"Cybersecurity researchers were able to take control of a Tesla Model S car and shut it off while it was driving thanks to a security flaw found in the vehicle’s software, according to a new report." Tesla Model S hacked, shut off while driving - National | Globalnews.ca
Little bit more balanced report here: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/ Also gave kudos to Tesla for architecture, fail safe if something happened, and ability to delivery updates OTA.
yea good point. Tesla already patched it. I wonder if that's the software update that's been sitting waiting to install the last few days that I keep delaying, lol. I wonder if the release notes say "Hey guess what? We fixed a bug that used to let people shut down your MS while you were driving!!" yey! (hah, yeah right, they dont tell us anything in these release notes. they just tell us new features...imagine if they actually disclosed how many real bugs they fix in each release, I bet it's pretty disturbing lol).
Thanks for the Wired article Bonnie! Unless I am mistaken they actually had to dismantle the Tesla and get the VPN keys and install software to do this right? This is an order of a magnitude more difficult than what happened with the Jeep. It seems this hack was possible because they were able to get physical access to the car and have the time to dismantle the electronics, which is a much higher bar.
Some additional discussion here: Security in the Connected Car era... Jeep remotely victimized - Page 2 Overall, having some experience in the security field, I'm pretty pleased with the results and response. These guys are the cream-of-the-crop when it comes to hitting these cars hard and finding exploits, and the car stood up really well. They required physical access to inject it, although I'm surprised as the ethernet hacking thread here suggested that Tesla released a software update that turned off the ethernet port in the car unless a Tesla service laptop woke it up. - - - Updated - - - No, they didn't compromise any of that - they basically gained user access, and then superuser (root) on the Linux subsystem - which gave them the ability to do anything that Tesla exposes to the user through the touchscreen. The "shut the car off < 5 mph" in the original article comes from the big red "power off" button on the touchscreen. They do point at more nefarious things they could do - they noted that Tesla properly built in a gateway to do some validation - although they saw how they might work around it. It was clear that a lack of understanding of CAN bus messages and structure are hampering them from doing what they do best - CANbus injection to control subsystems. Like I mentioned in the thread I posted above, I think Tesla will have to do a lot of structural work to protect firmware upgrades a bit better, so they really hamper the ability for compromise via that vector.
Its a shame that despite this actually being pretty positive, all of the headlines are just going to be "Hackers can disable your Tesla!!!"
Why does this fact seem to "escape" so many reporters? It's very hard not to cast a cynical eye to this issue...often looks like (verbal) malfeasance as opposed to nonfeasance ...
Go to the average newspaper or TV station website. Look for the ads, see what they are. They're local car dealers - they're going to push the networks to help their advertisers. The technical blogs are getting it right.
The wired article at the end: Sounds like Tesla has done most of the things they needed to do right but can always make things more secure. Good to know they are working on the flaws uncovered by these researchers as well.
I am just so glad that the hack was laughably difficult. Defcon usually is not to be laughed at, but this gives me the warm fuzzies about being in a Tesla.
As the saying goes "Never let the facts get in the way of a good story." I credit reporters with some intelligence and say that it doesn't escape them, but they don't care because in order to get paid, they have to get eyeballs, and "If you give people access to your car, people can do unpleasant things to it and you" is not going to get eyeballs. To put it a different way: people who write deceptive articles, and most particularly headline writers, are sufficiently comfortable with deception for personal gain that they continue to do that job. They are essentially con artists and should not be trusted.
This really should not have been the news. Here is the correct headline: DEFCON DEMONSTRATION FROM CYBERSECURITY RESEARCHERS SHOWS TESLA MODEL S CAN BE STOLEN THEN USED IN BANK ROBBERIES AND MULTIPLE HOMICIDES. THE THIEVES NEED ONLY THE CAR KEY AND A FULLY CHARGED TESLA MODEL S
Have Mahaffey and Rogers release detailed info yet, or do we need to wait for the Defcon presentation? I didn't find anything on a quick search (just more content-free "Oh no! Your Tesla can be hacked!" articles).
I thought I read somewhere that the presentation was tomorrow morning. - - - Updated - - - EDIT: Blog post from Mahaffey: The new assembly line: 3 best practices for building (secure) connected cars
Was just about to post that. Best to get our information directly from the source. Sensationalist headlines are sure to come, but it sounds like they were actually pretty impressed with the existing security of the vehicle, and also that the exploits that used are already patched and on the way out to our vehicles. I guess that's why I got a software update notification last night.
Thanks for posting. I trolled around CloudFlare a bit, but didn't find anything. Got distracted before I could head over to Lookout.
According to the schedule, 2PM Friday Too bad the Press won't quote this line from the blog: "Overall, I feel more secure driving in a Tesla Model S than any other connected car on the road." and as noted elsewhere, physical access to the ethernet port was required first.
At least one positive article for Tesla about the hack: Teslas Wireless Updates Offer Big Advantage Over Jeep After hack