Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Security in the Connected Car era... Jeep remotely victimized

This site may earn commission on affiliate links.
FlasherZ

FlasherZ

Sig Model S + Sig Model X + Model 3 Resv
Jun 21, 2012
7,030
1,032
#1
Attackers remotely control Jeep via exploits in the connected car control unit:

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

No mention of Tesla, but I'm willing to bet it will come soon in the rebloggings of the article.

For the owners:

Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic.
Click to expand...

Guess that's something we don't have to worry about too much.
 
#3
Well it won't be the same way they took control of the Jeep - the Jeep architecture allowed drive train access through the infotainment system. Perhaps they'll use social engineering to get someone's credentials to one of the third party apps that connects with Tesla.
 
#4
Well, it was bound to happen one day.

The good thing is that Charlie Miller and Chris Valasek weren't "bad guys". I do hope that carmakers will wake up and strengthen their security.

It's also a good thing that it is difficult to attack a particular car.

Do we know what has Tesla done in this regard ?
 
#5
The speakers say they have both local and remote exploits of the car itself. Social engineering, phishing, etc are not likely to be what they are talking about. They also have a disclaimer that these exploits can brick the car.

- - - Updated - - -

spottyq said:
Well, it was bound to happen one day.

The good thing is that Charlie Miller and Chris Valasek weren't "bad guys". I do hope that carmakers will wake up and strengthen their security.

It's also a good thing that it is difficult to attack a particular car.

Do we know what has Tesla done in this regard ?
Click to expand...

From what public information I've seen Tesla has only fixed one of the vulnerabilities. I figured it might be the reason 7.0 is delayed. If they are big enough problems priorities would shift.
 
#6
bonnie said:
Well it won't be the same way they took control of the Jeep - the Jeep architecture allowed drive train access through the infotainment system. (snip)
Click to expand...

Do we know how is the MS architecture ? I've seen the thread about the guys who used the ethernet port in the car, but they sadly didn't went very far before Tesla shut them down.

However, we do know that there is at least indirect access to, well, everything (air suspension, motor controller, you name it) through the 3G connection since Tesla is able to do things such as the change the power mapping of the go-pedal, implement things like torque sleep and much more with wireless updates. (Though it may require user approval, so not a very discreet hack.)
 
#7
The article discusses that they had to do a bit of firmware hacking to make all of their exploits work, which means that (some of) the Jeep's modules suffer from one of the largest issues today -- unauthenticated/unsigned firmware updates. They're removing it from the published exploit but leaving some of the other stuff in.

My guess is that Tesla may suffer from some of the same, as it sources modules from outside. Hopefully they thought about this up front. I'm guessing that most of the exploits found are going to be in this category -- they figured out how to push their own firmware to individual modules.

This is interesting, because I do believe it to be quite possible to connect to the drivetrain through the telematics system. You could install your own firmware in an unprotected module that accepts CAN commands in the form of firmware update messages, then have your firmware reflect them back onto the CANbus toward other modules that you wanted to control. It's not hard to figure how you might do that.
 
#9
I wonder how long it will be before messages on the CAN bus are encrypted. With all the devices on the bus, I imagine this would be quite an undertaking to get certificates and such distributed to the different components during manufacturing - not to mention the complexities when a device has to be replaced.

Like FlasherZ said, unsigned firmware is also a huge problem. Without that, nothing else really matters because you can always replace the firmware with your own. I'm hoping Tesla is using signed firmware.
 
#12
While a hack is still a hack, and this is a pretty big hack, I am at least somewhat relieved that it sounds like reprogramming of code was needed. This doesn't change the seriousness at all, but it would be even more alarming if they were able to take control of the car without such reprogramming.
 
#13
#14
Footbag said:
While a hack is still a hack, and this is a pretty big hack, I am at least somewhat relieved that it sounds like reprogramming of code was needed. This doesn't change the seriousness at all, but it would be even more alarming if they were able to take control of the car without such reprogramming.
Click to expand...

Why are you relieved?

Yes, this means it is more complex, but the hackers have really been given some valuable info that 1) it can be done, 2) it's related to the infotainment components, 3) the specific vehicles it applies to.

Once the hack is known, it applies to all similar Chrysler vehicles. Although users can apparently update their firmware, how many will?
 
#15
Security in the Connected Car era... Jeep remotely victimized

I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?
 
#16
DeenaB said:
I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?
Click to expand...

You're in the timeline thread, not cyber security - not sure why we'd need a 'cool new feature' - sounds like you're assuming the Model S has a problem?

