Page 1 of 9 12345 ... LastLast
Results 1 to 10 of 85

Thread: Hacking the Model S for evil...

  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    54

    Hacking the Model S for evil...

    As a Computer Scientist that has worked in Computer Security for all his life, I'm more than a little bit worried about the potential for someone hacking into my car with evil intent. At best it could lead to someone gaining access to my information, at worst it could end up with my car smashing into a column.
    This has been discussed with other cars, through arcane but still theoretically feasible avenues such as hacking into the Bluetooth network, then finding software holes in the audio system or console, to then escalate to take control of the Car Area Network most modern cars have. It has been even theoretically demonstrated in some regular cars, with the limitations (mostly range) these channels impose.
    The Model S opens this risk to a whole new level. A 3G connected car could, in theory, allow me to hack into it from anywhere in the world. I presume Tesla's software is of a quality comparable to that of the rest of the car, but that doesn't mean there are zero bugs there. The risks, thus, are big. Just as a virus can infect millions of PCs in a single day, an equivalent problem with the Tesla could lead to thousands of accidents, so I presume Tesla is putting special focus in this area.

    So my questions to anyone in the know are:
    * Did Tesla follow a process such as the Security Development Lifecycle when developing their software? If not, it doesn't matter how much attention to quality they put, big software security issues are bound to be there (especially in a green field like car software architecture). Given that this car has a single user-accessible computer that can control things such as steering, acceleration, braking, access and other such behaviors, I'm especially worried about someone building tools to take control of car settings remotely, then escalating into taking control of the UI computer, and exploiting holes in the CAN or controller software to take control of vital car systems such as the drive-by-wire systems.

    * Is there any reference to the security model of the car? Even though I don't buy the "security through obscurity" method (no serious security researcher does) I could understand if Tesla considers that it wouldn't be good to release too much detail at this point since it could lead hackers in the right direction if they are some obvious flaws in the logic, but I would like to see at least that Tesla has defined a software architecture that provide some assurances and that doesn't assume there are no buffer overruns, unchecked inputs, EoPs or other such problems.
    * Any formal process to confidentially communicate vulnerabilities detected? Is there a commitment from Tesla for responsible disclosure of bugs and adequate, timely responses?
    * How is the software update process secured? I presume it is protected by digital signatures in the updates, but is there a chance an unsigned binary is deployed to the cars over the air? What sort of certificates are utilized? What's the assurance process for the root keys of such certificates?
    * Finally, any third-party evaluation of the software in the car? Given the number of software engineers that purchased Teslas (based on the number I know are in the hands of Google, Microsoft and Apple employees) getting some third party involvement shouldn't be hard.

    I hope I don't get responses such as "the car doesn't run Windows, so it doesn't need any of this", "there are no bugs", or "the remote control doesn't have options to drive the car, so this is impossible". All systems are hackable, and most are being hacked every single day. The only thing that can give me some assurance (and that can ensure Tesla won't go under in a single week after a big incident involving many cars) would be a good security process on Tesla's side. Unlike most cars, the Tesla has the advantage of being able to be updated over the air which means that as soon as a vulnerability is identified and a patch is built it can be quickly deployed to cars, but the existence of a fast, streamlined process for doing that is critical. Even more, the ability to do a remote kill of all wireless functionality if a serious vulnerability starts being exploited before there is a fix could at least help avoid a major catastrophe.

    Where does one start to find out about Tesla's security processes and assurances?
    Thanks!
    Last edited by Herbys; 2013-02-16 at 01:39 PM.

  2. #2
    Senior Member steve841's Avatar
    Join Date
    Jan 2010
    Location
    Ft. Lauderdale, FL
    Posts
    1,133
    I think the Chinese hacked mine and killed my 12 volt battery a few months ago.
    Hello, I'm Sig 957!
    VIN 748

  3. #3
    Model S Sig Perf, VIN 586
    Join Date
    Apr 2012
    Location
    Rocklin, CA
    Posts
    1,171
    "security through obscurity" method still places some roadblocks for those investigating. Therefore the items you are asking about aren't well known, if at all, outside the company.

    Report vulnerabilities via email, track however you wish there. They aren't opening up their bug tracking system.

    Track the 3G communications with Tesla for most other things. Once wireless is enabled, I expect it'll be SSL-type communications.

