markb1
Active Member
It's under Other Model S vulnerabilities in the article. Still a non-story though
Yeah, sorry just figured that out.
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
It's under Other Model S vulnerabilities in the article. Still a non-story though
Sorry, but how will not using Visible Tesla improve security? I'm not sure I see the connection.
Although this isn't new, it may still be a problem:
Highway hacking poses huge threat - Wheels.ca
Will software 6.0 address this sufficiently?
Thanks for leading me to this discussion. Old story, agreed, but it doesn't seem a non-issue.
Why do I feel that Tesla is also susceptible to the same vulnerabilities shown in the video? I have yet to do any research of my own (no vehicle yet to do so), but it is fairly obvious in the poor security posture of their website and iOS app authentication as detailed here: http://broadcast.oreilly.com/2013/08/authentication-flaws-in-the-tesla-model-s-rest-api.html.
In terms of security concerns the Tesla is not really unique; at a very basic level there are two methods of entry into the CAN... physical, and remote. Many other cars offer similar features (built-in cellular, wifi, bluetooth, usb, cdrom, and obviously the OBD-II port) any one of which may offer an avenue for attack. The physical method of entry is basically impossible to secure, once someone has access, given time and skill they can do what they want...
Why do I feel that Tesla is also susceptible to the same vulnerabilities shown in the video? I have yet to do any research of my own (no vehicle yet to do so)...
That article was discussed in depth here - Authentication-flaws-in-the-REST-API-(if-you-give-3rd-party-your-private-login-info) - the overall conclusion being that you don't have to worry if you keep your login info secret.
The sunroof can be opened while it's snowing. The GPS information could be used to find your car (and you if you're with it). The AC can be turned to "quite uncomfortable". These can be done while you're in motion, which could be distracting and potentially hazardously distracting.Even if you don't keep your login secure, the worst thing that can be done remotely via the REST API is your car can be unlocked. I haven't seen any evidence of vulnerabilities that allow anything worse to be done remotely.
The sunroof can be opened while it's snowing. The GPS information could be used to find your car (and you if you're with it). The AC can be turned to "quite uncomfortable". These can be done while you're in motion, which could be distracting and potentially hazardously distracting.
Agree.What I haven't seen is evidence that you can do something to the car remotely that you can't do with the official app, like control the accelerator.
$10 grand prize for anyone who can hack a Tesla MS during SyCon Internet Security conference ...
$10,000 Is On Offer For Anyone Who Can Hack A Tesla Car - Forbes
Should be interesting to follow this one.
If they do it right, it should be $10,000 or a Tesla.
I don't want killing the computer to be a feature in my car. No matter what the trigger.(3) a way to kill the computer (whole car) in an emergency.