Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Transportation Technology

Tesla Model S Has Been Hacked 262

cartechboy writes: First, it was Chrysler last month with its Uconnect system being hacked while being driven down the road. Now, it's Tesla's turn. That's right, the Silicon Valley automaker's very own Model S electric car has been hacked by two white-hat hackers. The duo were able to manipulate the speedometer, lock and unlock the car, and at speeds of less than 5 mph they were able to make all the electronics go blank and shut down the car while engaging the emergency parking brake dragging the car to a stop. Tesla's already issued a software update that owners can download to path the security flaw. Welcome to the new world where cars can be hacked thanks to all their electronics.
This discussion has been archived. No new comments can be posted.

Tesla Model S Has Been Hacked

Comments Filter:
  • FP (Score:2, Insightful)

    by Anonymous Coward

    IoT sucks! Welcome to the future.

  • Sure... (Score:5, Insightful)

    by Jason Valdron ( 3934833 ) on Friday August 07, 2015 @08:44AM (#50268653)
    What the summary fails to omit is that you first need physical access to the car and since they have the ability to do updates over-the-air, they don't need to recall more than a million vehicles to fix the issue.
    • by fche ( 36607 )

      "they have the ability to do updates over-the-air"

      That facility better be rock-solid, lest it be another way in. (I doubt it's an open & audited protocol.)

      • Re:Sure... (Score:5, Interesting)

        by sxpert ( 139117 ) on Friday August 07, 2015 @08:50AM (#50268697)

        it's https over openvpn... I'd say it's good enough

        • it's https over openvpn... I'd say it's good enough

          I wonder if there's a backdoor so that law enforcement can end a chase or make certain you stop for a roadside inspection or whatever.

          • Jeepers man, You've reinvented LO-Jack...

        • by ZeroPly ( 881915 )
          No. It's certainly not "good enough". That's laughably optimistic - the Heartbleed bug is still fresh in our memory, and SSL is one of the most used libraries in the world.

          The only that that's good enough is a mechanical switch that disables all changes to the firmware and operating software. If you want to get updates, you go to the car, flip the toggle switch by the ODBC port, and run the updates. As soon as you're done, you flip the switch off. With that switch in the off position, the car is capable of
    • What the summary fails to omit is that you first need physical access to the car and since they have the ability to do updates over-the-air, they don't need to recall more than a million vehicles to fix the issue.

      Oh thank God. I have no idea why everyone doesn't do this wirelessly - cuz on the air updates are perfectly secure.

      • Oh thank God. I have no idea why everyone doesn't do this wirelessly - cuz on the air updates are perfectly secure.

        Unless someone has physical access to the car they should be very secure as long as the encryption algorithms used are secure. Key distribution isn't a problem because Tesla can load up the car with a cryptographic key during manufacturing. Hell they could even put in a stack of one time pads if they wanted. Key distribution is usually the big problem but it's not (or shouldn't be) an issue here.

        While they could always make an error somewhere along the way, it should be reasonably straightforward to make

        • Oh thank God. I have no idea why everyone doesn't do this wirelessly - cuz on the air updates are perfectly secure.

          Unless someone has physical access to the car they should be very secure as long as the encryption algorithms used are secure.

          "Should" is the operative word here." As long as" is another.

          Because people are trusting their life to a system that has consistently proven that it is not secure. It should be, but isn't. As long as no one discovers exploits, it should be safe.

          • by sjbe ( 173966 ) on Friday August 07, 2015 @11:35AM (#50269967)

            Because people are trusting their life to a system that has consistently proven that it is not secure

            You know what else I'm trusting my life to? You not turning your steering wheel a quarter turn left when we pass each other on the road. I'm trusting that you will actually stop at a stop sign. I'm trusting that my airbag will not malfunction. I'm trusting the ignition to actually work. I'm trusting that you are capable of driving competently unimpaired by alcohol. We trust our lives to a lot of things that have consistently proven to not be secure and this bit of hacking is no where near the top of the danger list. Sure, let's be concerned about it but let's not blow it out of proportion either.

            • by Kokuyo ( 549451 )

              You need to be upvoted all the way to mars. Seriously, common sense is a rare thing on the net.

    • by VAXcat ( 674775 )
      Back when cars only had a single hydraulic circuit to run the front and read brakes, the handbrake WAS an emergency brake (although back then it was also usually activated by a pedal). Now that modern cars (since around 1964 or so) have dual circuit hydraulics, a single leak or hose failure is no longer an emergency, and the handbrake is no longer relaly an emergency use item.
      • by sjames ( 1099 )

        That is not actually true. People do still sometimes experience sudden and total brake failure.

