Tesla's Model S can be remotely hacked

prizrak

prizrak

Forum Addict
Joined
Apr 2, 2007
Messages
21,574
Location
No, sleep, till, BROOKLYN
Car(s)
11 Xterra Pro-4x, 12 'stang GT
Engadget said:
Tesla has toughened the Model S' underbody to help prevent any more fires, but apparently it needs to add some reinforcement to its network features too. An enterprising hacker can't quite drive one of the electric vehicles away (they'd need a key fob to start the car), but holes in the auto's security apparently allow a ne'er-do-well to locate the vehicle, unlock its doors and steal your belongings. As Tesla owner and corporate security consultant Nitesh Dhanjani tells it, this "low-hanging fruit" can be picked by brute-force attacking Tesla's relatively weak one-factor password system, exploiting loopholes in the iOS app's API and by accessing the ride's network-interface jack under the dashboard. Thankfully, he found that the Model S' major systems were safe from attack.

Dhanjani's submitted his findings to Musk and Co. and he advises current owners to take the precautions he's outlined to heart, specifically warning against using third-party apps. Tesla didn't respond directly to his concerns, but a spokesman has told Reuters that the company carefully reviews research provided by the security community.
Click to expand...

Source
 
MXM said:
I'm gonna go ahead and assume that's not true... for now.
Click to expand...

If you follow the original report they found vulnerabilities that are easy to exploit, whether someone will is questionable but there have been a few proof of concepts hacking of cars with telematics systems before.
 
eizbaer said:
and did anyone panic then?
Click to expand...

Probably not but I would think it's something that deserves some publicity, mainly so that car makers start actually paying attention to security.

- - - Updated - - -

narf said:
Even more so if you can plug into their network jack under their dashboard... from inside the car? :hmm:
Click to expand...

Cept you don't, it has a telematics system that runs over cell network.
 
prizrak said:
Cept you don't, it has a telematics system that runs over cell network.
Click to expand...

this "low-hanging fruit" can be picked by brute-force attacking Tesla's relatively weak one-factor password system, exploiting loopholes in the iOS app's API and by accessing the ride's network-interface jack under the dashboard.
Click to expand...

The use of "and" instead of "or" disagrees with that, although it could just be poor word choice in the article.
 
chaos386 said:
The use of "and" instead of "or" disagrees with that, although it could just be poor word choice in the article.
Click to expand...

Hmm yeah it does seem like poor wording since the iOS app is supposed to be able to do all this stuff stock.
 
rickhamilton620 said:
There's actually is an eithernet jack that a owner has used to gain access to the telematics system: http://jalopnik.com/the-tesla-model-s-is-basically-a-good-looking-it-depart-1558372928
Click to expand...
There is an old adage, if you have physical access you have full access. If getting in requires that you physically access the car that's not much of a concern people have been stealing cars in that manner for a while now. My concern is mostly some script kiddie grabbing a tool off the internet and thinking its funny to fully brake a car on the highway from his smartphone.
 
prizrak said:
There is an old adage, if you have physical access you have full access. If getting in requires that you physically access the car that's not much of a concern people have been stealing cars in that manner for a while now.
Click to expand...

:+1:
 
The great thing is that they can actually wirelessly patch this and fix it.
 
"Your Tesla S will now restart in order to finish installing important updates".

Of course since it's running Linux it won't need to restart..
 
Last edited:
You must log in or register to reply here.
Top