Here's a good starting place for you :) Security in the Connected Car era... Jeep remotely victimized
 
#17
Bonnie-
Thank you for the link to the car security thread. I am not assuming anything, but rather am hoping that this or some other random issue will not cause yet another delay to the delivery of the Model X. I slapped down my considerable deposit in May of 2013 and have been repeatedly disappointed by the perpetual delay. I am not a tech savvy individual and only joined this thread because it was the only quasi credible source of information about when my deposit would actually result in the ownership of a Model X. I am not one of the fortunate few who can laugh off the delay because they will just drive their Tesla Roadster another year. I drive a 2007 Hybrid and every delay makes me consider canceling my Tesla order to investigate the new electric vehicles being put out or developed by BMW and Mercedes, etc. I have faith that the Model X will be fantastic and will win the same accolades as its' Model S predecessor, but I must confess that my faith is wearing a bit thin. I check my email inbox every day hoping that they will at least throw me a bone and allow access to the design program where I can choose rims and interior/ exterior finishes. It would certainly distract me from the frustrating information void that currently exists. I have heard they allow access to the design program approximately two months before delivery; do you believe this to be accurate?
 
#19
DeenaB said:
I just read a frightening news piece in the August 7, 2015 issue of The Week (new magazine). The article (on page 18) describes how cars can be hacked as you drive them via the cars internet connected entertainment systems. In this instance the hackers were able to control some basic systems and even cut the transmission. I would hope that one of the "cool new features" in the new Model X will be top grade cyber-security. Can anyone speculate on that likelihood?
Click to expand...

I work with one of the guys that was part of discovering a vulnerability in the media player of an undisclosed car maker back in 2011. Interesting talk (I forwarded to the media player part)
Comprehensive Experimental Analyses of Automotive Attack Surfaces - YouTube

Basically they created a malicious WMA, put it on a CD, and when it was played it allowed them to completely compromise the car. So if such a vulnerability existed in cars with internet radio a compromise of the provider could lead to compromising everyone listening.
 
#20
http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

TL;DR: After using the in-car ethernet adapter, they were able to put together a bunch of exploits with a lot of work to take over the touchscreen. So they're able to do anything the touchscreen allows them to do... emergency brake / power off / suspension / etc. It's not an "OMG ZERO DAY REMOTE HAQR EXPL01T!!!!11!!ELEVENTYONE!!!1!OMGWTFBBQ" event. They identified a potential vector for remote vulernability through a WebKit bug, if they tricked the user into going to a malicious web page, which would then presumably string these attacks together to plant remote access.

The attack surface is pretty limited, though - you have to get someone to go to an attack site on the Model S browser (we all know how much of a great experience *that* one is), then they could use that to gain some privilege escalation and eventually work with the CAN bus.

As you gained some kind of foothold, you were able to gradually leverage that with additional vulnerabilities to increase your access,” Rogers says. “We took a bunch of relatively innocuous vulnerabilities you wouldn’t think very much about and by chaining them together and by using each one of them to leverage our ability to gain a bit more access, we were able to go deeper and deeper and deeper into the car until eventually we gained full control of the entertainment system…. Stringing all of these together was enough for us to gain user-level access and then ultimately superuser level access to the infotainment systems.
Click to expand...

In addition, firmware updates aren't signed, but must come from Tesla - so at least there's not any obvious way for someone to push malicious firmware without compromising Tesla's infrastructure:

The firmware updates are downloaded as compressed files over an open VPN connection, and because the VPN connection is mutually authenticated between the car and the server, no one could upload rogue firmware to the car from an unauthorized location. But because the firmware updates are not signed, if an attacker were on the Tesla network and had access to the VPN structure, they could conceivably send rogue updates to Tesla cars. “f you gain access to the one server that is downloading the firmware you could substitute the firmware with your own,” Rogers says. Without pen-testing Tesla’s corporate infrastructure, however, this is just a theory.
Click to expand...


Guessing we'll see signed firmware in the next year or so.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Tesla remotely pwned, arbitrary CAN injection
Replies
1
Views
915
Tesla, Inc.
pbceng
P
Wiki
  • Sticky
Wiki Consolidated eMMC Thread (MCU repair) (Black Center Screen)
Replies
2K
Views
302K
Model S
whitex
whitex
Fact Checking
Reporting on Tesla by Russ Mitchell (LA Times)
Replies
98
Views
26K
TSLA Investor Discussions
bhzmark
bhzmark
J
A Comprehensive Review of Leading Tesla FUD Touchpoints
Replies
9
Views
45K
Blog Archive
TSLA Pilot
T
Top
Back
Blog
New
Forum list
Marketplace
Menu