Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Tesla, TSLA & the Investment World: the Perpetual Investors' Roundtable

This site may earn commission on affiliate links.
#217,721
AimStellar said:
Consumer Watchdog Hacks A Tesla to Prove Dangers of Wirelessly Connected Cars

LOS ANGELES, Nov. 13, 2020 /PRNewswire/ -- The nonprofit, nonpartisan Consumer Watchdog today released a video showing how a box it built with the help of technologists could hack into the wireless connection of a Tesla and take over the screen with a "This Tesla's Been Hacked" message.

The video can be viewed here: https://youtu.be/RgpmJ6OhPns

The group said the demonstration showed how vulnerable the wireless connection in the cars is – by amplifying the signal it could work on many vehicles simultaneously, a large scale hack. Once in control of the screen, a hacker could suggest malware be downloaded, potentially giving them access to the car's operation and control over the vehicle, or otherwise sabotage the car.

Consumer Watchdog released the video in conjunction with its new report, "Connected Car Report 2020: The Models Most Open To Hacks," in which it reviews the "Hack 10" of top selling cars.

Read the report here: https://www.consumerwatchdog.org/report/connected-car-report-2020-models-most-open-hacks

The report finds all of Car and Driver's top 10 best-selling cars for 2020 clearly have features that allow wireless connectivity with safety critical systems and no known way to disconnect those systems. This leaves the vehicles vulnerable to an unprecedented, large-scale hack.

"The 2020 fleet is wired for remote start options that connect to safety critical systems wirelessly and leave these cars vulnerable to fleet wide hacks," said Jamie Court, president of Consumer Watchdog. "The remote start capability is accessed through the same digital systems that control steering, acceleration, and braking -- potentially giving hackers control over those as well. Automakers acknowledge to their shareholders that their designs are very vulnerable to malicious hacks at the same time as they promote their wireless start features to the public as a panacea. If Consumer Watchdog can hack a Tesla's wireless connection from outside the vehicle imagine what mischief a hostile foreign actor could do with exponentially more resources."

To prepare its "Connected Car Report 2020," Consumer Watchdog reviewed technical specifications and surveyed dozens of sales departments and service technicians at major car manufacturers.

The nonprofit group found that many dealership employees misrepresented that the safety-critical systems of top selling models are linked online and the dangers of such connections. None of the cars came with an apparent method to disconnect the car from the wireless connection.

When safety critical systems – brakes, engine, steering – are connected wirelessly there is the possibility of that connection being hacked on a fleet-wide basis. This danger is outlined in Consumer Watchdog's previous report, "Kill Switch: Why Connected Cars Can Be Killing Machines and How To Turn Them Off."

The group reserved its grand prize of "Most Hackable Car" for Tesla based on its history of hacks, outlined in the "Connected Car Report."

For example, in July 2017, Tesla CEO Elon Musk professed that the biggest danger of autonomous car technology was a "fleet wide hack." In August 2020, it was reported that just months before that 2017 statement Tesla had faced a fleet wide hack, but failed to reveal it to the public or regulators. Instead, it paid the discoverer of the problem to kept the incident quiet. Read the story at https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/

The company also faced a series of hacks by Keen Labs, a prolific hacker group based in China.

Unlike "white hat" hackers that disclose their findings privately to the company in exchange for payments, called bug bounties, Consumer Watchdog did not contact Tesla about the vulnerability it found. The consumer group said that the point of the hack was to show that Tesla's failure to commit to security by design puts the public at risk and it should have to face that fact in the light of public scrutiny.

Tesla has dismantled its North American public relations department and does not even have a liaison to the public to address safety concerns.

Consumer Watchdog tweeted at Elon Musk "Hey Elon. Hacked your Tesla. Can you figure out how?"

"Elon Musk will either figure out how we hacked the Tesla and patch the problem or he can drive his Tesla down to our office and we will show him how we did it in person on his car," said Court. "The point is that Tesla's system is insecure by design and puts the public at risk. Musk and the car industry need to pay attention to the risks. As we say in the video, we could have amplified the signal and performed the same hack on many Teslas simultaneously. It is inherently dangerous to have unsecured wireless connections to safety critical systems in cars."

SOURCE Consumer Watchdog
Click to expand...

simple link would have been enough. :rolleyes:
 
  • Helpful
  • Like
  • Funny
Reactions: gillfoto, FireMedic, Krugerrand and 4 others
#217,722
Remster32 said:
Deutsche Bank hosted Martin Viecha at their AutoTech Conference this week. Here were their takeaways.