    • WIth regards to 'the ability to do updates OTA':
      I've said it before, and I'll say it again: If there is any sort of wireless access to the vehicles' systems, there needs to be a hardwired, unimpeachable switch available to the operator of the vehicle, that turns off that transceiver, preventing it from operating. When a vehicle leaves the factory, ostensibly it's doing so in a 100% operable, fully tested state. If there are updates to the firmware or software after that, the manufacturer should inform the
    • by vux984 ( 928602 )

      and since they have the ability to do updates over-the-air

      Then so can the hacker, if not today, then one day?

      they don't need to recall more than a million vehicles to fix the issue.

      Because there aren't that many. Have they even made 100,000 of them yet?

  • Some day there will be a market for a car with no on board computer or electronics. The intro to the first Fallout game features a television commercial for a car called the Corvega, with no electronics and no computer for only $199,999.99. In a world on the verge of nuclear war, or one on the verge of computer security catastrophe, sounds like a steal.
    • by Higaran ( 835598 )
      I can buy almost any car from the 70's or 80's that's in half way descent condition for less that $10k and it would qualify.
      • Re:Future market (Score:5, Informative)

        by sinij ( 911942 ) on Friday August 07, 2015 @08:58AM (#50268755)
        To protect against cyber threats that would work. To protect against nuclear EMP (since we were talking Fallout)? Not so much. Even 70s and 80s cars use coils and ECUs, and that would get fried. What you need is mechanically injected car with non-electronic control. Some of the early 70s Mercedes would almost work, since they used vacuum to control everything.
        • To protect against nuclear EMP (since we were talking Fallout)

          EMP and fallout are completely unrelated. Presence of fallout doesn't have any impact on EMP effects, and vice versa.

        • ...To protect against nuclear EMP (since we were talking Fallout)? Not so much. Even 70s and 80s cars use coils and ECUs, and that would get fried...

          Maybe... and maybe not. Old cars had thick metal hoods. Modern cars often use plastic for parts that don't need to be mechanically strong, but the old ones put the engines inside a pretty good Faraday cage.

          • by Higaran ( 835598 )
            The question I have is, if the car is not running, or even if the key is out of the ignition would the car get fried? How much voltage would the EMP generate on the cars electrical systems, vs how much does it actually take to fry a car? I'm sure that would vary depending on the distance the car is from the explosion.
          • Maybe... and maybe not. Old cars had thick metal hoods.

            Does the thickness really matter? As far as I understand, what's most important is whether there's gaps in the structure. There are cars both old and new which have functional holes in the hood, but virtually all of them (except a few notables, like the Corvette — and of course, more expensive and exotic vehicles) are made with metal bodies.

        • To protect against nuclear EMP (since we were talking Fallout)? Not so much.

          Trust me on this... EMP is NOT an issue for your automobile... They tested this with a number of vehicles years ago and found that EMP was not a major issue for the electronics in cars.

          EMP affects electronics to varying degrees. I break it down into three groups. First there is the "no noticeable" affect group. This is where an EMP has no noticeable affect on the equipment's operation, for a car this means it keeps running. Second there is the "upset" where the EMP causes the equipment to malfunction t

          • I'd say there's some risk for electric cars. How would you charge them when the grid is fried?

            • That's true... But it's not the car being broke, but your ability to refuel it being broke.

              Gasoline cars will suffer from the same "how can I refuel it" problem. Without power, the local gas station won't be working for you either... I suppose you could manually pump gasoline out of the ground, or have fuel in storage, but if you are a real preper type, you've thought of all that..

      • from the 80's it would likely have electronic ignition, but from the early 70's you might be able to experience the joy of tuning breaker point ignition.

    • by bws111 ( 1216812 )

      If you're going for that level of paranoid, don't forget the bulletproof glass, armor plating, etc.

    • So your saying that my '68 midget will be worth a fortune then, or it will be once I replace the Lucas parts.
    • Some day there will be a market for a car with no on board computer or electronics.

      Not going to happen, both the EPA and the CAFE standards have seen to that. There is ZERO chance you can meet the emission and mileage standards for any vehicle which doesn't include some kind of engine and drive train control electronics.

      Unless, of course, you are talking about a future time w/o the Federal Government being around... In which case, buying cars will be the least of your worries...

