You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
That signal goes back outside and unlocks the car. One more back and forth when the person presses the brake pedal and they can drive as far as they want as long as they don't turn the car off.
True, but those perpetrating an advanced persistent threat are typically doing it for monetary reasons. There isn't a black market for Tesla parts currently, and likely won't be for many years. And even if there eventually is one, it will be easier to use a tow truck.On the other end of the spectrum, against an advanced persistent threat, nothing is safe and everything is compromised.
Well, Tesla did hire Kristin Paget who I'm sure is working on this kind of stuff. Most of the "hacks" I've seen require gaining physical access to the car's diag port or something first. Obviously they didn't share any details in the article but I'm curious what system would allow that level of access to the car's systems purely over the air.
However, there are 2 vectors that Tesla (and all automakers) will have a hard time surmounting.
1) Access to the app is secured only by your MyTesla username and password which can be insecure. There are things they can do here like 2-factor auth, require additional info if it's a new device accessing your car for the first time, etc.
2) RFID repeaters. It is fairly trivial to build an RFID repeater and use that to trick your car into thinking the fob is nearby. The frequencies are published since they require FCC licenses. You need 2 people for this. One person stands near the car and the other stands near you in the grocery store or wherever you are. With most cars if you try to open the door it will cause the car to send a signal looking for the key fob. The repeater forwards that signal into the store where your fob, upon receiving the signal, responds. That signal goes back outside and unlocks the car. One more back and forth when the person presses the brake pedal and they can drive as far as they want as long as they don't turn the car off.
Welcome to the Internet of Things! IoT is the Frankenbeast of Information Security - HP Enterprise Business Community
Kid put a bluetooth enabled OBD plug in the port and hacked away from his iphone. Good googling skills got into the CANbus. Toggled settings.... oooo!
Can that happen on model S? No. The OBD port has power and zero data connections.
However, kid would find the ethernet port and buy an even cheaper thing, a cable, and have at 'er from his laptop.
I agree which is why I mentioned it. They could easily make it optional, just like the lock screen on a cell phone. Though I wish they licensed Blackberry's unlock mechanism. By far the best out there. People can watch me unlock my phone over and over and still can't do it themselves.Tesla could (should?) put a second factor right in the car, not just protect MyTesla with it.
Enter code to drive. (Something you know.)
+1. So this was not an OTA hack? Then I call a big 'ole pile of BS and scaremongering. Hell if they're already in your car they're not going to plug something into a port and then leave. They're just going to take the car right then. -<shrug>- Where's my tempest in a teacup graphic?It's always easier to hack if you have physical access to the device. The automatic locking of the Model S, assuming you have enabled it, goes a long way to prevent this.
Garage doors use rolling codes to prevent this kind of hack. Do key FOBs have rolling codes?
The hack discussed in the original article is done via the ODBC port and Tesla is most likely just as vulnerable as other vendors to that vector, since they use standard parts. .
Though I wish they licensed Blackberry's unlock mechanism. By far the best out there. People can watch me unlock my phone over and over and still can't do it themselves
Nothing is safe from hackers. As soon as you build a better mouse trap, someone will build a better mouse. It never ends.
This is not something I would ever worry about.
Well, the right way to think about this is that one is always trying to balance security and usability. As they say the only secure computer is one that is unplugged and buried in concrete. Anything else is a compromise to security as you gain usability. A Nest thermostat (and other IoT devices) is incredibly usable as you can access it from your smartphone, it leverages processing power in the cloud to improve it's function, etc. but from a security standpoint these things are horrible as they introduce many more vectors for attack. Same goes for the fancy auto-pop-out handles on our cars. It's cool and usable but it causes the car to constantly be pinging for the fob which is an opening for someone to gain access. IIRC in non-tech cars you have to push the key fob button to unlock and so the repeater attack won't work as they would have to trick you into pushing your key fob.Nothing is safe from hackers. As soon as you build a better mouse trap, someone will build a better mouse. It never ends. This is not something I would ever worry about.
It's called Picture Password
BlackBerry 10 Picture Password Walkthrough - YouTube