TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Tesla hacked and shut off while driving (with physical access to the car at first)

Discussion in 'Model S' started by yobigd20, Aug 6, 2015.

  1. yobigd20

    yobigd20 Well-Known Member

    Joined:
    Oct 28, 2012
    Messages:
    5,793
    Location:
    Skaneateles, NY
  2. bonnie

    bonnie Oil is for sissies.

    Joined:
    Feb 6, 2011
    Messages:
    14,241
    Location:
    Columbia River Gorge
    Little bit more balanced report here: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

    Also gave kudos to Tesla for architecture, fail safe if something happened, and ability to delivery updates OTA.

     
  3. Fezzik

    Fezzik P67429

    Joined:
    Nov 6, 2014
    Messages:
    478
    Location:
    Lincolnshire, IL
    This is key.
     
  4. yobigd20

    yobigd20 Well-Known Member

    Joined:
    Oct 28, 2012
    Messages:
    5,793
    Location:
    Skaneateles, NY
    yea good point. Tesla already patched it. I wonder if that's the software update that's been sitting waiting to install the last few days that I keep delaying, lol. I wonder if the release notes say "Hey guess what? We fixed a bug that used to let people shut down your MS while you were driving!!" yey! (hah, yeah right, they dont tell us anything in these release notes. they just tell us new features...imagine if they actually disclosed how many real bugs they fix in each release, I bet it's pretty disturbing lol).
     
  5. MsElectric

    MsElectric Active Member

    Joined:
    Oct 11, 2014
    Messages:
    1,611
    Location:
    New York
    Thanks for the Wired article Bonnie!

    Unless I am mistaken they actually had to dismantle the Tesla and get the VPN keys and install software to do this right? This is an order of a magnitude more difficult than what happened with the Jeep. It seems this hack was possible because they were able to get physical access to the car and have the time to dismantle the electronics, which is a much higher bar.
     
  6. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    Some additional discussion here:
    Security in the Connected Car era... Jeep remotely victimized - Page 2

    Overall, having some experience in the security field, I'm pretty pleased with the results and response. These guys are the cream-of-the-crop when it comes to hitting these cars hard and finding exploits, and the car stood up really well. They required physical access to inject it, although I'm surprised as the ethernet hacking thread here suggested that Tesla released a software update that turned off the ethernet port in the car unless a Tesla service laptop woke it up.

    - - - Updated - - -

    No, they didn't compromise any of that - they basically gained user access, and then superuser (root) on the Linux subsystem - which gave them the ability to do anything that Tesla exposes to the user through the touchscreen. The "shut the car off < 5 mph" in the original article comes from the big red "power off" button on the touchscreen.

    They do point at more nefarious things they could do - they noted that Tesla properly built in a gateway to do some validation - although they saw how they might work around it. It was clear that a lack of understanding of CAN bus messages and structure are hampering them from doing what they do best - CANbus injection to control subsystems. Like I mentioned in the thread I posted above, I think Tesla will have to do a lot of structural work to protect firmware upgrades a bit better, so they really hamper the ability for compromise via that vector.
     
  7. jaguar36

    jaguar36 Member

    Joined:
    Apr 10, 2014
    Messages:
    859
    Location:
    NJ
    Its a shame that despite this actually being pretty positive, all of the headlines are just going to be "Hackers can disable your Tesla!!!"
     
  8. Jaff

    Jaff Active Member

    Joined:
    Aug 15, 2010
    Messages:
    3,007
    Location:
    Grimsby, Canada
    Why does this fact seem to "escape" so many reporters?

    It's very hard not to cast a cynical eye to this issue...often looks like (verbal) malfeasance as opposed to nonfeasance ...


     
  9. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    Go to the average newspaper or TV station website. Look for the ads, see what they are. They're local car dealers - they're going to push the networks to help their advertisers.

    The technical blogs are getting it right.
     
  10. dsm363

    dsm363 Roadster + Sig Model S

    Joined:
    May 17, 2009
    Messages:
    18,235
    Location:
    Las Vegas, NV
    The wired article at the end:

    Sounds like Tesla has done most of the things they needed to do right but can always make things more secure. Good to know they are working on the flaws uncovered by these researchers as well.
     
  11. AC123

    AC123 Banned

    Joined:
    Aug 5, 2015
    Messages:
    104
    Location:
    USA
    I am just so glad that the hack was laughably difficult. Defcon usually is not to be laughed at, but this gives me the warm fuzzies about being in a Tesla.
     
  12. ItsNotAboutTheMoney

    ItsNotAboutTheMoney Active Member

    Joined:
    Jul 12, 2012
    Messages:
    4,496
    Location:
    Maine
    As the saying goes "Never let the facts get in the way of a good story."

    I credit reporters with some intelligence and say that it doesn't escape them, but they don't care because in order to get paid, they have to get eyeballs, and "If you give people access to your car, people can do unpleasant things to it and you" is not going to get eyeballs. To put it a different way: people who write deceptive articles, and most particularly headline writers, are sufficiently comfortable with deception for personal gain that they continue to do that job. They are essentially con artists and should not be trusted.
     
  13. jbcarioca

    jbcarioca Active Member

    Joined:
    Feb 3, 2015
    Messages:
    1,287
    Location:
    Rio de Janeiro, Brazil and Coral Gables, FL
    This really should not have been the news. Here is the correct headline:
    DEFCON DEMONSTRATION FROM CYBERSECURITY RESEARCHERS SHOWS TESLA MODEL S CAN BE STOLEN THEN USED IN BANK ROBBERIES AND MULTIPLE HOMICIDES. THE THIEVES NEED ONLY THE CAR KEY AND A FULLY CHARGED TESLA MODEL S
     
  14. bonnie

    bonnie Oil is for sissies.

    Joined:
    Feb 6, 2011
    Messages:
    14,241
    Location:
    Columbia River Gorge
    Hah! Exactly. What's wrong with these people???
     
  15. tga

    tga Active Member

    Joined:
    Apr 8, 2014
    Messages:
    2,192
    Location:
    New Hampshire
    Have Mahaffey and Rogers release detailed info yet, or do we need to wait for the Defcon presentation? I didn't find anything on a quick search (just more content-free "Oh no! Your Tesla can be hacked!" articles).
     
  16. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    I thought I read somewhere that the presentation was tomorrow morning.

    - - - Updated - - -

    EDIT: Blog post from Mahaffey:
    The new assembly line: 3 best practices for building (secure) connected cars
     
  17. Gizmotoy

    Gizmotoy Active Member

    Joined:
    Sep 16, 2013
    Messages:
    3,132
    Location:
    Bay Area, CA
    Was just about to post that. Best to get our information directly from the source. Sensationalist headlines are sure to come, but it sounds like they were actually pretty impressed with the existing security of the vehicle, and also that the exploits that used are already patched and on the way out to our vehicles. I guess that's why I got a software update notification last night.
     
  18. tga

    tga Active Member

    Joined:
    Apr 8, 2014
    Messages:
    2,192
    Location:
    New Hampshire
  19. CliffG

    CliffG Member

    Joined:
    Feb 10, 2014
    Messages:
    245
    Location:
    New Jersey
    #19 CliffG, Aug 6, 2015
    Last edited: Aug 6, 2015
    According to the schedule, 2PM Friday
    Too bad the Press won't quote this line from the blog:

    "Overall, I feel more secure driving in a Tesla Model S than any other connected car on the road."
    and as noted elsewhere, physical access to the ethernet port was required first.
     
  20. liuping

    liuping Active Member

    Joined:
    Jul 23, 2013
    Messages:
    1,858
    Location:
    San Diego

Share This Page