    The API for the phone app was figured out through taps and somebody created a successfully Windows phone app based on the API discovered.

    Otherwise you should be asking Tesla. And if they give you any information, I'd say SHAME ON THEM. The info you ask for is just homework for a black hat attack.

  4. #4
    #421 Model S #S32 Eberhard's Avatar
    Join Date
    Oct 2010
    Location
    Germany
    Posts
    1,128
    i would like to hack in my own Model S too. to get all those information, hidden behind the roadsters service/diagnostic screen.
    Roadster EU#421 156.000km MS Sig P85+ 68.000km

  5. #5
    Senior Member
    Join Date
    Jun 2012
    Location
    Redmond, WA
    Posts
    1,181
    The security of the Model S is equivalent to any other Linux PC running a Webkit browser. Don't browse to random websites. That's the most probable avenue of attack. If there are remote vulnerabilities in the bluetooth or wifi stacks in Linux, they'll be there in the Model S. Fortunately, that's exceptionally rare.

    The Model S will have some defense to random drive-by website hijacking as it is a Linux PC running on a Tegra 3 ARM architecture - an unusual combination. No one will have ready made exploits written for that combination. They'll either be x86/Linux or ARM/Android (yes I know Android is based on Linux, but it's enough different to require different ready made exploits).

    Targeted attacks by a motivated attacker are indeed quite possible, within the limits of the attack surface mentioned above, but not likely outside of the security research community. The money these days is all in malware for botnets and spam, or 0days for vulnerability brokers who resell to shady governments (here's looking at you, Vupen), and the Model S isn't particularly interesting for either. Someone might get a nice talk at Blackhat out of a demonstration, but no one is going to 0wn your car from it.

    Presumably the embedded controllers that actually matter and can affect driving take signed firmware updates. Hopefully the signature checks happen in the embedded controllers themselves, and not in the infotainment 3G/WiFi/Bluetooth/Web connected center console PC. If so, all the other stuff in the previous paragraphs and your question is moot. This is all that matters.
    Model S VIN 03278 1/17/13. P85, Black, Black leather, 21" greys, carbon trim, sound, tech, pano, jump seats.
    Model X Sig #1242 and regular #3801

  6. #6
    Senior Member strider's Avatar
    Join Date
    Oct 2010
    Location
    Bay Area, CA
    Posts
    2,466
    And this isn't new w/ Model S. I was talking to a coworker w/ a Mercedes and they have an app that looks almost identical to the Tesla one. So there are plenty of cars these days w/ cellular internet connections. Don't have an answer for you other than to say what Tesla is doing is new but not bleeding edge new.
    Twilight Blue Roadster 2.5 - #1098 / Grey Model S Performance - #1459

  7. #7
    Member
    Join Date
    Aug 2010
    Location
    Woodinville, WA
    Posts
    300
    there are lots of ways to hack cars lower tech than the model S, there was some hack demo'd where the tire pressure sensors were used as an attack vector (in a vehicle where those sensors had a wireless comm protocol, some buffer overrun or something was exploited to get into the core car computer). Hard to be secure, and hard to gauge what cars are most interesting (or all cars?).
    60kWh, Brown ext, Textile/Piano Black Int, Pano, Tech, Active Air, Supercharger

  8. #8
    P631 hans's Avatar
    Join Date
    Sep 2012
    Location
    Menlo Park
    Posts
    846
    The fact that you can reboot the display while driving the car means there is a certain level of isolation of components which makes me less worried about malicious hacking of the car that would effect the driving. More likely that hackers could get into the embedded Linux and install bot-net agents or keyboard capture apps just like on any other computer.

    Based on what we know now, the most important thing you can do is to pick a strong and unique password for your teslamotors.com login since that is what is used to authenticate the phone apps that can unlock your car and track it's position.

  9. #9
    The weakest point of the system is your email address. If you use gmail with 2 factor authentication, it may not be - but most email systems are not as strong as gmail. If someone gets into your email they can reset your MyTesla password and then they have access to your car through the app.
    I could enumerate what I think are the other likely weak points, but instead I will just say I bet all of the infrastructure outside of the car is probably more vulnerable than the stuff in the car.

