-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
All Discussion re: Tesla Motors Website & Forums
- Thread starter vfx
- Start date
-
- Tags
- forum Tesla Inc.
green1
Active Member
yup. definitely just the DNS that was hacked, so nothing to show that they have any access at all to any Tesla servers. The attackers could conceivably be scraping passwords from any app that is trying to contact a Tesla server though, so I recommend not using the android or iphone apps or visible tesla until this is over, and to change your passwords on those apps just in case. (honestly that's highly unlikely as they'd have to issue all the correct stuff to the apps to fool them in to sending the info, but better safe than sorry) But it looks like anything on Tesla's servers is pretty safe so far.
Real Tesla website is at 205.234.27.220, so with a bit of work on a hosts file or your own resolver you can make the normal site work (hardcoding that long term is a bad idea)
Attack website is coming up as 178.32.152.214 and 5.254.113.29 which are hosted by ClouDNS
Real Tesla website is at 205.234.27.220, so with a bit of work on a hosts file or your own resolver you can make the normal site work (hardcoding that long term is a bad idea)
Attack website is coming up as 178.32.152.214 and 5.254.113.29 which are hosted by ClouDNS
The news feeds I have seen have been taking a 'meh' attitude about this suggesting that this type of thing happens all the time to individuals and companies. IF we see some TSLA damage on Monday I look at it as an opportunity to buy weekly calls with April 30/ER happening over the next two weeks.
SomeJoe7777
Marginally-Known Member
Yes, but it would be far more difficult to reach the vehicle to do any harm via that method. The hackers would have to have access to Tesla's servers proper. Remote access via the API like Visible Tesla and the Tesla mobile app use is far easier and would only require the login cookie.
Wow. So my thread has brought out the crazies.
Would you care to elaborate? Why did I piss so many off at the mere mention that it would be scary as hell to have our cars hacked to the point of causing accidents if the security isn't good enough? Are you calling me a moron because it was stupid that I suggested it because it could never happen? If so, please explain why?
I think because the API for the app and what visible tesla has access to lacks any control whatsoever to the systems you mentioned (throttle, starting, brakes, etc.)
This hack appears to be on their name servers and a redirection of they MX records. There is no indication as of yet that there had been access beyond that. But I'm not saying it hasn't either. Until we hear from Tesla, I'm going to disable remote access and suspend all visible Tesla logging just to be safe.
green1
Active Member
He could probably have been nicer about it, but there are a few problems with your posted scenario. The most important one is that we have no evidence that that level of control is even possible by remote in any way, even if Tesla themselves wanted to do it.
Beyond that, we've seen no indication that Tesla's servers have been hacked at all. only that their DNS was, basically this is like changing the entry in the phonebook so that when people look up the number for Tesla they get the number for a prankster instead, Tesla's phone in that scenario is unchanged, people just can't find it properly to connect to it.
- - - Updated - - -
disabling remote access from the Tesla will have no effect whatsoever. If someone hacks Tesla and accesses your car from Tesla's servers, what you have that set to is irrelevant (NOTE: Not the case in what has happened so far as only DNS entries have been changed, nothing more)
This is a good idea, likely unnecessary, however IF the hackers were far more sophisticated than we have any reason to believe, they could potentially imitate a Tesla server and record your login details from visible Tesla. This is HIGHLY unlikely, however best practice here is to not give them that opportunity, AND to change passwords once this is over.
Gabzqc
Member
Very disappointing they could get in, however this is more publicity for Tesla, and anything, good or bad makes more people aware of the world changing Tesla Motors
jeff_adams
Member
thegruf
Active Member
I have seen no suggestion that Kristin did or would have anything to do with this other than an unhappy coincidence of timing.
