Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register
  • The final cut of the 8th episode of the Tesla Motors Club Podcast, featuring Balazs Biro, of the prominent Hungarian EV channel Villanyautósok, is now available. You can watch it now on YouTube or listen to it on all major podcast networks.

Tesla hacked and shut off while driving (with physical access to the car at first)

bonnie

I play a nice person on twitter.
Feb 6, 2011
16,429
9,935
Columbia River Gorge
Little bit more balanced report here: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

Also gave kudos to Tesla for architecture, fail safe if something happened, and ability to delivery updates OTA.

Though the Tesla hacks highlight some of the dangers around digitally connected cars, the researchers’ findings are not as serious as those demonstrated two weeks ago against a Chrysler Jeep. In that case, the vehicle had no separation between its infotainment system and the critical drive system, so once researchers compromised the infotainment system they could communicate with the drive system and cut the brakes or control the steering if the car was in reverse. Tesla, however, has a gateway between the infotainment and drive systems that is intended to prevent a hacker, remote or otherwise, from reaching critical functions like these.
 

yobigd20

Well-Known Member
Oct 28, 2012
5,929
540
Skaneateles, NY
Little bit more balanced report here: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

Also gave kudos to Tesla for architecture, fail safe if something happened, and ability to delivery updates OTA.

yea good point. Tesla already patched it. I wonder if that's the software update that's been sitting waiting to install the last few days that I keep delaying, lol. I wonder if the release notes say "Hey guess what? We fixed a bug that used to let people shut down your MS while you were driving!!" yey! (hah, yeah right, they dont tell us anything in these release notes. they just tell us new features...imagine if they actually disclosed how many real bugs they fix in each release, I bet it's pretty disturbing lol).
 
Little bit more balanced report here: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

Also gave kudos to Tesla for architecture, fail safe if something happened, and ability to delivery updates OTA.

Thanks for the Wired article Bonnie!

Unless I am mistaken they actually had to dismantle the Tesla and get the VPN keys and install software to do this right? This is an order of a magnitude more difficult than what happened with the Jeep. It seems this hack was possible because they were able to get physical access to the car and have the time to dismantle the electronics, which is a much higher bar.
 

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,028
1,025
Some additional discussion here:
Security in the Connected Car era... Jeep remotely victimized - Page 2

Overall, having some experience in the security field, I'm pretty pleased with the results and response. These guys are the cream-of-the-crop when it comes to hitting these cars hard and finding exploits, and the car stood up really well. They required physical access to inject it, although I'm surprised as the ethernet hacking thread here suggested that Tesla released a software update that turned off the ethernet port in the car unless a Tesla service laptop woke it up.

- - - Updated - - -

Unless I am mistaken they actually had to dismantle the Tesla and get the VPN keys and install software to do this right? This is an order of a magnitude more difficult than what happened with the Jeep. It seems this hack was possible because they were able to get physical access to the car and have the time to dismantle the electronics, which is a much higher bar.

No, they didn't compromise any of that - they basically gained user access, and then superuser (root) on the Linux subsystem - which gave them the ability to do anything that Tesla exposes to the user through the touchscreen. The "shut the car off < 5 mph" in the original article comes from the big red "power off" button on the touchscreen.

They do point at more nefarious things they could do - they noted that Tesla properly built in a gateway to do some validation - although they saw how they might work around it. It was clear that a lack of understanding of CAN bus messages and structure are hampering them from doing what they do best - CANbus injection to control subsystems. Like I mentioned in the thread I posted above, I think Tesla will have to do a lot of structural work to protect firmware upgrades a bit better, so they really hamper the ability for compromise via that vector.
 

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,028
1,025
Why does this fact seem to "escape" so many reporters?

It's very hard not to cast a cynical eye to this issue...often looks like (verbal) malfeasance as opposed to nonfeasance ...

Go to the average newspaper or TV station website. Look for the ads, see what they are. They're local car dealers - they're going to push the networks to help their advertisers.

The technical blogs are getting it right.
 

dsm363

Roadster + Sig Model S
Moderator
May 17, 2009
18,279
160
Nevada
The wired article at the end:

Regardless of the issues found with the Model S, he still considers it “the most secure car that we’ve seen.”

Sounds like Tesla has done most of the things they needed to do right but can always make things more secure. Good to know they are working on the flaws uncovered by these researchers as well.
 

ItsNotAboutTheMoney

Well-Known Member
Jul 12, 2012
11,630
9,720
Maine
Why does this fact seem to "escape" so many reporters?

It's very hard not to cast a cynical eye to this issue...often looks like (verbal) malfeasance as opposed to nonfeasance ...

As the saying goes "Never let the facts get in the way of a good story."

I credit reporters with some intelligence and say that it doesn't escape them, but they don't care because in order to get paid, they have to get eyeballs, and "If you give people access to your car, people can do unpleasant things to it and you" is not going to get eyeballs. To put it a different way: people who write deceptive articles, and most particularly headline writers, are sufficiently comfortable with deception for personal gain that they continue to do that job. They are essentially con artists and should not be trusted.
 

jbcarioca

Well-Known Member
Supporting Member
Feb 3, 2015
6,331
43,515

bonnie

I play a nice person on twitter.
Feb 6, 2011
16,429
9,935
Columbia River Gorge
This really should not have been the news. Here is the correct headline:
DEFCON DEMONSTRATION FROM CYBERSECURITY RESEARCHERS SHOWS TESLA MODEL S CAN BE STOLEN THEN USED IN BANK ROBBERIES AND MULTIPLE HOMICIDES. THE THIEVES NEED ONLY THE CAR KEY AND A FULLY CHARGED TESLA MODEL S

Hah! Exactly. What's wrong with these people???
 

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,028
1,025
Have Mahaffey and Rogers release detailed info yet, or do we need to wait for the Defcon presentation? I didn't find anything on a quick search (just more content-free "Oh no! Your Tesla can be hacked!" articles).

I thought I read somewhere that the presentation was tomorrow morning.

- - - Updated - - -

I thought I read somewhere that the presentation was tomorrow morning.

EDIT: Blog post from Mahaffey:
The new assembly line: 3 best practices for building (secure) connected cars
 
Was just about to post that. Best to get our information directly from the source. Sensationalist headlines are sure to come, but it sounds like they were actually pretty impressed with the existing security of the vehicle, and also that the exploits that used are already patched and on the way out to our vehicles. I guess that's why I got a software update notification last night.
 
I thought I read somewhere that the presentation was tomorrow morning.
According to the schedule, 2PM Friday
Too bad the Press won't quote this line from the blog:

"Overall, I feel more secure driving in a Tesla Model S than any other connected car on the road."
and as noted elsewhere, physical access to the ethernet port was required first.
 
Last edited:

Products we're discussing on TMC...

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top