      • Not going to happen, both the EPA and the CAFE standards have seen to that. There is ZERO chance you can meet the emission and mileage standards for any vehicle which doesn't include some kind of engine and drive train control electronics.

        Those only apply to new cars. Old cars are still on the road and probably always will be. Plus you are able to build vehicles yourself that do not meet emissions standards. Not exactly difficult to source an engine and a chassis.

    • Some day there will be a market for a car with no on board computer or electronics.

      You could definitely do it with relatively little modification to an elderly diesel UNIMOG (or similar) with a hydraulic system, replacing the battery with an accumulator and the starter motor with a hydraulic one. A low-pressure branch of the hydraulic system could operate your "accessories", by which I mean blower fan and windshield wipers. Probably though you would be better off using a 94-98 Cummins motor from a Dodge pickup than the original OM-whatever, or even an OM617 swap. This is because they norm

    • Some day there will be a market for a car with no on board computer or electronics.

      Here you go: Hemmings: Ford Model T for Sale [hemmings.com]

    • That would be glow plug engine then ?

  • But.... BUT!!! (Score:5, Insightful)

    by jmd_akbar ( 1777312 ) on Friday August 07, 2015 @08:50AM (#50268693)
    Didn't they have to physically "break" the car before they got access into it? Your post is clearly a scare tactic.
  • I want my Cat connected to the IoT. Somebody please hack it so it stops leaving hairballs everywhere.
  • Tesla's efforts still won't provide the level of electronic security from remote hacks that old Lucas equipment did.
  • by account_deleted ( 4530225 ) on Friday August 07, 2015 @09:15AM (#50268855)
    Comment removed based on user account deletion
    • Mod parent up ! I peed my pants reading that post, congrats.
    • by c ( 8461 )

      Yes, but are you willing to take the risk of hackers changing the radio to a country and western station?

    • by Khyber ( 864651 )

      "as a college grad with more debt than a south american country"

      Spotted the Economics Major!

    • Fear not, my friend. In just 5 years (10 at the outside) you will automagically own a self-driving car! So sayeth the eager nerds who have no trouble reconciling a world which doesn't even have the collective will to maintain basic infrastructure with a complete sea-change in personal transportation! Future not available in all areas! Personal fates may vary!
  • by sjbe ( 173966 ) on Friday August 07, 2015 @09:22AM (#50268909)

    Any car or computer can be hacked when you have physical access to the car. Furthermore Tesla has apparently already issued a patch making this pretty much a non-event.

    When they get hacked remotely with no physical access (which is conceivable) then we should sit up and pay attention.

    • While true that this is a lot less worrisome than a remote attack, the fact that someone with an ethernet cable can bollix up the car it still attention worthy.
      • While true that this is a lot less worrisome than a remote attack, the fact that someone with an ethernet cable can bollix up the car it still attention worthy.

        If a bad guy has physical access to my car, what they can do with an ethernet cable is frankly the least of my concerns.

  • by kbg ( 241421 ) on Friday August 07, 2015 @09:23AM (#50268915)

    The only reason why this is happening is because the software developers are morons. In a mission critical system you never give write access from an entertainment module to critical system. The information system should not have the ability to make any changes in the engine software. The best way to enforce this is to use a hardware read only bus that sits between the entertainment system and engine system and only allow traffic to flow from the engine to the info system but not the other way around.

  • Editor? What editor? (Score:5, Informative)

    by gstoddart ( 321705 ) on Friday August 07, 2015 @09:47AM (#50269079) Homepage

    Tesla's already issues a software update that owners can download to path the security flaw

    Can we stop calling you guys 'editors', and just get on with 'clowns who post story submissions'.

    Because it's quite clear you don't actually, you know, edit.

    • Tesla's already issues a software update that owners can download to path the security flaw

      Can we stop calling you guys 'editors', and just get on with 'clowns who post story submissions'.

      Because it's quite clear you don't actually, you know, edit.

      They edit, meaning that they modify the text. The thing is that they generally make it worse, not better.

