuming anything, but rather am hoping that this or some other random issue will not cause yet another delay to the delivery of the Model X. I slapped down my considerable deposit in May of 2013 and have been repeatedly disappointed by the perpetual delay. I am not a tech savvy individual and only joined this thread because it was the only quasi credible source of information about when my deposit would actually result in the ownership of a Model X. I am not one of the fortunate few who can laugh off the delay because they will just drive their Tesla Roadster another year. I drive a 2007 Hybrid and every delay makes me consider canceling my Tesla order to investigate the new electric vehicles being put out or developed by BMW and Mercedes, etc. I have faith that the Model X will be fantastic and will win the same accolades as its' Model S predecessor, but I must confess that my faith is wearing a bit thin. I check my email inbox every day hoping that they will at least throw me a bone and allow access to the design program where I can choose rims and interior/ exterior finishes. It would certainly distract me from the frustrating information void that currently exists. I have heard they allow access to the design program approximately two months before delivery; do you believe this to be accurate?
     
  18. bonnie

    bonnie Oil is for sissies.

    Joined:
    Feb 6, 2011
    Messages:
    14,241
    Location:
    Columbia River Gorge
    PM sent.
     
  19. Pete90D

    Pete90D Fan of Red Lights

    Joined:
    Jul 25, 2015
    Messages:
    476
    Location:
    Bay Area, CA
    I work with one of the guys that was part of discovering a vulnerability in the media player of an undisclosed car maker back in 2011. Interesting talk (I forwarded to the media player part)
    Comprehensive Experimental Analyses of Automotive Attack Surfaces - YouTube

    Basically they created a malicious WMA, put it on a CD, and when it was played it allowed them to completely compromise the car. So if such a vulnerability existed in cars with internet radio a compromise of the provider could lead to compromising everyone listening.
     
  20. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    #20 FlasherZ, Aug 6, 2015
    Last edited: Aug 6, 2015
    http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

    TL;DR: After using the in-car ethernet adapter, they were able to put together a bunch of exploits with a lot of work to take over the touchscreen. So they're able to do anything the touchscreen allows them to do... emergency brake / power off / suspension / etc. It's not an "OMG ZERO DAY REMOTE HAQR EXPL01T!!!!11!!ELEVENTYONE!!!1!OMGWTFBBQ" event. They identified a potential vector for remote vulernability through a WebKit bug, if they tricked the user into going to a malicious web page, which would then presumably string these attacks together to plant remote access.

    The attack surface is pretty limited, though - you have to get someone to go to an attack site on the Model S browser (we all know how much of a great experience *that* one is), then they could use that to gain some privilege escalation and eventually work with the CAN bus.

    In addition, firmware updates aren't signed, but must come from Tesla - so at least there's not any obvious way for someone to push malicious firmware without compromising Tesla's infrastructure:



    Guessing we'll see signed firmware in the next year or so.
     

Share This Page