HankLloydRight
No Roads
Why would anyone assume Kristin supplied passwords to anyone? I'm sure she's and adult and a professional who wouldn't commit a felony just because she and Tesla parted ways. Maybe she just got a better paying job, or left for any one of a hundred different reasons. It's asinine to think she would have had anything to do with this just because she's a security expert and recent left the company. Any other childish conspiracy theories?
thegruf
Active Member
I suppose it is inevitable in the excitement, but there really is some crazy stuff being written here by armchair sysadmins.
Nobody knows definitively what happened here and what the extent is, probably not even Tesla for sure yet.
It could be simple, or the visible bit we we see could just be the tip of the iceberg.
What is needed is a official statement from Tesla once they have progressed the forensic examination which I hope will be forthcoming in due course.
Nobody knows definitively what happened here and what the extent is, probably not even Tesla for sure yet.
It could be simple, or the visible bit we we see could just be the tip of the iceberg.
What is needed is a official statement from Tesla once they have progressed the forensic examination which I hope will be forthcoming in due course.
My problem with this recent discussion is that it is completely possible for people to read it as if there WAS some suggestion that someone did something wrong, and that someone's career could be affected. No offense intended to uselesslogin, but the previous clarification (which I explicitly choose not to quote) is almost worse than the original! Now, I'm quite sure that uselesslogin is not a wife beater, but in the highly unlikely case ...
Personally I would like to ask the moderators to actually delete these last few posts.
Personally I would like to ask the moderators to actually delete these last few posts.
HankLloydRight
No Roads
I think those of us in the industry pretty much know what happened. They gained control of the DNS account and changed/redirected the web and mail ip addresses to their own severe. We do know that for a fact.
I do not think anyone leaked passwords, but rather,they likely socially engineered login access to the DNS provider, a very likely weak link that most people don't even think about. Once they had that, they took over the website and mail servers to gain access to the twitter accounts (and who knows what else).
This is why it's important to have two factor auth on every account or application one uses.
Also, I'm sure Kristin didn't have access to passwords for their DNS account. There's a big difference between IT operations and executive level security management which is where she was. There no need for executive level people to have or need access to operations level information, like DNS logins or passwords. It's just silly to think that his raises any red flags for her or anyone else.
I do not think anyone leaked passwords, but rather,they likely socially engineered login access to the DNS provider, a very likely weak link that most people don't even think about. Once they had that, they took over the website and mail servers to gain access to the twitter accounts (and who knows what else).
This is why it's important to have two factor auth on every account or application one uses.
Also, I'm sure Kristin didn't have access to passwords for their DNS account. There's a big difference between IT operations and executive level security management which is where she was. There no need for executive level people to have or need access to operations level information, like DNS logins or passwords. It's just silly to think that his raises any red flags for her or anyone else.
Johan
Ex got M3 in the divorce, waiting for EU Model Y!
I'm sure everyone is right about the whole thing just being a DNS hack and redirect. And yes it looked childish and amateurish - all for bragging rights.
However, wouldn't this be the perfect cover up for a more serious malicious hack with the intent of either industrial espionage or to later cause damage, for example by planting some type of backdoor or somehow keep capturing sensitive data even after the highjack has supposedly been rectified?
However, wouldn't this be the perfect cover up for a more serious malicious hack with the intent of either industrial espionage or to later cause damage, for example by planting some type of backdoor or somehow keep capturing sensitive data even after the highjack has supposedly been rectified?
bonnie
I play a nice person on twitter.
Off topic: That would be a severely disappointing trend and display of poor dialogue values for moderation of a sensitive discussion. When I have a reaction that things should be deleted, I go back to some books I've enjoyed like "dialogue", "crucial conversations" or "women, fire and other dangerous things" about how to build common meaning.
If the goal of the discussion is to learn and wonder what we would do in our own companies, or how to position the event in front of non-enthusiasts, then objective discussions are essential.
You can't have an objective discussion about information security threats and mitigations without considering that people and their actions and assets are the most common attack vector, willing or unwilling. And staff transitions open lots of transient physical, digital, social and logistics windows of opportunity for bad stuff to happen. Many of those are not the fault of the transitioning party.