Highlights:
  • Low-teens operating margin target in the mid-term. Better KPI than gross margin.
  • FSD subscription offering next year, potentially bucketed in several tiers for different functionality.
  • FSD team is primarily focused on city driving in North America at the moment.
  • Megapack order book is filled out into 2023. Unlimited demand!
  • Expected to ship 3.3 GWh in storage this year (vs. 1.65 GWh in 2019). Expects that to double in 2021.
View attachment 608004
Click to expand...
---
FSD subscription offering next year, potentially bucketed in several tiers for different functionality.
---

I was one of few for years suggesting subscriptions was bound to come. Hardly anyone here agreed. Lots of opposed views. Until Elon said it would happen and everyone pretended they had never disagreed.

Now, my conviction that we will get different prices for different versions/usages of FSD seems to catch on elsewhere as well. Finally.

Anyway. There has to be a sweet spot for what percentage of owners Tesla can get to pay for FSD while still keeping the price up.

I'm thinking the price where they can get 70-80% of owners in countries where FSD is the furthest along (right now only the US) to buy or subscribe is the correct price whatever that price may be.

I don't think they need to get to full autonomous driving for that to be possible though. From the beta videos now it seems like in 6-12 months they should be at a level where most would see enough benefit from FSD even if they have to remain the driver. It doesn't have to be perfect. As long as FSD handles most of your trips with no or very little intervention almost everyone will want it.

Just as an example, sometime in 2021 Tesla will have 1 million cars on the road in the US. If 70% paid $100/month for FSD that would be $840 million in revenue, most of it profit, already next year.

$100/month is just my number. Insert your own and get a different result. Still lots of money I suspect.

Yes, about 25% already paid upfront but there's unrecognized revue from those that can be used next year and for later it doesn't really matter if it's upfront or subscription based.

While robotaxis and fully autonomous FSD would be great they are not really necessary for enormous profits from FSD. Even if price has to be lowered a little per month when lower priced cars are introduced it's still absolutely huge numbers.

Let's say in 2025 there are 10 million cars in countries where FSD adds enough to the driving that 'everybody' wants it. 10 million x 70% x say $75/month. That's over 6 billion in a year. And it'll continue going up with billions every year.
 
  • Like
  • Disagree
  • Informative
Reactions: Tes La Ferrari, PANN, UCF3 and 3 others
#217,723
AimStellar said:
Consumer Watchdog Hacks A Tesla to Prove Dangers of Wirelessly Connected Cars

LOS ANGELES, Nov. 13, 2020 /PRNewswire/ -- The nonprofit, nonpartisan Consumer Watchdog today released a video showing how a box it built with the help of technologists could hack into the wireless connection of a Tesla and take over the screen with a "This Tesla's Been Hacked" message.

The video can be viewed here: https://youtu.be/RgpmJ6OhPns

The group said the demonstration showed how vulnerable the wireless connection in the cars is – by amplifying the signal it could work on many vehicles simultaneously, a large scale hack. Once in control of the screen, a hacker could suggest malware be downloaded, potentially giving them access to the car's operation and control over the vehicle, or otherwise sabotage the car.

Consumer Watchdog released the video in conjunction with its new report, "Connected Car Report 2020: The Models Most Open To Hacks," in which it reviews the "Hack 10" of top selling cars.

Read the report here: https://www.consumerwatchdog.org/report/connected-car-report-2020-models-most-open-hacks

The report finds all of Car and Driver's top 10 best-selling cars for 2020 clearly have features that allow wireless connectivity with safety critical systems and no known way to disconnect those systems. This leaves the vehicles vulnerable to an unprecedented, large-scale hack.

"The 2020 fleet is wired for remote start options that connect to safety critical systems wirelessly and leave these cars vulnerable to fleet wide hacks," said Jamie Court, president of Consumer Watchdog. "The remote start capability is accessed through the same digital systems that control steering, acceleration, and braking -- potentially giving hackers control over those as well. Automakers acknowledge to their shareholders that their designs are very vulnerable to malicious hacks at the same time as they promote their wireless start features to the public as a panacea. If Consumer Watchdog can hack a Tesla's wireless connection from outside the vehicle imagine what mischief a hostile foreign actor could do with exponentially more resources."

To prepare its "Connected Car Report 2020," Consumer Watchdog reviewed technical specifications and surveyed dozens of sales departments and service technicians at major car manufacturers.

The nonprofit group found that many dealership employees misrepresented that the safety-critical systems of top selling models are linked online and the dangers of such connections. None of the cars came with an apparent method to disconnect the car from the wireless connection.

