Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register
  • Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
  • The final cut of TMC Podcast #29 is available now with topics time-stamped. We discussed the Tesla Cybertruck's expected 1 MW Ultra-Fast Charging capability, the Tesla Semi Delivery Event, the coming Model 3 refresh (project "Highland"), and more. You can watch it now on YouTube.

Security in the Connected Car era... Jeep remotely victimized

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,030
1,030
Attackers remotely control Jeep via exploits in the connected car control unit:

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

No mention of Tesla, but I'm willing to bet it will come soon in the rebloggings of the article.

For the owners:

Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic.

Guess that's something we don't have to worry about too much.
 
Well, it was bound to happen one day.

The good thing is that Charlie Miller and Chris Valasek weren't "bad guys". I do hope that carmakers will wake up and strengthen their security.

It's also a good thing that it is difficult to attack a particular car.

Do we know what has Tesla done in this regard ?
 
The speakers say they have both local and remote exploits of the car itself. Social engineering, phishing, etc are not likely to be what they are talking about. They also have a disclaimer that these exploits can brick the car.

- - - Updated - - -

Well, it was bound to happen one day.

The good thing is that Charlie Miller and Chris Valasek weren't "bad guys". I do hope that carmakers will wake up and strengthen their security.

It's also a good thing that it is difficult to attack a particular car.

Do we know what has Tesla done in this regard ?

From what public information I've seen Tesla has only fixed one of the vulnerabilities. I figured it might be the reason 7.0 is delayed. If they are big enough problems priorities would shift.
 
Well it won't be the same way they took control of the Jeep - the Jeep architecture allowed drive train access through the infotainment system. (snip)

Do we know how is the MS architecture ? I've seen the thread about the guys who used the ethernet port in the car, but they sadly didn't went very far before Tesla shut them down.

However, we do know that there is at least indirect access to, well, everything (air suspension, motor controller, you name it) through the 3G connection since Tesla is able to do things such as the change the power mapping of the go-pedal, implement things like torque sleep and much more with wireless updates. (Though it may require user approval, so not a very discreet hack.)
 

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,030
1,030
The article discusses that they had to do a bit of firmware hacking to make all of their exploits work, which means that (some of) the Jeep's modules suffer from one of the largest issues today -- unauthenticated/unsigned firmware updates. They're removing it from the published exploit but leaving some of the other stuff in.

My guess is that Tesla may suffer from some of the same, as it sources modules from outside. Hopefully they thought about this up front. I'm guessing that most of the exploits found are going to be in this category -- they figured out how to push their own firmware to individual modules.

This is interesting, because I do believe it to be quite possible to connect to the drivetrain through the telematics system. You could install your own firmware in an unprotected module that accepts CAN commands in the form of firmware update messages, then have your firmware reflect them back onto the CANbus toward other modules that you wanted to control. It's not hard to figure how you might do that.
 

pgiralt

Active Member
Supporting Member
Jun 16, 2013
1,521
157
Cary, NC
I wonder how long it will be before messages on the CAN bus are encrypted. With all the devices on the bus, I imagine this would be quite an undertaking to get certificates and such distributed to the different components during manufacturing - not to mention the complexities when a device has to be replaced.

Like FlasherZ said, unsigned firmware is also a huge problem. Without that, nothing else really matters because you can always replace the firmware with your own. I'm hoping Tesla is using signed firmware.
 

eepic

Member
Supporting Member
Nov 6, 2013
911
126
Canada
Hackers demonstrate wireless exploit on engine, steering, brakes on Jeep

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Scary stuff. From the sounds of it though, at least Tesla is slightly ahead of them and has a team of hackers internally actively looking at cybersecurity (including Kristen Paget for a while). Anyone have thoughts on the state of cybersecurity for the Model S?
 

Lump

Active Member
Mar 31, 2013
2,618
2,632
So. Cal.
While a hack is still a hack, and this is a pretty big hack, I am at least somewhat relieved that it sounds like reprogramming of code was needed. This doesn't change the seriousness at all, but it would be even more alarming if they were able to take control of the car without such reprogramming.

Why are you relieved?

Yes, this means it is more complex, but the hackers have really been given some valuable info that 1) it can be done, 2) it's related to the infotainment components, 3) the specific vehicles it applies to.

