Wi-Fi Security

[Skipdd]

Wi-Fi security has been breached, say researchers

Question for the engineers on the forum - would it be possible to leverage this breach to access a Tesla? Or does the car require another level of authentication that would prevent it? Regardless I will be patching my devices as soon as a patch(es) are released.

Thanks.

 

[bmah]

TL;DR: I don't think it's possible to get access to a Tesla with this vulnerability.

What follows is my interpretation of what I've read, which I admit could be totally wrong (I'm not a crypto / security geek but I could probably play one on TV):

Basically, the attacks basically subvert WiFi encryption, but note that a lot of WiFi access (e.g. the free Internet access you'd get at Starbucks) is unencrypted anyway. As I understand things, all communication with the Tesla mothership uses (and requires) OpenVPN, which is encrypted at a higher layer. That in theory protects all of the communication that's needed for remote access, firmware upgrades, and so on (I haven't sniffed the traffic to / from my car for awhile).

Another note is that the Bad Guy has to be physically pretty close to you (basically they need to be within wireless range of both your car and its access point), so it's not like somebody sitting on the other side of the planet would even be able to try this.

So for me, the vendor of my wireless access points (Ubiquiti) issued a patch for their firmware, which I applied a couple hours ago. I believe that's enough to protect my client devices (including my car) while at home. I don't believe my car would join any other wireless networks (except maybe for at the service center).

Hope this helps, corrections appreciated from anyone who knows this stuff better than I do, and I'm sure there are some folks here in that category...

Bruce.

 

[SomeJoe7777]

bmah is correct that for the Tesla specifically, this vulnerability is of lower concern since the Tesla encrypts all traffic via their VPN connection anyway.

However, patching the access point does NOT correct the vulnerability. Ubiquiti's (and other manufacturer's) firmware patches fix the vulnerability only if the access point is operating in STA (station) mode, acting as a WiFi client. It does nothing for them when in regular access point mode.

Ultimately, this is a client-level vulnerability that needs to be patched on any device that is a WiFi client, including computers, laptops, phones, tablets, thermostats, remotes, etc. Linux and Android are especially vulnerable, and any device using the older WPA/TKIP encryption is vulnerable not only to reading encrypted traffic, but having malware injected as well.

Microsoft included a patch for Windows PCs in the 10/10/2017 patch bundle. Apple will release a patch within the next few weeks. I haven't heard of when other manufacturers will patch.

More about the vulnerability here:

KRACK Attacks: Breaking WPA2

 

[Skipdd]

@bmah, @SomeJoe7777 - thank you very much.

I asked the security engineers i work with as well. Didn't get as clear an answer as they don't have the same level of understanding of Tesla's communications architecture. Side note - i got a lecture about using WiFi period. In so far as Tesla is concerned, I dont think I have a choice. I really dont know how to get access to the ethernet jack that I vaguely recall reading about and i also don't have another router set up with the Telco one, or a layer 2 switch, though I suppose I could buy one.

 

[SomeJoe7777]

Most patches that are currently available for various vendor gear are listed here:

Here's every patch for KRACK Wi-Fi vulnerability available right now | ZDNet

 

[boaterva]

Um, from what I read, the Windows client patch is in the October patches, which came out this week already. In any case, from a Tesla POV, the VPN fixes it, and a recommendation us IT people have made in the past is whenever you are on any sort of public unknown wifi is: use one (VPN) yourself. That now may extend to anyplace where you don't know who is around you and you are not dealing with an encrypted website (SSL traffic is still encrypted, as on TMC).

 

[boaterva]

@bmah, @SomeJoe7777 - thank you very much.

I asked the security engineers i work with as well. Didn't get as clear an answer as they don't have the same level of understanding of Tesla's communications architecture. Side note - i got a lecture about using WiFi period. In so far as Tesla is concerned, I dont think I have a choice. I really dont know how to get access to the ethernet jack that I vaguely recall reading about and i also don't have another router set up with the Telco one, or a layer 2 switch, though I suppose I could buy one.

Using any wifi period? What do *they* do, walk around trailing a cable? Serious question!

What they should have said was, use a VPN! You don't care who sniffs your traffic if it's encrypted inside.

