I also queried to find out which DNS server it's running:
So that seems to be dnsmasq 2.58
Interesting. This DNS uses the 3G service I assume?
Use of http://code.kryo.se/iodine/ comes to mind... (IP over DNS...)
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
I also queried to find out which DNS server it's running:
So that seems to be dnsmasq 2.58
Probably the 3G or WiFi when available.Interesting. This DNS uses the 3G service I assume?
Use of http://code.kryo.se/iodine/ comes to mind... (IP over DNS...)
I only connected to ethernet diagnostic port, and will only read data on this port, will never try to do more, it will not void my warranty
Lost count of the number of times I've said things like this. :biggrin: What's Latin for, "I read therefore I must write?"
Speaking of which, is it possible to re-write the "now playing" image? If so, this is a means to have a custom dash display.
I sniffed the WiFi again yesterday. If I send a DNS query to 192.168.90.100 I see that the car sends out the DNS query to the resolver it got from my DHCP server.Interesting. This DNS uses the 3G service I assume?
Use of http://code.kryo.se/iodine/ comes to mind... (IP over DNS...)
This is probably better directed at nlc (as the OP) but quoted widodh for context. Regarding the data analysis, your approach is good and I agree with it.I'm not hiding anything. If I can find a vulnerability in Model S, somebody else can as well. I'm doing it in public so Tesla can learn from it.
This is probably better directed at nlc (as the OP) but quoted widodh for context. Regarding the data analysis, your approach is good and I agree with it.
The only sticking point for me is that I would have contacted Tesla directly before publishing "how to" information. I have no idea if nlc (or others) already did that.
The difference is "here's how to hack someone's xyz device" vs. "when I hacked my own xyz device here's what I found." The latter is great. The former I would get clearance from Tesla first.
If Tesla doesn't give clearance for the REST API then why in hell would they give their clearance to snooping in on the internal bus? Seems silly to formally ask the question when you already know the answer. In fact, it makes it worse to ask.
Ooh they read the forums... Don't think otherwise.
TM has no legal basis to void your warranty just for connecting to a diagnostic port and reading data. If that were true, all my previous ICE cars would have their warranty voided just by me connecting a diagnostic tool to the OBD port.
No, I'm looking at this from another perspective.This is probably better directed at nlc (as the OP) but quoted widodh for context. Regarding the data analysis, your approach is good and I agree with it.
The only sticking point for me is that I would have contacted Tesla directly before publishing "how to" information. I have no idea if nlc (or others) already did that.
The difference is "here's how to hack someone's xyz device" vs. "when I hacked my own xyz device here's what I found." The latter is great. The former I would get clearance from Tesla first.
Don't forget that over the diag port you can access the central screen which also does the 3G/WiFi.I'm not sure I understand the need to involve Tesla. First off, there is essentially no security concern here. You need physical access to the diagnostic port in order to execute any exploits discussed here. By the way, we haven't even gotten to the exploits stage so there is absolutely no "hacking" that has been detailed here. Hence, no need to involve Tesla.
IMO, it's like telling evad3rs that they need to make Apple aware before publishing a tool to hack a device. You all should be more concerned about your iPhone being hacked because unlike the Model S, there is no physical lock between a USB cable and the port on your iPhone. Someone would have to break into your MS in order do anything malicious, but if that happened I know I'd certainly have bigger concerns on my mind than the possibility of someone crashing my touchscreen.
Now, if we were discussing remote exploits that can be executed over 3G, then I would be very concerned.
Don't forget that we are protected by the European laws and the US laws do not apply here.This evening I got a call from service center :crying:
They told me Tesla USA engineers seen a tentative of hacking on my car...
I explained it was me because I tried to connect the diagnosis port to get some useful data (speed, power, etc...). They told me it can be related to industrial espionage and advised me to stop investigation, to not void the warranty....
Don't know if they really seen something in the log, because I just sniffed the network. Or maybe they seen the port scanning with nmap ? Or maybe they just read this topic ?
The last part applies here. Tesla can say anything they want in the MVPA, but in the end it's the law which applies.
Exactly. They can try to push this away as hard as they want, but sooner or later people will find a way to exploit the vehicle.Tesla is on the wrong side of this by reaching out to people with warnings. They need to find a way to work with their customers that have legitimate curiosity WRT MS and not against them. We own the car and there are people that will want to tinker. There must be a sane way to allow the curious to feed their need to learn while still protecting Tesla's interests.
This issue of providing tools to work on their cars is going to start cropping up more and more as time goes by. They can hold it off for a few years with their excellent warranty work but it will crop up. Unlike the dealer thing, they will be on the wrong/loosing side of that argument.