Once the hack is known, it applies to all similar Chrysler vehicles. Although users can apparently update their firmware, how many will?
 
Security in the Connected Car era... Jeep remotely victimized

I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?
 

bonnie

I play a nice person on twitter.
Feb 6, 2011
16,429
9,937
Columbia River Gorge
I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?

You're in the timeline thread, not cyber security - not sure why we'd need a 'cool new feature' - sounds like you're assuming the Model S has a problem?

Here's a good starting place for you :) Security in the Connected Car era... Jeep remotely victimized
 
Bonnie-
Thank you for the link to the car security thread. I am not assuming anything, but rather am hoping that this or some other random issue will not cause yet another delay to the delivery of the Model X. I slapped down my considerable deposit in May of 2013 and have been repeatedly disappointed by the perpetual delay. I am not a tech savvy individual and only joined this thread because it was the only quasi credible source of information about when my deposit would actually result in the ownership of a Model X. I am not one of the fortunate few who can laugh off the delay because they will just drive their Tesla Roadster another year. I drive a 2007 Hybrid and every delay makes me consider canceling my Tesla order to investigate the new electric vehicles being put out or developed by BMW and Mercedes, etc. I have faith that the Model X will be fantastic and will win the same accolades as its' Model S predecessor, but I must confess that my faith is wearing a bit thin. I check my email inbox every day hoping that they will at least throw me a bone and allow access to the design program where I can choose rims and interior/ exterior finishes. It would certainly distract me from the frustrating information void that currently exists. I have heard they allow access to the design program approximately two months before delivery; do you believe this to be accurate?
 

Pete90D

Fan of Red Lights
Jul 25, 2015
478
4
Bay Area, CA
I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?

I work with one of the guys that was part of discovering a vulnerability in the media player of an undisclosed car maker back in 2011. Interesting talk (I forwarded to the media player part)
Comprehensive Experimental Analyses of Automotive Attack Surfaces - YouTube

Basically they created a malicious WMA, put it on a CD, and when it was played it allowed them to completely compromise the car. So if such a vulnerability existed in cars with internet radio a compromise of the provider could lead to compromising everyone listening.
 

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,030
1,030
http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

TL;DR: After using the in-car ethernet adapter, they were able to put together a bunch of exploits with a lot of work to take over the touchscreen. So they're able to do anything the touchscreen allows them to do... emergency brake / power off / suspension / etc. It's not an "OMG ZERO DAY REMOTE HAQR EXPL01T!!!!11!!ELEVENTYONE!!!1!OMGWTFBBQ" event. They identified a potential vector for remote vulernability through a WebKit bug, if they tricked the user into going to a malicious web page, which would then presumably string these attacks together to plant remote access.

The attack surface is pretty limited, though - you have to get someone to go to an attack site on the Model S browser (we all know how much of a great experience *that* one is), then they could use that to gain some privilege escalation and eventually work with the CAN bus.

As you gained some kind of foothold, you were able to gradually leverage that with additional vulnerabilities to increase your access,” Rogers says. “We took a bunch of relatively innocuous vulnerabilities you wouldn’t think very much about and by chaining them together and by using each one of them to leverage our ability to gain a bit more access, we were able to go deeper and deeper and deeper into the car until eventually we gained full control of the entertainment system…. Stringing all of these together was enough for us to gain user-level access and then ultimately superuser level access to the infotainment systems.

In addition, firmware updates aren't signed, but must come from Tesla - so at least there's not any obvious way for someone to push malicious firmware without compromising Tesla's infrastructure:

The firmware updates are downloaded as compressed files over an open VPN connection, and because the VPN connection is mutually authenticated between the car and the server, no one could upload rogue firmware to the car from an unauthorized location. But because the firmware updates are not signed, if an attacker were on the Tesla network and had access to the VPN structure, they could conceivably send rogue updates to Tesla cars. “f you gain access to the one server that is downloading the firmware you could substitute the firmware with your own,” Rogers says. Without pen-testing Tesla’s corporate infrastructure, however, this is just a theory.


Guessing we'll see signed firmware in the next year or so.
 
Last edited:

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top