When safety critical systems – brakes, engine, steering – are connected wirelessly there is the possibility of that connection being hacked on a fleet-wide basis. This danger is outlined in Consumer Watchdog's previous report, "Kill Switch: Why Connected Cars Can Be Killing Machines and How To Turn Them Off."

The group reserved its grand prize of "Most Hackable Car" for Tesla based on its history of hacks, outlined in the "Connected Car Report."

For example, in July 2017, Tesla CEO Elon Musk professed that the biggest danger of autonomous car technology was a "fleet wide hack." In August 2020, it was reported that just months before that 2017 statement Tesla had faced a fleet wide hack, but failed to reveal it to the public or regulators. Instead, it paid the discoverer of the problem to kept the incident quiet. Read the story at https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/

The company also faced a series of hacks by Keen Labs, a prolific hacker group based in China.

Unlike "white hat" hackers that disclose their findings privately to the company in exchange for payments, called bug bounties, Consumer Watchdog did not contact Tesla about the vulnerability it found. The consumer group said that the point of the hack was to show that Tesla's failure to commit to security by design puts the public at risk and it should have to face that fact in the light of public scrutiny.

Tesla has dismantled its North American public relations department and does not even have a liaison to the public to address safety concerns.

Consumer Watchdog tweeted at Elon Musk "Hey Elon. Hacked your Tesla. Can you figure out how?"

"Elon Musk will either figure out how we hacked the Tesla and patch the problem or he can drive his Tesla down to our office and we will show him how we did it in person on his car," said Court. "The point is that Tesla's system is insecure by design and puts the public at risk. Musk and the car industry need to pay attention to the risks. As we say in the video, we could have amplified the signal and performed the same hack on many Teslas simultaneously. It is inherently dangerous to have unsecured wireless connections to safety critical systems in cars."

SOURCE Consumer Watchdog
Click to expand...

So to see the hack, you have to go to the browser? I believe the browser is sandboxed from the rest of the vehicle even if a virus did get in. No different than browsing to a hacked website....no?
 
  • Informative
Reactions: FireMedic, Sudre, capster and 1 other person
#217,725
AimStellar said:
Consumer Watchdog Hacks A Tesla to Prove Dangers of Wirelessly Connected Cars

LOS ANGELES, Nov. 13, 2020 /PRNewswire/ -- The nonprofit, nonpartisan Consumer Watchdog today released a video showing how a box it built with the help of technologists could hack into the wireless connection of a Tesla and take over the screen with a "This Tesla's Been Hacked" message.

The video can be viewed here: https://youtu.be/RgpmJ6OhPns

The group said the demonstration showed how vulnerable the wireless connection in the cars is – by amplifying the signal it could work on many vehicles simultaneously, a large scale hack. Once in control of the screen, a hacker could suggest malware be downloaded, potentially giving them access to the car's operation and control over the vehicle, or otherwise sabotage the car.

Consumer Watchdog released the video in conjunction with its new report, "Connected Car Report 2020: The Models Most Open To Hacks," in which it reviews the "Hack 10" of top selling cars.

Read the report here: https://www.consumerwatchdog.org/report/connected-car-report-2020-models-most-open-hacks

The report finds all of Car and Driver's top 10 best-selling cars for 2020 clearly have features that allow wireless connectivity with safety critical systems and no known way to disconnect those systems. This leaves the vehicles vulnerable to an unprecedented, large-scale hack.

"The 2020 fleet is wired for remote start options that connect to safety critical systems wirelessly and leave these cars vulnerable to fleet wide hacks," said Jamie Court, president of Consumer Watchdog. "The remote start capability is accessed through the same digital systems that control steering, acceleration, and braking -- potentially giving hackers control over those as well. Automakers acknowledge to their shareholders that their designs are very vulnerable to malicious hacks at the same time as they promote their wireless start features to the public as a panacea. If Consumer Watchdog can hack a Tesla's wireless connection from outside the vehicle imagine what mischief a hostile foreign actor could do with exponentially more resources."

To prepare its "Connected Car Report 2020," Consumer Watchdog reviewed technical specifications and surveyed dozens of sales departments and service technicians at major car manufacturers.

The nonprofit group found that many dealership employees misrepresented that the safety-critical systems of top selling models are linked online and the dangers of such connections. None of the cars came with an apparent method to disconnect the car from the wireless connection.

When safety critical systems – brakes, engine, steering – are connected wirelessly there is the possibility of that connection being hacked on a fleet-wide basis. This danger is outlined in Consumer Watchdog's previous report, "Kill Switch: Why Connected Cars Can Be Killing Machines and How To Turn Them Off."

