Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Be careful where you let your car ride on wifi in the coming weeks

This site may earn commission on affiliate links.
V

verygreen

Curious member
Jan 16, 2017
3,048
11,762
TN
#1
It looks like as map updates are being prepared for early next year (in Europe and probably in US), people should be extra careful about their wifi and cell providers.

I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.

The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.

Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.

It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.

Code: 
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxJIHhFmvyALnYHAGLrpkU6oUoCEizVPu+klDo9MGss8x9Uxw
JfOlTa40L78cDGA3kb79vgJTMkkKMnh0Xy27rXGkUpLaHttNJ/9P8k8z13MPQ8Ml
hFuF2/fe0ofDuBKJ/oFBPAFTB7WpzJ/SwGHzIJxTMOBBThkLzKDaRp26bvBX81p7
Uds1uuFDlz022C1Hn+rEtrBylHY+OpD2NEJ/Alo4IwOmhxKuAz7B3DDrXJZYrldb
IRhwE3/rjrnlx4diaucaQBxDONDy1rEQBzOqfgJmCO7vSK5WCkiMsOviezFkCuwl
zE3PBhgVqC5UxOR5PC2phQIJpf5nJx7TkFhgpwIDAQABAoIBAQCjZCqhZZdKbrd6
nsNU1hQMwyQv0jtGZw0OuBVkOEWqHbWOC0JxGWv+/N1eDsG2u8eU+yeZZ/9Vnga+
2wcIElCdJAgNpwlteqZQp9UBObqCzJ4UmkI2GYlTxV5OqxERkT9o8HGT+hnVH7iL
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
GBOxiVEEu0jKUj65Z2JfPXctQ0hpefrs03HRztjNchyHY2hUNafbIS2mhTgwkZlP
UgrwjHzFJW3NuJvHILLTp20yJwMd5rQtf2Pr/iA47BFFj9ER9JD/0xLU4hr/z8cn
OHVHfFQhAoGBAOPC9XOdTYew+H+IVp+ivyDyi4XkqdwTTNgoy0j2ypIYuiS/oqJ+
R8cD34rySHqurlVk5K6zEVpTU1SJOsX06psOS92/BjiR+RmZxODPKIBpBs/LKX00
/IUbmF9/z+L7Ipg2kdul/Kw4fuLRrbbDxnKOWRP6N9MoPN51gSARlsy3AoGBANzx
FEi20qIOdjHM0TGala5QFeIZ9Il0YOSqDjyLqDbCQJTW/leYmTimxSgd1sM06K7W
6/eBm2GUMV/BDzkzhz23nDSYuFKg+Es47l+GqG2s2jnefl6W+ZJQ3Lt2q0DejK72
/niB6uA8YEh/yxXvKGqrzMexwyjb0MsH1UYhgfuRAoGBAJPIwLMP8mqFLfiyYmKa
myGpv1ZVlNGzxDzN23mwiKhbWwzVO5XsEm7T2IyzwMu55GyMVsX0cuIFByDnGjew
Pzn1AM0VUdgK/3LZD6I/SKxpeX4C+RzA8Mj9qtTsfdtt0Hirj+DRxy2ISuyp2Omq
Bm32Z15LEUX16ej+nZZNU2fpAoGBAMRN+tzEe497U+7ZcUEmfTl8dIUI1KnQWkqx
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
Oa5pPx0TLOLBbDhG8HiPON6YFyfE1nhQjkGVPjPK3OJE+BPDRajlLhnmcZCcOJao
56bZipI3CbgTi9O7C8XWFlZB6TyGTb+q6uFH3Wwv4TzqvegC7NwZ2xc=
-----END RSA PRIVATE KEY-----

Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.
 
  • Informative
  • Like
  • Helpful
Reactions: appleguru, Chrisanne, jerjozwik and 42 others
#5
verygreen said:
It looks like as map updates are being prepared for early next year (in Europe and probably in US), people should be extra careful about their wifi and cell providers.

I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.

The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.

Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.

It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.

