TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC
Start a Discussionhttps://teslamotorsclub.com/tmc/tags/

Why root exploits aren't public yet and when we are likely to see one

Discussion in 'Technical' started by apacheguy, Feb 18, 2017.

Tags:
  1. apacheguy

    apacheguy S Sig #255

    Joined:
    Oct 21, 2012
    Messages:
    4,564
    Location:
    So Cal
    I'm creating this thread to begin a discussion surrounding the future release of a root exploit for the Tesla infotainment system.

    A number of owners have achieved root on their vehicles and yet this has all been very much "hush-hush" behind the scenes hacking with precious little leaked to the public. Now, obviously, these parties have a vested interest in keeping their exploits private. A publicly disclosed exploit is sure to be patched by Tesla. I understand this.

    However, I do not understand instances in which Tesla has long since patched the exploit and yet we still have no insight as to any of the details. It is no secret that Tesla is a fan of NDAs and we can assume that those participating in the bug bounty program are immediately restrained by an NDA regarding all details of their findings. But Apple and Google both have much larger ($$$) bounty programs (and I assume NDAs are a part of this) and yet they have not succeeded in preventing a thriving jailbreak/rooting scene for iOS and Android devices.

    Additonally, in the automotive world, the hacking and modification of ECUs has long been publicly discussed. Here on TMC - nada. So what makes Tesla different and why don't we have root exploits floating around on the net? When (if at all) are we likely to see one?
     
  2. MP3Mike

    MP3Mike Active Member

    Joined:
    Feb 1, 2016
    Messages:
    3,899
    Location:
    Oregon
    I think at least part of it is the OTA updates that Tesla offers that could take the exploits away, which doesn't happen with normal automotive ECUs. And people that are using these exploits to maintain salvage/out of warranty cars don't want them to go away.
     
  3. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    13,365
    Location:
    Texas
    As I recall, the exploits done in the contest held a while back all required a physical connection to the car. OTA exploits are much harder to do, and are a moving target as MP3Mike says. The easier way is social engineering to get the password--not much Tesla can do about that. I'd also suggest that the Linux kernel in a Tesla is a more limited kernel than the kernels in Android and iO/S. Also it's much easier to obtain a smartphone than it is a Tesla, so there has to be real motivation to do so.
     
  4. apacheguy

    apacheguy S Sig #255

    Joined:
    Oct 21, 2012
    Messages:
    4,564
    Location:
    So Cal
    Agree. OTA updates will kill public exploits as I noted in the OP, which is why I was asking primarily about exploits that have already been patched.

    The recent iOS 10 jailbreak only came about because Apple patched a private exploit the developer had been using.
     

Share This Page