The group reserved its grand prize of "Most Hackable Car" for Tesla based on its history of hacks, outlined in the "Connected Car Report."

For example, in July 2017, Tesla CEO Elon Musk professed that the biggest danger of autonomous car technology was a "fleet wide hack." In August 2020, it was reported that just months before that 2017 statement Tesla had faced a fleet wide hack, but failed to reveal it to the public or regulators. Instead, it paid the discoverer of the problem to kept the incident quiet. Read the story at https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/

The company also faced a series of hacks by Keen Labs, a prolific hacker group based in China.

Unlike "white hat" hackers that disclose their findings privately to the company in exchange for payments, called bug bounties, Consumer Watchdog did not contact Tesla about the vulnerability it found. The consumer group said that the point of the hack was to show that Tesla's failure to commit to security by design puts the public at risk and it should have to face that fact in the light of public scrutiny.

Tesla has dismantled its North American public relations department and does not even have a liaison to the public to address safety concerns.

Consumer Watchdog tweeted at Elon Musk "Hey Elon. Hacked your Tesla. Can you figure out how?"

"Elon Musk will either figure out how we hacked the Tesla and patch the problem or he can drive his Tesla down to our office and we will show him how we did it in person on his car," said Court. "The point is that Tesla's system is insecure by design and puts the public at risk. Musk and the car industry need to pay attention to the risks. As we say in the video, we could have amplified the signal and performed the same hack on many Teslas simultaneously. It is inherently dangerous to have unsecured wireless connections to safety critical systems in cars."

SOURCE Consumer Watchdog
Click to expand...
I believe this video is bogus. At 1:12 into the video, you can see that, while he says he's navigating somewhere, he presses the icon in the media player to bring up TuneIn. That's when the "hacked" web page appears. What I think is the real situation is that he rooted the display software and arranged it to bring up this fake web page. Teslamotors.com doesn't respond any more since they changed the name years ago.
 
  • Informative
  • Like
  • Helpful
Reactions: Duffer, AZRI11, BrownOuttaSpec and 27 others
#217,726
SO16 said:
So to see the hack, you have to go to the browser? I believe the browser is sandboxed from the rest of the vehicle even if a virus did get in. No different than browsing to a hacked website....no?
Click to expand...
Plus, many of the hacks were only possible by plugging into the port, not over the air. This is just another FUD hit piece.
 
  • Like
  • Informative
Reactions: AZRI11, Carl Raymond, JustSaying and 3 others
#217,728
jerry33 said:
Plus, many of the hacks were only possible by plugging into the port, not over the air. This is just another FUD hit piece.
Click to expand...

I think its worth noting that pretty much every new car in the world now is run by a computer. And most also connect to devices that are connected. And with the zero day bugs that were recently discovered in both android and iOS root access to the connected devices were achieved. There will without question be risks with an internet connected Tesla. But frankly not really any different than being in a car connected to your phone with car play. Talking about Tesla being a risk is just a better headliner.

edit: tbh, I feel like its far more likely that a tesla is better safeguarded from a malicious hack because they are designing their systems with that in mind. I highly doubt the engineering teams building the software for the other car companies are thinking about how to safeguard the drive system form a zero day bug in apple car play that allows for system access through your iphone where someone could see that you are driving 70 on a busy freeway based on your phone GPS and then lock the breaks on the wheels on just your front left wheel.
 
  • Like
  • Informative
Reactions: Artful Dodger, UkNorthampton and jerry33
#217,730
ggr said:
I believe this video is bogus. At 1:12 into the video, you can see that, while he says he's navigating somewhere, he presses the icon in the media player to bring up TuneIn. That's when the "hacked" web page appears. What I think is the real situation is that he rooted the display software and arranged it to bring up this fake web page. Teslamotors.com doesn't respond any more since they changed the name years ago.
Click to expand...

I think the fact that 'Evan the Techology Director' just stood there staring at the camera like a Scooby-Doo villain without saying a word about any of this kind of gave it away..
 
  • Funny
Reactions: AZRI11, FireMedic, Artful Dodger and 1 other person
#217,732
ggr said:
I believe this video is bogus. At 1:12 into the video, you can see that, while he says he's navigating somewhere, he presses the icon in the media player to bring up TuneIn. That's when the "hacked" web page appears. What I think is the real situation is that he rooted the display software and arranged it to bring up this fake web page. Teslamotors.com doesn't respond any more since they changed the name years ago.
Click to expand...

