Wait, brianman, did you actually guess the code and get in?
Wait, brianman, did you actually guess the code and get in?
Too complex. RSA would require the car to be online for the ranger to get in. The reasons are twofold: 1) it requires the public keys of all the ranger tokens who could possibly access the cars, which would have to be kept up to date with rangers joining and leaving the company (leaving in particular), and 2) the key fobs suffer from clock drift, so the system relies on the fob being regularly used and the current drift value of the fob from real time regularly updated.
Point 2 is the big issue. RSA fobs work by the system generating not just the correct code for the current time / 30 seconds, to check against what the user enters, but also codes for N time periods before and after. It is configurable, but usually 4 or 5 time periods each way. If it finds a code that matches, it records the current offset for that user, and uses it in future - so it can deal with drift over time (so long as the user regularly logs on - at least more often than it takes his fob's clock to drift N*30 seconds).
The RSA system works fantastically for banks because it is a single large centralized system. One ranger would be looking after hundreds of individual cars, and that is a very distributed offline system.
What does work is a time-limited password based on the unique car. The ranger would visit an online internal website (access to which could be protected by RSA fob, or whatever), and be given a time-limited password valid to access a specific car. The access token would be made up of a hash of the vehicle unique ID (not necessarily vin), the date, and a secret. RSA asymmetric cryptography can be used to avoid the secret being shared. The centralized system better be damn reliable, or rangers might be unable to do their work.
It is not rocket science, and the various algorithms are public knowledge,
That said, I reckon the screens that hold proprietary information and/or allow changes to the vehicle systems, should be securely locked down. The other advanced technical information should be available to the user.
That said, it is probably a waste of time. With physical access to the car, and sufficient determination, whatever Tesla do could be worked around. They can make life difficult for the hacker (tinkerer?), but they cannot stop them. Witness iPhone jail breaking.
These musings are the copyrighted intellectual property of the author, and are intended as part of a conversation among the Tesla Motors Clubs membership.
My words may not be quoted by any third party outside the Tesla Motors Clubs forums, without my express consent.
Agree with everything you said except that it would be a waste of time. Nothing is ever completely "safe", but we still have security. Increasing the difficulty of the hack is helpful and limits the exposure. While it may well be possible to jail-break the Tesla, my guess is that owners are far more reluctant to do that with an $80,000 vehicle than they are a phone. But if all they have to do is enter a static password that works all the time on every car made then that's a much simpler thing and less likely to result in a loss of warranty.
P3,339: 60 kWh, blue/gray/lacewood, 19 inch wheels, tech package, sound package, air suspension
Delivered: February 8, 2013
And anyway, the RSA fobs were hacked a few months ago so they aren't very secure to start with.
1. Do not copy anything that I post outside of the TMC forum without permission.
2. Any advice or opinions posted here are to be taken as my personal opinions only. There is no implied warranty, fitness for purpose, or official statements from any company I may have been or am affiliated with.
3. Even the best recommendations are wrong when used inappropriately.
Also agree that it's not a waste of time. Sure there is someone out there who is determined enough, and skilled enough, to hack into a properly-secured system such as you or I described. But that'll be 1% or less of the potential cases. It limits Tesla's legal risk of being named in a liability suit when someone screws up their internal settings, it reduces the risk and spread of industrial espionage, and if the system is good enough it'll be darned hard to crack.
If all Rangers log into their internal systems using the RSA token as I described, then each Ranger will be using his/her token at least a few times per week and that's more than enough to manage drift. However, I do agree that the car needs to be online for that to happen. There'd have to be a contingency method for the (probably pretty rare) cases when they need to work on a car that does not have connectivity.
Your method works well too, by the way. As you noted, the algorithms are available, and none of this is rocket science. For that matter, I would hope that all of the communication between the car's internal computers and the mothership is sent over a simple SSL-encrypted connection (HTTPS would work well, so would SSH, and so on...). We have no way of knowing whether Tesla does that or not, but I submit that they're already using Linux so they have all the tools they need (for free, at that) in order to implement some very good common-sense security measures for the car.
- - - Updated - - -
Posts covering GeorgeB as the most interesting man in the world and speculation about Bonnie being a man in drag went here: The-Most-Interesting-Man-In-The-World
(Really people? How bored were you all? )
I think neroden should have tuned it down a bit, but he has a point.
When I buy the car I want to see that information about my car.
I don't really mind right now since I'm still waiting, but in the future I'd like to get access to this info.
Tesla is a new brand and they are fighting the established brands, so I'm not going to 'bug' them with this now, maybe in a year
Sent from my phone, so my apologies for typos.
But half the fun is trying to figure it out . It's like discovering a hidden compartment or secret decoder ring!
@neroden: buying a product doesn't give you a right too any and all proprietary information behind that product; it also doesn't give you a right to publish any of that proprietary information should you manage to access it.
I would also remind you that everyone expects a certain level of civility here on TMC; GeorgeB is a fellow member and IMO your aggressive tone is not appropriate. Further to that everyone realizes that in his position GB is totally unable to respond in any sort of manner the way another member would have. That makes your aggressive behavior a cheap shot.
PLEASE NOTE: Posts are the copyrighted intellectual property of the author, and are intended as part of a conversation within this forum. My words may NOT be quoted outside this forum, without my expressed consent.
Moderator: Model S, Model X, EVents, California, Pacific/Northwest, and Media -- Follow me on twitter and and follow TMC, too!
There are currently 1 users browsing this thread. (0 members and 1 guests)