Code: 
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxJIHhFmvyALnYHAGLrpkU6oUoCEizVPu+klDo9MGss8x9Uxw
JfOlTa40L78cDGA3kb79vgJTMkkKMnh0Xy27rXGkUpLaHttNJ/9P8k8z13MPQ8Ml
hFuF2/fe0ofDuBKJ/oFBPAFTB7WpzJ/SwGHzIJxTMOBBThkLzKDaRp26bvBX81p7
Uds1uuFDlz022C1Hn+rEtrBylHY+OpD2NEJ/Alo4IwOmhxKuAz7B3DDrXJZYrldb
IRhwE3/rjrnlx4diaucaQBxDONDy1rEQBzOqfgJmCO7vSK5WCkiMsOviezFkCuwl
zE3PBhgVqC5UxOR5PC2phQIJpf5nJx7TkFhgpwIDAQABAoIBAQCjZCqhZZdKbrd6
nsNU1hQMwyQv0jtGZw0OuBVkOEWqHbWOC0JxGWv+/N1eDsG2u8eU+yeZZ/9Vnga+
2wcIElCdJAgNpwlteqZQp9UBObqCzJ4UmkI2GYlTxV5OqxERkT9o8HGT+hnVH7iL
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
GBOxiVEEu0jKUj65Z2JfPXctQ0hpefrs03HRztjNchyHY2hUNafbIS2mhTgwkZlP
UgrwjHzFJW3NuJvHILLTp20yJwMd5rQtf2Pr/iA47BFFj9ER9JD/0xLU4hr/z8cn
OHVHfFQhAoGBAOPC9XOdTYew+H+IVp+ivyDyi4XkqdwTTNgoy0j2ypIYuiS/oqJ+
R8cD34rySHqurlVk5K6zEVpTU1SJOsX06psOS92/BjiR+RmZxODPKIBpBs/LKX00
/IUbmF9/z+L7Ipg2kdul/Kw4fuLRrbbDxnKOWRP6N9MoPN51gSARlsy3AoGBANzx
FEi20qIOdjHM0TGala5QFeIZ9Il0YOSqDjyLqDbCQJTW/leYmTimxSgd1sM06K7W
6/eBm2GUMV/BDzkzhz23nDSYuFKg+Es47l+GqG2s2jnefl6W+ZJQ3Lt2q0DejK72
/niB6uA8YEh/yxXvKGqrzMexwyjb0MsH1UYhgfuRAoGBAJPIwLMP8mqFLfiyYmKa
myGpv1ZVlNGzxDzN23mwiKhbWwzVO5XsEm7T2IyzwMu55GyMVsX0cuIFByDnGjew
Pzn1AM0VUdgK/3LZD6I/SKxpeX4C+RzA8Mj9qtTsfdtt0Hirj+DRxy2ISuyp2Omq
Bm32Z15LEUX16ej+nZZNU2fpAoGBAMRN+tzEe497U+7ZcUEmfTl8dIUI1KnQWkqx
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
Oa5pPx0TLOLBbDhG8HiPON6YFyfE1nhQjkGVPjPK3OJE+BPDRajlLhnmcZCcOJao
56bZipI3CbgTi9O7C8XWFlZB6TyGTb+q6uFH3Wwv4TzqvegC7NwZ2xc=
-----END RSA PRIVATE KEY-----

Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.
Click to expand...
I don't know what that is, but it isn't a valid PGP key. Oh, I see, you have intentionally taken out some of the data. "I am leaving this line redacted ...". If you want to PM me the real thing, I can verify it, and I have contacts within Tesla's security team.
 
  • Helpful
  • Like
  • Informative
Reactions: mcbarnet007, neroden, ABC2D and 6 others
#6
ggr said:
I don't know what that is, but it isn't a valid PGP key. Oh, I see, you have intentionally taken out some of the data. "I am leaving this line redacted ...". If you want to PM me the real thing, I can verify it, and I have contacts within Tesla's security team.
Click to expand...
They would be able to verify it without that line of data....
 
  • Like
Reactions: davidc18, whitex, Shock-On-T and 2 others
#9
@verygreen is a very credible user. Even if there is a change he is wrong, it would be irresponsible not to pass this info on to the right person if you have the inside contacts. Tesla and its customers can afford zero margin with everything related to security. And yes, being able to trick a car to execute a malicious maps update is a severe security breach.
 
  • Like
Reactions: davidc18, neroden, TimM. and 1 other person
#10
If all of it is real except for the missing line, I'm having a hard time believing someone simply guessed the remainder of the key. Seriously??

If that much of a private key has been compromised, the private key needs to be changed anyway. A supercomputer could make quick work of deciphering a single line of a private key. @verygreen already noted that the entire private key was publicly available for almost a year. That should scare the sh*t out of every Tesla owner!
 
Last edited:
  • Like
Reactions: davidc18
#11
NerdUno said:
If all of it is real except for the missing line, I'm having a hard time believing someone simply guessed the remainder of the key. Seriously??

If that much of a private key has been compromised, the private key needs to be changed anyway. A supercomputer could make quick work of deciphering a single line of a private key. @verygreen already noted that the entire private key was publicly available for almost a year. That should scare the sh*t out of every Tesla owner!
Click to expand...

verygreen pulled out 4 lines of the 18, the fourth root of the key space is still a lot of permutations to run.
 
#12
OK, sorry for opening this can of worms. Here's the problem. Anyone can make up a PGP key pair and call it anything they want. I'm not saying that that is what @verygreen did, but I'm also not going to get people in Tesla spun up if it is a hoax. Even if it is a hoax, it might not have been done by him. Revealing the secret key to me would probably allow me to verify its validity; simply signing a message with it wouldn't (since it still could have been made up by him or me for that matter). Note also that secret keys are almost always exported password protected; even if the above key block is genuine and was revealed somehow, that doesn't necessarily mean that it's usable by anyone who doesn't know the password.

Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
 
  • Disagree
  • Like
Reactions: davidc18, Hank42, neroden and 5 others
#13
Scratching head: Can't believe we're having this conversation about an incredibly dangerous compromise in the overall security of every Tesla vehicle. This isn't a bug, it's a security f*ckup with extremely dangerous consequences to everyone who owns a Tesla vehicle. There's a very good reason that folks that build cars probably should not be entrusted to manage network security.
 
  • Like
Reactions: davidc18 and neroden
#14
ggr said:
OK, sorry for opening this can of worms. Here's the problem. Anyone can make up a PGP key pair and call it anything they want. I'm not saying that that is what @verygreen did, but I'm also not going to get people in Tesla spun up if it is a hoax. Even if it is a hoax, it might not have been done by him. Revealing the secret key to me would probably allow me to verify its validity; simply signing a message with it wouldn't (since it still could have been made up by him or me for that matter). Note also that secret keys are almost always exported password protected; even if the above key block is genuine and was revealed somehow, that doesn't necessarily mean that it's usable by anyone who doesn't know the password.

Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
Click to expand...

Purely as a discussion of cryptography:

For you to vet the full key before sending on to Tesla, you would need to run it against the reciprocal public key. Otherwise, it could be any generic PGP key.
If verygreen uses the full key to encrypt a message such as "Hey ggr, how's it going?" and sends that to you, you can then use the public key you would need in the previous step to decrypt and verify,
If you don't have the public key, then having the full private key from verygreen doesn't matter, since you would need to send to Tesla to verify regardless and they can check against the 14 lines and gain pretty good confidence.

Or am I missing something?
 
  • Like
  • Informative
Reactions: davidc18, yak-55, whitex and 3 others
#15
mongo said:
Purely as a discussion of cryptography:

For you to vet the full key before sending on to Tesla, you would need to run it against the reciprocal public key. Otherwise, it could be any generic PGP key.
If verygreen uses the full key to encrypt a message such as "Hey ggr, how's it going?" and sends that to you, you can then use the public key you would need in the previous step to decrypt and verify,
If you don't have the public key, then having the full private key from verygreen doesn't matter, since you would need to send to Tesla to verify regardless and they can check against the 14 lines and gain pretty good confidence.

Or am I missing something?
Click to expand...
You are missing something. This is a very common misunderstanding. Public key systems allow two types of paired operations. One is sign/verify, the other is encrypt/decrypt. One needs the secret half of the key to sign or to decrypt. So he can't use this secret key to encrypt a message to me; he would use my public key to do that. He could sign a message to me, which I could verify using the public key, but where would I get that public key in a trusted way? Note that of all the public key systems out there, only RSA uses the same mathematical operations under the covers, but even for RSA, signing is not simply encrypting with the secret key.

You are technically correct, in that either an appropriately signed message or the actual secret key would enable me to do whatever verification I wanted to do. I shouldn't have been so glib above. But I still have to go to some amount of great trouble to do that verification, since I can't just go to a keyserver and find a key that is called "Tesla map signing key" (that anyone could have created), so I want more than a blob of unusable text.
 
  • Informative
  • Disagree
Reactions: gigglehertz and AnxietyRanger
#17
ggr said:
You are missing something. This is a very common misunderstanding. Public key systems allow two types of paired operations. One is sign/verify, the other is encrypt/decrypt. One needs the secret half of the key to sign or to decrypt. So he can't use this secret key to encrypt a message to me; he would use my public key to do that. He could sign a message to me, which I could verify using the public key, but where would I get that public key in a trusted way? Note that of all the public key systems out there, only RSA uses the same mathematical operations under the covers, but even for RSA, signing is not simply encrypting with the secret key.

You are technically correct, in that either an appropriately signed message or the actual secret key would enable me to do whatever verification I wanted to do. I shouldn't have been so glib above. But I still have to go to some amount of great trouble to do that verification, since I can't just go to a keyserver and find a key that is called "Tesla map signing key" (that anyone could have created), so I want more than a blob of unusable text.
Click to expand...

Ah, thank you for clearing that up! ( I deal with software that exists in the encrypted state and gets converted back on-chip, so I was pre-biased to the more symmetric side of things)
 
  • Like
Reactions: neroden
#18
ggr said:
Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
Click to expand...
Of course I got them notified the second I found about this using the way outlined on their website, but it did not really lead to anything.

ggr said:
but where would I get that public key in a trusted way?
Click to expand...
You would get the public key from your car, obviously, every car has it.

Anyway, I got contacted by Tesla security by email and they are claiming they never got my mail this time (though they did in the past), so they are looking into this.
 
  • Like
  • Informative
  • Love
Reactions: SomeJoe7777, neroden, spottyq and 24 others
You must log in or register to reply here.
Top
Back
Blog
New
Forum list
Marketplace
Menu