An interesting write-up on some cybersecurity folks, how they got interested in hacking into vehicles, and what they found. What is most relevant here is that Tesla is entirely missing from their list of victims. Taken at face value, that seems like good news -- no vulnerabilities to talk about. But of course they could be missing for a variety of other reasons. Anybody have any idea?
Until I hear otherwise, I'm going to assume they were unsuccessful with any attempted Tesla hacks.
The piece documents such charming situations as this.
At this point, a malicious actor could backdoor the 15 million devices, query what ownership information was associated with a specific VIN, retrieve the full user information for all customer accounts, and invite themselves to manage any fleet which was connected to the app.
For our proof of concept, we invited ourselves to a random fleet account and saw that we received an invitation to administrate a US Police Department where we could track the entire police fleet.
... and ...
Full Remote Vehicle Access and Full Account Takeover affecting Honda, Nissan, Infiniti, Acura
During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer work. While we were visiting the University of Maryland, we came across a fleet of electric scooters scattered...
samcurry.net
Enjoy!