  10. #10
    Junior Member
    Join Date
    Jul 2012
    Posts
    54
    Jason: maybe you misunderstood what I asked for, otherwise you obviously don't work in computer security. Offering the source code, or even the full API may or may not be good for security (the jury is still out on that). But publishing the security standards, the processes and the general architecture for a commercial product, whether it's a phone or a car, can't hurt security. In most cases obscurity HAMPERS security. If Tesla Motors thinks not publishing the platforms security model will halt hackers, I'm selling my beloved Model S, as I do not have a death wish.
    I understand the value of temporary obscurity while someone sorts their act, but obscurity at this level adds no value in the long term.
    A well-documented and well-reviewed security model helps security, that's a well-accepted fact in CS. I'm not asking for the source code, or for information about bugs, not even API documentation. I'm asking about their PROCESS: is the code peer reviewed? Do they have protections against typical vectors? Does the platform perform Address Space randomization, marks buffers as "no execute" or has a generalized bounds check in all its API inputs? Does the company have a formal and public process to report bugs responsibly?
    Such information doesn't help hackers. If they want to know if the car does ASLR they can find out in seconds. I don't want to hack into my own car to find out, but I could if I wanted. And the cost of a car is of no consequence if what you want is to bring down a whole industry, or even if you just want to kill one rich guy.
    Let's say someone discovers a vulnerability and they don't have a formal process to communicate it. What does a researcher do? They publish it, of course. That's what most white hats do after not finding a formal process to report vulnerabilities. Do you think that would be good for Tesla?

    - - - Updated - - -

    EarlyAdopter: thanks for the info, but it worries me. So if Detroit wants to get rid of Tesla Motors all they have to do is to pay a bunch of Chinese hackers to find a few exploits and crash a few cars. That would be the end of the company. That's a billion dollar exploit, much more valuable than any one in Windows.
    To be sure my point is clear: if my Linux PC crashes or gets pwned, I lose some time, perhaps some money. If my Model S gets hacked with specific intent, and the car doesn't have isolation controls in place, I die.
    I don't care that much if someone steals my car. If a "hacker" can get to do the same things I can do, that's bad, but it is not the end of my life. But if they get to do the things I do not expect to be able to do remotely (drive the car, for example) then I will be very, very worried.

    What sort of controls would put me at ease? Well, technically, I would like there's no direct control from the central computer (the one handling external communications and user interface) to the driveline controller, and that both are connected in a way that blocks the user-facing computer from controlling the car (e.g. the "API" that connects the user interface computer with the driveline controller is very tightly controlled and internally authenticated, it allows very specific actions such as the alteration of certain drivetrain parameters within controlled limits, and offers no way for this computer to issue commands such as "turn left" or "speed up"). I would also like to know Tesla has followed the SDL or something similar (just hiring good coders is not enough, not by a mile). I would like to know they adopted a well-reviewed security architecture rather than creating their own, or if they created their own that they had lots of peer reviewing. The fact that they started with Linux is a decent start (not that I'm a big fan of Linux, but Linux has gone through decades of evolution which has made it reasonably robust as a baseline). But a security model goes well beyond that. I would like to know that no single security bug (because there will be many, that's a fact) can bring the car down.
    I would also like to know that they have a good relationship with the White Hat community. That they encourage well-intended research on their car's security model, and that they encourage responsible disclosure. Because there's so much money at stake that I have no doubt the bad guys will be doing their research. We can only hope that Tesla has done what's necessary to make their work very hard, and that they have good guys working on getting ahead of the race.
    Last edited by Herbys; 2013-02-17 at 12:56 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Bad UMC: Model S not charging
    By pguerra in forum Model S: Battery & Charging
    Replies: 41
    Last Post: 2014-01-20, 06:18 PM
  2. charging only at supercharging stations bad for battery life?
    By Matthew049 in forum Model S: Battery & Charging
    Replies: 24
    Last Post: 2012-10-31, 11:34 PM
  3. Bad wrecks: #1007 & #1412
    By TEG in forum Tesla Parts for Sale
    Replies: 18
    Last Post: 2012-10-27, 06:59 PM
  4. Bad Gas Headlines
    By NigelM in forum Off Topic
    Replies: 0
    Last Post: 2012-03-22, 02:20 PM
  5. Replies: 8
    Last Post: 2009-05-11, 01:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •