Interesting. This DNS uses the 3G service I assume?
Use of http://code.kryo.se/iodine/ comes to mind... (IP over DNS...)
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Successful connection on the Model S internal Ethernet network
- Thread starter nlc
- Start date
-
- Tags
- Model S User Interface
Interesting. This DNS uses the 3G service I assume?
Use of http://code.kryo.se/iodine/ comes to mind... (IP over DNS...)
Probably the 3G or WiFi when available.
When http://www.teslamotorsclub.com/showthread.php/22294-Sniffing-the-WiFi-traffic]Sniffing the WiFi I noticed that all traffic is routed via a VPN tunnel.
The now playing image is probably just the pic that pops up for the song on the radio.
I sniffed the WiFi again yesterday. If I send a DNS query to 192.168.90.100 I see that the car sends out the DNS query to the resolver it got from my DHCP server.
I have two pretty large capture files from both the WiFi and internal network. Will go through them in the weekend.
I understand you aren't trying to hide anything and that you have noble intentions in addition to your curiosity.
I think my goal in pointing this out was more around the possibility that it could lead to significant financial risk and repercussions for you. If you do something that ends up forcing a service call or, even more unfortunate, if something completely unrelated to your exploration necessitates a service call, and they determine that there is software corruption or hardware damage that could be blamed on your exploration, then it is very likely that they would decline to honor the warranty and service plans.
I take that risk every time I go dabbling in one of my Android smart phones, but that is because I am content with the possibility of having to replace them out of pocket. The idea of losing the ability to drive my car or even worse, have an investigation into an accident cause Tesla and/or my insurance company to decide that they shouldn't cover me... I'm personally not comfortable with that right now. If you are, then I remain happy and interested to read about your exploration.
I think my goal in pointing this out was more around the possibility that it could lead to significant financial risk and repercussions for you. If you do something that ends up forcing a service call or, even more unfortunate, if something completely unrelated to your exploration necessitates a service call, and they determine that there is software corruption or hardware damage that could be blamed on your exploration, then it is very likely that they would decline to honor the warranty and service plans.
I take that risk every time I go dabbling in one of my Android smart phones, but that is because I am content with the possibility of having to replace them out of pocket. The idea of losing the ability to drive my car or even worse, have an investigation into an accident cause Tesla and/or my insurance company to decide that they shouldn't cover me... I'm personally not comfortable with that right now. If you are, then I remain happy and interested to read about your exploration.
This is probably better directed at nlc (as the OP) but quoted widodh for context. Regarding the data analysis, your approach is good and I agree with it.
The only sticking point for me is that I would have contacted Tesla directly before publishing "how to" information. I have no idea if nlc (or others) already did that.
The difference is "here's how to hack someone's xyz device" vs. "when I hacked my own xyz device here's what I found." The latter is great. The former I would get clearance from Tesla first.
I'm not sure I understand the need to involve Tesla. First off, there is essentially no security concern here. You need physical access to the diagnostic port in order to execute any exploits discussed here. By the way, we haven't even gotten to the exploits stage so there is absolutely no "hacking" that has been detailed here. Hence, no need to involve Tesla.
IMO, it's like telling evad3rs that they need to make Apple aware before publishing a tool to hack a device. You all should be more concerned about your iPhone being hacked because unlike the Model S, there is no physical lock between a USB cable and the port on your iPhone. Someone would have to break into your MS in order do anything malicious, but if that happened I know I'd certainly have bigger concerns on my mind than the possibility of someone crashing my touchscreen.
Now, if we were discussing remote exploits that can be executed over 3G, then I would be very concerned.
IMO, it's like telling evad3rs that they need to make Apple aware before publishing a tool to hack a device. You all should be more concerned about your iPhone being hacked because unlike the Model S, there is no physical lock between a USB cable and the port on your iPhone. Someone would have to break into your MS in order do anything malicious, but if that happened I know I'd certainly have bigger concerns on my mind than the possibility of someone crashing my touchscreen.
Now, if we were discussing remote exploits that can be executed over 3G, then I would be very concerned.
hans
P631
If Tesla doesn't give clearance for the REST API then why in hell would they give their clearance to snooping in on the internal bus? Seems silly to formally ask the question when you already know the answer. In fact, it makes it worse to ask.
Exactly, and just to add to that why do we feel so compelled to communicate our hacking efforts to Tesla when they have repeatedly demonstrated their inability, and general lack of interest, to communicate with us?
This evening I got a call from service center :crying:
They told me Tesla USA engineers seen a tentative of hacking on my car...
I explained it was me because I tried to connect the diagnosis port to get some useful data (speed, power, etc...). They told me it can be related to industrial espionage and advised me to stop investigation, to not void the warranty....
Don't know if they really seen something in the log, because I just sniffed the network. Or maybe they seen the port scanning with nmap ? Or maybe they just read this topic ?
They told me Tesla USA engineers seen a tentative of hacking on my car...
I explained it was me because I tried to connect the diagnosis port to get some useful data (speed, power, etc...). They told me it can be related to industrial espionage and advised me to stop investigation, to not void the warranty....