 

[bmah]

However, patching the access point does NOT correct the vulnerability. Ubiquiti's (and other manufacturer's) firmware patches fix the vulnerability only if the access point is operating in STA (station) mode, acting as a WiFi client. It does nothing for them when in regular access point mode.

Ultimately, this is a client-level vulnerability that needs to be patched on any device that is a WiFi client, including computers, laptops, phones, tablets, thermostats, remotes, etc.

Thanks for the correction, much appreciated.

Bruce.

 

[Skipdd]

Using any wifi period? What do *they* do, walk around trailing a cable? Serious question!

What they should have said was, use a VPN! You don't care who sniffs your traffic if it's encrypted inside.

They were saying in their house. And I asked your exact question. I was thinking more like using a dedicated network in my house with cat 6 drops to every device. Wiring is a pain though.

 

[boaterva]

They were saying in their house. And I asked your exact question. I was thinking more like using a dedicated network in my house with cat 6 drops to every device. Wiring is a pain though.

Gotcha! And at home you are probably safe, unless it’s a condo with 20 WiFi AP’s around. If I lived in close proximity to a lot of unknown people like that, I’d probably use a VPN 24/7.

 

[K-MTG]

Still waiting for my Airport extreme to get the update....my unifi AP's got them

 

[GaryREM]

Still waiting for my Airport extreme to get the update....my unifi AP's got them

Let's hope they do get updates. Hoping they aren't abandoned, otherwise I may be moving to Ubiquiti's AmpliFi products.

I'm really concerned about IoT vendors catching up.

 

[K-MTG]

Let's hope they do get updates. Hoping they aren't abandoned, otherwise I may be moving to Ubiquiti's AmpliFi products.

I'm really concerned about IoT vendors catching up.

If our routers are updated do we need to worry about the clients on our network (if they are patched or not)?

 

[boaterva]

From what I read, clients are the only thing that we should care about. So, Windows PCs, iOS, and OS X are more important than the AP (Airport Express/Extreme).

Be nice to patch both sides but the bug is really in the client. Unless you have a source?

 

[wycolo]

So pay for VPN rather than pay for Experian etc to 'protect you from the dark web'.

Hello Social Security, I need to change my SS# . . .
--

 

[Whisky]

Still waiting for my Airport extreme to get the update....my unifi AP's got them

Only the client needs updating. Your router doesn’t need updating for the vulnerability to be patched, but any client not updated will be vulnerable

 

[GaryREM]

Only the client needs updating. Your router doesn’t need updating for the vulnerability to be patched, but any client not updated will be vulnerable

Any device which acts as a client needs patching.

I believe access points which act as repeaters/extenders are clients and therefore would need patching.

 

[chillaban]

The vulnerability here affects being able to get on a WPA2 network by cloning an existing client by abusing the handshake mechanics. It doesn't even reveal your wifi password, etc.

The worst that it allows is for someone to get on your wifi and freeload or snoop around, and that's more of a concern from the standpoint of your wifi network's privacy, NOT your Tesla. It doesn't allow them to breach your Tesla's wifi, or snoop onboard its network. It simply makes it possible that someone could be on your home wifi network pretending to be your Tesla (or any of 20 other devices on your network)


(BTW, Tesla does not support 802.11r FT as far as I can tell, it never connects with that capability. So the most readily exploitable flaw does not apply to Tesla anyway)

 

[SomeJoe7777]

The worst that it allows is for someone to get on your wifi and freeload or snoop around

No, it's quite a bit worse than that.

For any unpatched client connecting with WPA2/AES, it allows a cryptographic attack that allows the attacker to decrypt some amount of previous data that went over the WiFi to/from the attacked client, provided the data was not encrypted further by the client's application programs, e.g. an SSL web site or VPN.

For any unpatched Linux/Android client connecting with WPA2/AES, it allows the same cryptographic attack but further allows decryption of new traffic after the attack has happened, provided that data is also not encrypted further by a client application program, e.g. SSL or VPN.

For any unpatched client connecting with WPA/TKIP, it allows the cryptographic attack to inject packets to the client and potentially exploit further security vulnerabilities.

All of the attacks do NOT require compromise of the client machine or OS, do NOT require any installation of malware or other code, and leave NO traces on the client that the attack occurred.

 

[K-MTG]

I hope Blackvue will update the dashcam firmware since a decent amount of us have dashcams that are connected to the cloud