Please Enter Access Code

[rolosrevenge]

Wait, brianman, did you actually guess the code and get in?

[markwj]

Therefore you really have no choice but to employ the best security you can to well-and-truly LOCK people out of those screens. I suggest that, at a minimum, you need to combine a Ranger's individual password with a time-synchronized token such as those by RSA. Moving to two-factor security where one item (password) is something the Ranger KNOWS, but the other item (60-second numeric code on token) is something the Ranger HAS, is a very large step up. And it won't be very hard to program into the car's OS. There are other, even more secure, solutions, but this one works and has a very reasonable cost.

Nerding out...

Too complex. RSA would require the car to be online for the ranger to get in. The reasons are twofold: 1) it requires the public keys of all the ranger tokens who could possibly access the cars, which would have to be kept up to date with rangers joining and leaving the company (leaving in particular), and 2) the key fobs suffer from clock drift, so the system relies on the fob being regularly used and the current drift value of the fob from real time regularly updated.

Point 2 is the big issue. RSA fobs work by the system generating not just the correct code for the current time / 30 seconds, to check against what the user enters, but also codes for N time periods before and after. It is configurable, but usually 4 or 5 time periods each way. If it finds a code that matches, it records the current offset for that user, and uses it in future - so it can deal with drift over time (so long as the user regularly logs on - at least more often than it takes his fob's clock to drift N*30 seconds).

The RSA system works fantastically for banks because it is a single large centralized system. One ranger would be looking after hundreds of individual cars, and that is a very distributed offline system.

What does work is a time-limited password based on the unique car. The ranger would visit an online internal website (access to which could be protected by RSA fob, or whatever), and be given a time-limited password valid to access a specific car. The access token would be made up of a hash of the vehicle unique ID (not necessarily vin), the date, and a secret. RSA asymmetric cryptography can be used to avoid the secret being shared. The centralized system better be damn reliable, or rangers might be unable to do their work.

It is not rocket science, and the various algorithms are public knowledge,

That said, I reckon the screens that hold proprietary information and/or allow changes to the vehicle systems, should be securely locked down. The other advanced technical information should be available to the user.

That said, it is probably a waste of time. With physical access to the car, and sufficient determination, whatever Tesla do could be worked around. They can make life difficult for the hacker (tinkerer?), but they cannot stop them. Witness iPhone jail breaking.

[SteveH]

Agree with everything you said except that it would be a waste of time. Nothing is ever completely "safe", but we still have security. Increasing the difficulty of the hack is helpful and limits the exposure. While it may well be possible to jail-break the Tesla, my guess is that owners are far more reluctant to do that with an $80,000 vehicle than they are a phone. But if all they have to do is enter a static password that works all the time on every car made then that's a much simpler thing and less likely to result in a loss of warranty.

[jerry33]

And anyway, the RSA fobs were hacked a few months ago so they aren't very secure to start with.

[Rodolfo Paiz]

Also agree that it's not a waste of time. Sure there is someone out there who is determined enough, and skilled enough, to hack into a properly-secured system such as you or I described. But that'll be 1% or less of the potential cases. It limits Tesla's legal risk of being named in a liability suit when someone screws up their internal settings, it reduces the risk and spread of industrial espionage, and if the system is good enough it'll be darned hard to crack.

If all Rangers log into their internal systems using the RSA token as I described, then each Ranger will be using his/her token at least a few times per week and that's more than enough to manage drift. However, I do agree that the car needs to be online for that to happen. There'd have to be a contingency method for the (probably pretty rare) cases when they need to work on a car that does not have connectivity.

Your method works well too, by the way. As you noted, the algorithms are available, and none of this is rocket science. For that matter, I would hope that all of the communication between the car's internal computers and the mothership is sent over a simple SSL-encrypted connection (HTTPS would work well, so would SSH, and so on...). We have no way of knowing whether Tesla does that or not, but I submit that they're already using Linux so they have all the tools they need (for free, at that) in order to implement some very good common-sense security measures for the car.

- - - Updated - - -

And anyway, the RSA fobs were hacked a few months ago so they aren't very secure to start with.

The fobs were hacked, yes. But I've been using them for 10-12 years at least with great results, and I can count the number of times they've been hacked in that time on the fingers of one hand. They're pretty secure. All systems are eventually hacked, because nothing's perfect, but these are pretty good. In this case, I'm just mentioning them as an example of an approach which is far more secure than a simple password. Lots of ways to skin this particular cat.

[NigelM]

Posts covering GeorgeB as the most interesting man in the world and speculation about Bonnie being a man in drag went here: The-Most-Interesting-Man-In-The-World

(Really people? How bored were you all? )

[widodh]

I think neroden should have tuned it down a bit, but he has a point.

When I buy the car I want to see that information about my car.

I don't really mind right now since I'm still waiting, but in the future I'd like to get access to this info.

Tesla is a new brand and they are fighting the established brands, so I'm not going to 'bug' them with this now, maybe in a year


Sent from my phone, so my apologies for typos.

[Trixie]

But half the fun is trying to figure it out . It's like discovering a hidden compartment or secret decoder ring!

[NigelM]

@neroden: buying a product doesn't give you a right too any and all proprietary information behind that product; it also doesn't give you a right to publish any of that proprietary information should you manage to access it.

I would also remind you that everyone expects a certain level of civility here on TMC; GeorgeB is a fellow member and IMO your aggressive tone is not appropriate. Further to that everyone realizes that in his position GB is totally unable to respond in any sort of manner the way another member would have. That makes your aggressive behavior a cheap shot.

[bonnie1194]

@neroden: buying a product doesn't give you a right too any and all proprietary information behind that product; it also doesn't give you a right to publish any of that proprietary information should you manage to access it.

I would also remind you that everyone expects a certain level of civility here on TMC; GeorgeB is a fellow member and IMO your aggressive tone is not appropriate. Further to that everyone realizes that in his position GB is totally unable to respond in any sort of manner the way another member would have. That makes your aggressive behavior a cheap shot.

Exactly. Very well said, Nigel.