http://www.cnbc.com/id/42007117
Thought this requires a thread of it's own.
|
|
|
http://www.cnbc.com/id/42007117
Thought this requires a thread of it's own.
Recently a tv-programme showed how easy it is to steal cars with a Remote controled acces!Originally Posted by Iz
You just buy a little computer via internet!
You get close to the car you want to steal, you select make and model! 5 seconds later you open the door and the engine is started! No keys needed!
All cars are subject to it! From the most expensive to the cheapest!
Cars stolen this way are often used for thieves, banckrobbers, and drugtraffickers! (Was filmed in europe, and cameracrews accompagnied such a thief, at one moment even chased by police!)
A neighbours Mercedes E was stolen this way!
Luckily he has an alarm that stops the fuelpump after 4-5km, so 5 minutes later the police found his car in the middle of a steet! The thieves ran out of juice and had abandonned the car!
Last edited by jcstp; 03-10-2011 at 12:09 PM.
How, exactly, does this work on cars that have no remote door locks or remote ignition?
well the kit probaly come with a screwdriver and a brik
If they have Bluetooth this is at least possible in theory. XM radio or other such wireless channels could also be vulnerable, though those are more challenging since they are one-way.
How does this work?
These channels allow a remote wireless connection into one system in the car. While this system is generally isolated from the rest of the car in most vehicles (not in the Model S though) it is in many cases somehow connected indirectly. For example, the Bluetooth system is connected into the audio system, which has some interaction with the car's user interface, which normally runs on a shared Car Area Network that interacts with more critical systems in the car.
Thus, if a vulnerability in the Bluetooth stack (there are often many, some of them well-known) allows the bad guys to create a connection and send some invalid inputs, there might be bugs in the audio or console system that threat these inputs as code (buffer overruns or similar bugs, these are very common in all sorts of computers, though they have started becoming less and less frequent on Windows at least) and that allow the bad guys to run their own code on the console systems. Once there, a hacker can inject streams of data into the shared Car Area Network. Many cars were designed assuming only the legitimate car software has access to this network, so they don't provide any protection once the bad guys are there. Thus, once the bad guy can run arbitrary code on one of the systems connected to the CAN they can do things such as disabling the brakes, opening the throttle or, in more software-based cars even control the steering and more. And at the very least they could open the car remotely and start the ignition.
Tesla being originated from a guy that really gets software I can imagine some significant precautions have been taken, but I would really love to know how much attention has been paid to software security and how formally has this been addressed (there are well-defined and publicly available software security processes that should be followed by anyone developing commercial or critical software).
I would expect that no attention whatsoever has been paid to software security in the model S. We have heard of no evidence that Tesla has made any serious attempts to provide any security, and I know that most software development companies don't try very hard, especially when they're rushed.
It's a risk I'm willing to live with. But don't have any illusions about Tesla. If they had designed a secure system, they would have advertised the hell out of it. They didn't.
(Edit: to be clear, the other carmakers are just as insecure.)
I take "Electro", my amazing Model S, to the train station: yes, it's a station wagon
Is this not the same as the "evil" thread?
The world loves to be deceived.
Same topic, different angle. The point in the other thread is what info could Tesla publish that would put these fears at ease. That said, the two threads could be merged.
I think Elon Musk is aware of the fact that the vehicles he builds (Model S, Dragon Spacecraft) are high priority targets for hackers to gain remote control. I think that encryption levels were chosen with careful consideration on every level, be it key fob, charge port, 3G module, or wifi connection.
You just can't do security afterwards.
I haven't seen any advertising about the new MB CLS not flipping over at highway speeds. If they had designed a aerodynamically stable car, they would have advertised the hell out of it. They didn't. Obviously it means the CLS is likely to flip over at highway speeds.
Think with dispassion; Speak with equanimity; Act in calm.
Moderator - Southeast, Future Cars
Do not use this material outside of Tesla Motors Club without attribution and permission.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
