It looks like as map updates are being prepared for early next year (in Europe and probably in US), people should be extra careful about their wifi and cell providers.
I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.
The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.
Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.
It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.
Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.
I tried to let Tesla know about some holes in their maps infrastructure, but they never replied to me, so I guess they don't care as much, even though they did close some of the holes outlined.
The problem is while the holes were there, the secret key for the maps server was publically accessible for almost a year, so who knows how many people downloaded that.
Having this key file would allow nefarious people to create their own "maps server" to serve their own map "updates" to your car.
This is further compounded by the fact that Tesla never lets you know when a maps update is being downloaded to your car, you just gt a notification once it's done, but it's too late by then.
Of course they could only do this if they are somehow positioned between your car and internet in most cases (they are other vectors, but they are harder to perform), hence the warning.
And if we are lucky Tesla would finally do something about replacing the key and will protect it better next time too.
It's been over 60 days since my last attempt to draw Tesla attention to the matter (over 300 days of the key accessibility), so I feel like holding on to this information is more dangerous than letting it go into the open.
Code:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxJIHhFmvyALnYHAGLrpkU6oUoCEizVPu+klDo9MGss8x9Uxw
JfOlTa40L78cDGA3kb79vgJTMkkKMnh0Xy27rXGkUpLaHttNJ/9P8k8z13MPQ8Ml
hFuF2/fe0ofDuBKJ/oFBPAFTB7WpzJ/SwGHzIJxTMOBBThkLzKDaRp26bvBX81p7
Uds1uuFDlz022C1Hn+rEtrBylHY+OpD2NEJ/Alo4IwOmhxKuAz7B3DDrXJZYrldb
IRhwE3/rjrnlx4diaucaQBxDONDy1rEQBzOqfgJmCO7vSK5WCkiMsOviezFkCuwl
zE3PBhgVqC5UxOR5PC2phQIJpf5nJx7TkFhgpwIDAQABAoIBAQCjZCqhZZdKbrd6
nsNU1hQMwyQv0jtGZw0OuBVkOEWqHbWOC0JxGWv+/N1eDsG2u8eU+yeZZ/9Vnga+
2wcIElCdJAgNpwlteqZQp9UBObqCzJ4UmkI2GYlTxV5OqxERkT9o8HGT+hnVH7iL
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
GBOxiVEEu0jKUj65Z2JfPXctQ0hpefrs03HRztjNchyHY2hUNafbIS2mhTgwkZlP
UgrwjHzFJW3NuJvHILLTp20yJwMd5rQtf2Pr/iA47BFFj9ER9JD/0xLU4hr/z8cn
OHVHfFQhAoGBAOPC9XOdTYew+H+IVp+ivyDyi4XkqdwTTNgoy0j2ypIYuiS/oqJ+
R8cD34rySHqurlVk5K6zEVpTU1SJOsX06psOS92/BjiR+RmZxODPKIBpBs/LKX00
/IUbmF9/z+L7Ipg2kdul/Kw4fuLRrbbDxnKOWRP6N9MoPN51gSARlsy3AoGBANzx
FEi20qIOdjHM0TGala5QFeIZ9Il0YOSqDjyLqDbCQJTW/leYmTimxSgd1sM06K7W
6/eBm2GUMV/BDzkzhz23nDSYuFKg+Es47l+GqG2s2jnefl6W+ZJQ3Lt2q0DejK72
/niB6uA8YEh/yxXvKGqrzMexwyjb0MsH1UYhgfuRAoGBAJPIwLMP8mqFLfiyYmKa
myGpv1ZVlNGzxDzN23mwiKhbWwzVO5XsEm7T2IyzwMu55GyMVsX0cuIFByDnGjew
Pzn1AM0VUdgK/3LZD6I/SKxpeX4C+RzA8Mj9qtTsfdtt0Hirj+DRxy2ISuyp2Omq
Bm32Z15LEUX16ej+nZZNU2fpAoGBAMRN+tzEe497U+7ZcUEmfTl8dIUI1KnQWkqx
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
IamleavingthislineredactedfornowbutyoucanbesureIdohaveitonmydisk
Oa5pPx0TLOLBbDhG8HiPON6YFyfE1nhQjkGVPjPK3OJE+BPDRajlLhnmcZCcOJao
56bZipI3CbgTi9O7C8XWFlZB6TyGTb+q6uFH3Wwv4TzqvegC7NwZ2xc=
-----END RSA PRIVATE KEY-----
Posted in the main Tesla thread since hopefully both X and S owners read it and I don't need to have several threads to monitor.