Tesla Car Hacked Remotely From Drone Via Zero-Click Exploit (securityweek.com) 126
wiredmikey shares a report from SecurityWeek: Security researchers have shown how a Tesla -- and possibly other cars -- can be hacked remotely without any user interaction from a drone. This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models. "Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan," the report notes. Since the ConnMan component is widely used in the automotive industry, similar attacks could be launched against other vehicles.
Why (Score:5, Insightful)
Re:Why (Score:5, Insightful)
Do we need to hook every conceivable system to the internet? Are we seriously concerned that we may find ourselves thinking "you know, my seat was a little bit off on the ride to work today. I think I need to adjust it from my desk"?
Because Greed. The remotely accessible system can be maintained by someone remotely at half the cost.
Anyway, back to your point, I would 100% agree that things like modifying steering and acceleration controls are NOT what I would call part of the "infotainment" system, and therefore should be separated and even air-gapped. Now the question is, just how many features do you disable by doing that?
The answer is it doesn't matter, because you should have done that in the first place.
Re: (Score:2)
Re:Why (Score:5, Insightful)
There are some very useful features that remote access brings, like being able to pre-heat/cool the car or monitor charging status.
Unfortunately even with minimal functionality like that there is scope for mischief. A few years back Nissan had an issue where anyone could command any Leaf to pre-heat/cool on demand, potentially running the battery down if the car is unplugged.
We should be able to engineer this stuff so that it is secure, it's not beyond the wit of man. I won't defend the Tesla system though, there is way too much functionality in there.
Re: (Score:3)
Absolutely, but as open-source has demonstrated security is hard. Everything visible, with a 1,000 smart eyes looking at it, and we still have CVE after CVE. Yeah we could regress functionality and QOL, but then we'd have to do the same with the computers right in front of us because they've been driven by the same forces* that made the modern car what it is (greater QOL and more functionality) and just as vulnerable.
*Continue to be as witnessed by the current GPU quest.
Re: (Score:2)
Absolutely, but as open-source has demonstrated security is hard. Everything visible, with a 1,000 smart eyes looking at it, and we still have CVE after CVE.
It is time to admit that humans are lousy at writing secure code and that modern approach of always reusing someone else's unverified code is never going to result in secure systems. No matter how good your own code is, there inevitably going to be someone else's code included in the whole product. I think the only feasible solution is keep developing automated code analysis tools. Yes, currently they generate A LOT of false-positives, but it is still better than doing nothing.
Re: (Score:3)
Defence in depth is the key. The problem here is that one vulnerability gets them the keys to the kingdom (car).
Re: (Score:3)
We should be able to engineer this stuff so that it is secure, it's not beyond the wit of man. I won't defend the Tesla system though, there is way too much functionality in there.
Who is this mythical "We" ? We can't even manage to secure OS on a locked down hardware with secure enclave where the user does not have root privileges (i.e. smartphone) after decade of trying. Why do you think "We" can do better with connected cars?
Re: (Score:3)
While they may not be infotainment they are also not high risk. CAM bus firewalls exist and its not necessarily unsafe with a proper implementation to allow some controls on that interface to send behavior flags over to systems that might be more critical than other body module type stuff.
Tesla's I know for example have settings like enable and disable creep mode (simulates what automatics do where the car will creep forward with your foot off the break at idle.) They also like a lot of high end power steer
Re: (Score:2)
Same thing with wheel feedback. You might be asking why does this feel different all of sudden, and thinking tire loosing air? road surface changed? and start assessing the situation but it does not alter the steering behavior of the car so much that if you are operating it inside a half way reasonable safety envelope to begin with your are going to lose control or something.
My Jeep has something similar, and it produces exactly what you speak of. In 4WD, it has mud, sand and snow modes, and when it goes into a mode, you think something went wrong, because the steering, brakes and throttle response all get changed. This is in addition to traction control, which is always on.
It works very well after you get used to it.
Re: (Score:2)
Having done extensive experimentation (project started as an attempt to get non-standardized OBD-2 codes, specifically cylinder-specific misfire counts) on CAN bus, a firewall on it is nonsensical.
Think of it as a layer-2 protocol. There's no 3 way handshake.
There are addresses. You're free to spoof as needed.
Now, is everything tied to the CAN bus?
No. But these day, more and more things are.
Can you have separate CAN buses (i.e., infotainment on one, EC
Re: (Score:2)
are Tesla SERIOUSLY considering those as part of an INFOTAINMENT system?
