TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC

Tesla remotely pwned, arbitrary CAN injection

Discussion in 'Tesla, Inc.' started by apacheguy, Aug 3, 2017.

  1. apacheguy

    apacheguy S Sig #255

    Oct 21, 2012
    So Cal
    well, at least now we know why 17.26 rolled out so quickly.

    This is the same group that forced Tesla to implement code signing last year. Apparently, they were able to bypass it. Don't expect any details from these folks, though. They won't share anything even after all the vulnerabilities have been patched due to the NDA.

    New Car Hacking Research: 2017, Remote Attack Tesla Motors Again

    "Keen Lab discovered new security vulnerabilities on Tesla motors and realized full attack chain to implement arbitrary CAN BUS and ECUs remote controls on Tesla motors with latest firmware.

    Several highlights for 2017 Tesla Research:

    • Realized full attack chain as we did in year 2016 to implement arbitrary CAN BUS and ECUs remote controls.
    • Discovered multiple 0Days in different modules. Currently, Keen Lab is working with Tesla and related manufactures on assigning CVE number of the vulnerabilities.
    • Tesla implemented a new security mechanism “code signing” to do signature integrity check of system firmware that will be FOTAed to Tesla motors in Sept 2016. The code signing was bypassed by Keen Lab.
    • The “Group lighting show of Model X” in our demonstration is technically arbitrary remote controls on multiple ECUs at the same time. It shows Keen Lab’s research capability on CAN BUS and ECUs."
    • Informative x 2
  2. pbceng

    pbceng Member

    Aug 9, 2015
    It's nice to see Tesla acting in a sensible grown up fashion and fixing these issues as they become apparent. Other manufacturers attempted to get injunctions issued to prevent publication of the method!!

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.