  • by Doghouse13 ( 2909489 ) on Friday August 07, 2015 @09:56AM (#50269163)
    OK, so there's a security patch available. So what? "We regret that you crashed at 85mph yesterday - please download our latest patch?" The problem is not the software per se, but the mere fact that there's external access at all. Because there's simply no such thing as "flawless" code. And the internet's been around long enough to show us that, if there's any legitimate way in, people who want to abuse the system will get in as well, and find a way to subvert it. And right now all we're seeing are "white hat" attacks; just wait until the black hat guys start getting creative.
    • by sinij ( 911942 ) on Friday August 07, 2015 @10:09AM (#50269265)
      We have seen this play out in IT during 80s and 90s. AV and Firewalls for cars are next. Then they will wise up and move cars to a dedicated network with mutual authentication. Until then, we have 'lost decade' of blue-screen-of-death automobiles. Unfortunately, unlike mostly harmless IT crashes, when auto crashes someone going to get hurt.
  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Friday August 07, 2015 @10:01AM (#50269193) Journal

    Welcome to the new world where cars can be hacked thanks to all their electronics.

    As opposed to the old world where a car that didn't have any sophisticated electronics was trivial for someone to steal?

    • by sinij ( 911942 )
      Are you saying that the only way to secure a car from theft is to network it? That is nonsense.
      • by mark-t ( 151149 )
        I'm saying that this so-called "new world" isn't really new... cars have always been hackable.
    • Re: (Score:2, Interesting)

      by steelfood ( 895457 )

      It's another attack vector, on top of all the existing attack vectors.

      The attack vector these electronics close is hotwiring under the dash. This kind of attack doesn't happen as much as you think. More likely, people go for the GPS unit or something other item that's left out in the open, or your wheels and other easily-accessible parts. Stealing whole cars is rarer, unless you've got some collector's piece, and stealing whole cars via hotwiring is very rare. For stealing whole cars, there's a lot of low-h

      • by mark-t ( 151149 )

        stealing whole cars via hotwiring is very rare.

        Right... but it didn't used to be. That's my point... there's nothing new under the sun here.

  • Adblock, Better Privacy and NoScript is coming out for cars - to be released later this year.
  • The only way we are safe from the Cylons is to not network all the systems in the ship together.
  • Car hacking is the most ridiculous thing i've ever heard of!

    Seriously, why do we need computers in cars? EFI I can understand; some digital sensors, maybe, a and quartz tuned radio with digital display, sure.

    But all of this other crap is just asking for trouble. The fact that someone could remotely access, monitor, and even control your vehicle is downright scary.
  • Isn't the emergency/parking brake required to be mechanical? How can you hack a mechanical cable-pulley system?

    And this is why it's called an emergency brake here. Unlike the hydraulic braking system, it's supposed to be able to work no matter what. It's also only connected to the rear wheels, so there's less of a chance the idiot who slams it on will lose control.

  • by WOOFYGOOFY ( 1334993 ) on Friday August 07, 2015 @01:56PM (#50270903)

    Don't look to Tesla to change the OTA acccess their building into their cars any time soon. I'll tell you why.

    There's a frightening amount of electricity generated by their cars and mechanics who don't know what they're doing are quite likely to eletrocute themselves.

    Then the headline will be:

    Another Mechanic Killed By Tesla Car.

    To prevent that headline from ever materializing and destroying their market share, they reserve the right and aiblity to remotely brick the car.

    If the car is in an accident, it gets bricked and the only result of trying to start the car is a message on the instrument panel which reads (approx) : "Take car to Tesla service station for service".

    Mechanics CAN'T work on Tesla cars.

    Unfortunately, when you connect a car to the internet or otherwise make it accessible OTA you dramatically increase the attack surface area.

    Here's a few characterisitics of the new attack vectors:

    *A criminal can effect many cars at once. Previously, a 1:1:1 ratio existed between criminals, cars and some discrete unit of time.

    *A criminal can make a criminal event imitate an accident. Previously, if the car blew up Mafiosa-style or was stolen, the criminal event was clearly recognizable as a criminal event. Even cutting the brake lines left tell-tale signs. Obviously, a surreptitious way to access the car's electronics is, well, surreptitious .

    *The attack vectors have mutiplied to as many zero-day exploits in as many electronic parts as could be effected by zero day exploits. Previously, even if there was a theoretical way to access the computer that controlled critical systems, it was still a head-under-hood affair involving that system.

    *Zero day exploits aren't going away. There is no "recall" that is going to "fix" the problem because the problem is now a changing target. Previously, just as criminals and car thefts (or other crime) were 1:1, so also were defects and defective components. Recalls could fix the componnt and return the car to service. Now the subsystem is known to be fundamentally unfixable.

    If we could stop people from exploiting critical computer systems, we would have done it. A car is not going to be special in this regard.

  • by ihtoit ( 3393327 ) on Friday August 07, 2015 @06:15PM (#50272315)

    Bring it.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...