Tesla considers the infotainment, the cabin and climate control, and the driving settings all an integrated part of the CAR. Other car manufacturers don't, and in a lot of cases the software and interface for each are written by a different supplier, and it shows: you end up with a godawful mess. This is not a lesson in how shitty Tesla's specific design philosophy is (it isn't), but more about the wisdom of having this stuff remote-controllable, combined with shitty security.
Re: (Score:3)
Tesla considers the infotainment, the cabin and climate control, and the driving settings all an integrated part of the CAR. Other car manufacturers don't, and in a lot of cases the software and interface for each are written by a different supplier, and it shows: you end up with a godawful mess.
None of this stuff is based on open standards so it's a clusterfuck every time. The automakers aren't smart enough to demand them.
Re: (Score:3)
Imposing standards on self contained systems causes arbitrary unnecessary cost.
Failing to use standards on systems sourced from third party suppliers, which virtually all electronics in automobiles are*, means forever having compatibility problems and inflexibility in design, as a result of being locked into whatever interfaces those suppliers use.
* Ford has their own PCMs made. Ditto GM. AFAIK everyone else is using third-party electronics for everything.
Re: (Score:3)
are Tesla SERIOUSLY considering those as part of an INFOTAINMENT system?
Tesla considers the infotainment, the cabin and climate control, and the driving settings all an integrated part of the CAR. Other car manufacturers don't, and in a lot of cases the software and interface for each are written by a different supplier, and it shows: you end up with a godawful mess. This is not a lesson in how shitty Tesla's specific design philosophy is (it isn't), but more about the wisdom of having this stuff remote-controllable, combined with shitty security.
Actually this is more about Tesla assuming that "LAN", "WAN", and "DMZ" (all being integrated parts of a firewall,) are all treated the same when it comes to their shit security.
Fix the shit security, and you've fixed this problem.
Re: (Score:2)
Luckily they fixed this problem 6 months before the article you're commenting on came out then....
Re: (Score:3, Informative)
Steering and acceleration MODES. Not CONTROLS
The steering modes range from "comfort" to "sport"
The acceleration modes range from "chill" to "sport" (or others, depending on what model)
Also, how did they even find a Tesla that was six months behind on updates in order to launch this attack? Lastly, why is the headline "Tesla car hacked" rather than "Tesla infotainment system hacked"? Not as clickbaity?
Re: (Score:2)
Lastly, why is the headline "Tesla car hacked" rather than "Tesla infotainment system hacked"? Not as clickbaity?
Bingo. Same reason the last line of TFS might as well be "We think a lot of other cars use connman and might still be vulnerable but we didn't bother to test any of them because Tesla = clicks".
Re: (Score:3)
They discovered the vulnerability and reported it to Tesla last year. Tesla then patched it. So at the time it was a zero day for cars with the current version of software.
As for cars with old software, there are some. Tesla cuts off support for some vehicles, e.g. those that have been subject to unauthorized repair. Couldn't immediately find an official policy on patching CVEs on unsupported cars.
Re: (Score:2)
So Tesla is like Apple? Do the fanboys know about this?
Re: (Score:2)
I forgot some countries are well behind on updates too, e.g. Japan where there are regulatory hold ups.
Re: (Score:2)
The statement is misleading. They seem to be mixing up two things:
1) Some parts (computers, high voltage, etc) are only available to order from trained service technicians. But warranties only disclaim damage caused by faulty repairs or third-party parts. Having a third party technician do work on your car has no impact unless their work damage something, wherein, only the thing damaged by their work is disclaimed.
2) If a car is totaled and listed as a writeoff, then repaired, Tesla will cut off Supercharg
Re: (Score:2)
Steering and acceleration modes - are Tesla SERIOUSLY considering those as part of an INFOTAINMENT system?
"modes".
Not actually "steering and acceleration".
Re: (Score:2)
"Doors, nope. Aircon, nope. Steering and acceleration modes - are Tesla SERIOUSLY considering those as part of an INFOTAINMENT system?"
Yes, 1 big processor. That's why they still build cars while Mercedes, Ford etc twiddling their thumbs waiting for chips.
Re: (Score:2)
Is there any way to disable the wifi system on these things and still have a car that will drive and function?
Re:Why (Score:5, Informative)
App API support (what they used here - all they were doing was executing infotainment API commands on an car that somehow hadn't been updated in the past six months) is disabled by default - you have to enable it if you want to use it (Allow Mobile Access). Also under the same menu is "Data Sharing", in which you can control what data you share with Tesla - down to literally no data at all.
Re: (Score:2)
It's not like they can change the break to the accelerator or invert the steering.