Don't know if they really seen something in the log, because I just sniffed the network. Or maybe they seen the port scanning with nmap ? Or maybe they just read this topic ?
Kalud
Active Member
Totally make sense, I would certainly have some staff doing this full time to seek information as fast as possible... Probably the same staff that manage the twitter / Facebook accounts...
The exception being "save only to the extent permitted by applicable law." And consider that there have been some interesting precedents that have been set to this end:
1. TMC reverse engineered the remote API without TM raising a hoot.
2. The law allows for tampering with and jailbreaking an iPhone.
3. Tesla is required to provide diagnostic tools to third party service centers. In the absence of this, the case could be made that we are merely gathering data to diagnose our own cars.
4. Lolachampcar could probably chime in here, as he has extensive experience reverse engineering and modifying ECUs on other cars.
TM has no legal basis to void your warranty just for connecting to a diagnostic port and reading data. If that were true, all my previous ICE cars would have their warranty voided just by me connecting a diagnostic tool to the OBD port.
1. TMC reverse engineered the remote API without TM raising a hoot.
2. The law allows for tampering with and jailbreaking an iPhone.
3. Tesla is required to provide diagnostic tools to third party service centers. In the absence of this, the case could be made that we are merely gathering data to diagnose our own cars.
4. Lolachampcar could probably chime in here, as he has extensive experience reverse engineering and modifying ECUs on other cars.
TM has no legal basis to void your warranty just for connecting to a diagnostic port and reading data. If that were true, all my previous ICE cars would have their warranty voided just by me connecting a diagnostic tool to the OBD port.
I agree with you. But this ethernet port is probably not only a diagnosis port, we seen that we can access some internal communications, and maybe change some internal parameters. That's the problem, they explained me let's imagine I am able to remove the speed limitation, or boost the power. If my motor die, it will be my fault, not Tesla fault, and they will not change my motor under warranty.
It's an extreme case, but we don't know (and the Tesla employee who called me too), what can be done through this diagnosis tool, with or without hacking exploit.
I think if we just connect the port, and just capture data, they cannot do anything because I think they cannot see the connection. Or they can see the ethernet connection going "up" somewhere.
lolachampcar
Well-Known Member
Tesla is on the wrong side of this by reaching out to people with warnings. They need to find a way to work with their customers that have legitimate curiosity WRT MS and not against them. We own the car and there are people that will want to tinker. There must be a sane way to allow the curious to feed their need to learn while still protecting Tesla's interests.
This issue of providing tools to work on their cars is going to start cropping up more and more as time goes by. They can hold it off for a few years with their excellent warranty work but it will crop up. Unlike the dealer thing, they will be on the wrong/loosing side of that argument.
This issue of providing tools to work on their cars is going to start cropping up more and more as time goes by. They can hold it off for a few years with their excellent warranty work but it will crop up. Unlike the dealer thing, they will be on the wrong/loosing side of that argument.
No, I'm looking at this from another perspective.
Sooner or later somebody, somewhere in a black hole would have gotten his hands on a Model S and started doing the same "hacking" as we are doing right now.
That person might find a serious exploit in Model S and never tell us nor Tesla about it. So again, yes, I'm trying to find ways to exploit the car, but just to make sure "we" find them first instead of "them" (The people not telling anybody).
In the end somebody will find a exploit in Model S. Better be "us" then "them".
Don't forget that over the diag port you can access the central screen which also does the 3G/WiFi.
Maybe we are able to learn something through the diag port which also works via the WiFi. You never know. I'm keeping all options open.
Don't forget that we are protected by the European laws and the US laws do not apply here.This evening I got a call from service center :crying:
They told me Tesla USA engineers seen a tentative of hacking on my car...
I explained it was me because I tried to connect the diagnosis port to get some useful data (speed, power, etc...). They told me it can be related to industrial espionage and advised me to stop investigation, to not void the warranty....
Don't know if they really seen something in the log, because I just sniffed the network. Or maybe they seen the port scanning with nmap ? Or maybe they just read this topic ?
I'm not a lawyer, but I'm pretty sure that I'm allowed the connect to any cable in my own car.
The last part applies here. Tesla can say anything they want in the MVPA, but in the end it's the law which applies.
Exactly. They can try to push this away as hard as they want, but sooner or later people will find a way to exploit the vehicle.
It's a pretty expensive car, so I'm not going to do very weird things, but imagine taking out the center screen and trying to access the filesystem/storage device of it directly by connecting it to a different Linux machine.
If Tesla gives me a call like they did with nlc I'll tell them how I think about it. I'm just trying to find a weakness which potentially might hurt Tesla.
It can never hurt for them to have a couple extra pairs of eyes looking at what they've build.
I don't want to "go to war" with Tesla either. I have good intentions and probably everybody here, but security by obscurity does NOT work.
I however doubt that the ethernet network is a essential part in safety. Yes, it can control various things, but I think that the .102 device is our gateway to the real important buses inside the car. We can read and probably set parameters, but that's all.
Similar threads