If this was real, why would they circumvent the typical hackathon/bug bounty process?

Tesla offers up to $15,000 for a documented vulnerability that affects their vehicle fleet: Tesla’s bug bounty program | Bugcrowd

Or last year at Pwn2Own, Tesla gave away $375,000 in prize money (including a Model 3) to a team that demonstrated a browser vulnerability: Hackers conquer Tesla’s in-car web browser and win a Model 3 – TechCrunch

If this watchdog is capable of proving their exploit, what incentives did they have to turn down the bounty rewards? My guess is they cannot prove anything.
 
  • Like
  • Love
  • Informative
Reactions: Duffer, AZRI11, StealthP3D and 15 others
#217,734
Green Pete said:
I think its worth noting that pretty much every new car in the world now is run by a computer. And most also connect to devices that are connected. And with the zero day bugs that were recently discovered in both android and iOS root access to the connected devices were achieved. There will without question be risks with an internet connected Tesla. But frankly not really any different than being in a car connected to your phone with car play. Talking about Tesla being a risk is just a better headliner.

edit: tbh, I feel like its far more likely that a tesla is better safeguarded from a malicious hack because they are designing their systems with that in mind. I highly doubt the engineering teams building the software for the other car companies are thinking about how to safeguard the drive system form a zero day bug in apple car play that allows for system access through your iphone where someone could see that you are driving 70 on a busy freeway based on your phone GPS and then lock the breaks on the wheels on just your front left wheel.
Click to expand...

CWD tried calling-out Tesla on unsafe AP a year ago. A nothingburger.
 
  • Informative
Reactions: AZRI11, UCF3 and Krugerrand
#217,735
ggr said:
I believe this video is bogus. At 1:12 into the video, you can see that, while he says he's navigating somewhere, he presses the icon in the media player to bring up TuneIn. That's when the "hacked" web page appears. What I think is the real situation is that he rooted the display software and arranged it to bring up this fake web page. Teslamotors.com doesn't respond any more since they changed the name years ago.
Click to expand...
Custom album art?
"You've been hacked" by Firetruck Undertaker Deviants.

JRP3 said:
Wonder why it doesn't just forward to Tesla.com?
Click to expand...

www.teslamotors.com does redirect.
 
  • Informative
  • Like
Reactions: AZRI11, Boomer19, scaesare and 2 others
#217,736
Clicked on GM on my stock feed to see why there are up over 4% when we are down more than 1.5%. The first thing that popped up was an article saying the GM is recalling the Bolt for battery fires. At first I was confused because Tesla would have been way down, but then I realized that Wallstreet is smarter than me and knows that GM has had limited ability to build/sell the Bolt, so we only talking about a handful of vehicles.... /s
 
  • Funny
  • Like
  • Informative
Reactions: Nathan, AZRI11, BrownOuttaSpec and 22 others
#217,737
upload_2020-11-13_21-34-52.png
 
  • Funny
  • Like
Reactions: AZRI11, gabeincal, EVMeister and 3 others
#217,738
Lycanthrope said:
Well, I expected more of a blood-bath today. Would be funny, indeed, if this was due to the manips avoiding the $400 put-well, only for Elon to test negative over the weekend...
Click to expand...

Unless Elon is in the hospital, the sp is not going to care about his Covid, especially he already tweeted that he's symptom free after some OTC meds.
 
  • Like
Reactions: abasile and Paul_SF
You must log in or register to reply here.

Similar threads

AudubonB
  • Locked
Tesla, TSLA & the Investment World: the Perpetual Investors' Roundtable
Replies
0
Views
3K
TSLA Investor Discussions
AudubonB
AudubonB
AudubonB
  • Locked
Tesla, TSLA & the Investment World: the Perpetual Investors' Roundtable
Replies
0
Views
6K
TSLA Investor Discussions
AudubonB
AudubonB
OrthoSurg
  • Locked
Tesla, TSLA & the Investment World: the Perpetual Political chitchat' Roundtable
Replies
11
Views
10K
TSLA Investor Discussions
OrthoSurg
OrthoSurg
CLK350
Internal reference to posts within the-investment-world-the-perpetual-investors-roundtable thread leading to lost posts ?
Replies
6
Views
5K
Site Feedback & Announcements
EVWatcher
E
Z
  • Locked
  • Poll
Tesla, TSLA & the Investment World: the 2021 Investors' Roundtable
Replies
1
Views
12K
TSLA Investor Discussions
bkp_duke
bkp_duke
Top
Back
Blog
New
Forum list
Marketplace
Menu