I suggest you take a brake until you get yourself a dictionary.
Re: (Score:2)
It's not like they can change the break to the accelerator or invert the steering.
I suggest you take a brake until you get yourself a dictionary.
fare point.
Re: Why (Score:2)
Re: (Score:2)
No more than your mouse is a system connected to the internet but that doesn't mean a determined hacker with software vulnerabilities couldn't get into it.
Re: (Score:2)
Because we can.
Re: (Score:2)
Re: (Score:2)
Man, I really wish I hadn't sold my '78 Chevy Nova.
Have you seen the prices they are fetching lately?
Re: (Score:3)
The correct answer is, "no we don't." But that seems to be getting harder every year. I found a damn crock pot with wifi. Seriously? It is still possible to buy thing that are not hooked up to the internet. Hopefully, this will continue. I don't need my toaster oven to be internet aware but it couldn't have been if I wanted it too.
Re: (Score:2)
Well for cars, we had features like remote start for decades now. Where you can start your car in the winter without having to go outside so when you enter you car it is nice and warm.
Also we have fobs that wireless open the doors, and some will start the car without a key and a bunch of other things.
For Electric Cars especially where a lot of its components are controlled by software updates can improve performance or battery life, as they had found a new optimal way of doing something.
Oddly enough having
Re: (Score:2)
Toilets are big tech in Japan. Jets of water to wash the butts with so many settings on pressure, temperature, more patterns than a jacuzzi... And they had the bright idea to make it controllable from your cell phone! Via blue tooth! No authentication between the cell phone app and the toilet computer. Hotels have adjacent bathrooms separated by just thin walls ...
Very funny to read the disastrous roll out ...
Re: (Score:2)
I still don't understand (Score:2)
I'm not following, could someone make a car analogy? :_)
hawk
Potentially life threatening (Score:5, Interesting)
Re:Potentially life threatening (Score:5, Informative)
Well, not using this exploit. You'll note the the entirely dishonest summary said,
Security researchers have shown how a Tesla -- and possibly other cars -- can be hacked remotely without any user interaction from a drone...."Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan,"
Entirely dishonest reporting! Security researchers have shown that Teslas USED to be able to be hacked remotely from a drone. It is far more accurate to say that other car makers likely are vulnerable to this exploit than to say that Tesla still is. After all, they still use the code, while Tesla doesn't.
Until they spot a similar flaw in Tesla's new code, the real story is that as soon as this was discovered Tesla pushed a software update out to its cars and fixed the problem, while other car makers did not do likewise.
Re: Potentially life threatening (Score:2)
Yea. Something that happened in the dark ages of 6 months ago would never happen in the modern world. We're not savages any more.
Re: (Score:2)
Tesla's have an over the air auto-update feature, so it is very unlikely that someone is using the old code. So 6 months ago is a long time for a Tesla Software to be running.
Re: (Score:2)
Re: (Score:2)
Entirely dishonest reporting! Security researchers have shown that Teslas USED to be able to be hacked remotely from a drone. It is far more accurate to say that other car makers likely are vulnerable to this exploit than to say that Tesla still is. After all, they still use the code, while Tesla doesn't.
Tesla generates clicks, either from it's rabid haters, or it's rabid lovers. And this headline is the perfect example.
The only tiny bit of honesty was that short para at the end. But making Tesla into the villain, when they are the sole automaker who fixed the issue as soon as it was shown seems a bit like shilling for the others who haven't. Most read the headlines maybe a paragraph, then gloat how Tesla is vulnerable, and what a pity - their Chevy Whatsit is perfectly safe.
Only the Whatsit isn't.
Re: (Score:3)
According to TFA they discovered this as a zero day last year for a competition that was subsequently cancelled due to COVID. So at the time it worked on the latest version of the software.
They reported it to Tesla who fixed it, and are now reporting it publicly since enough time has passed that most cars will be patched.
Re: (Score:2)
Yep, fixed in Oct 2020, so not a problem on Teslas... is a problem on other cars.
Also worth note, acceleration and steering options aren't life threatening changes ... I mean they can make the car accelerate slower like a normal gas car. And make the steering softer or harder. Annoying if someone hacked your stuff to do that, but not a big deal. The thing I'd be worried about the most is the seat controls... if I were to get squished while driving it would not be safe. But on the Tesla Model 3 and Y, you do
Re: (Score:2)
Being that they patched the problem 6 months ago, I doubt it is a problem.
However other cars who use "ConnMan" (BTW: Who the Hell would think buying a software product called ConnMan would be a good idea! I don't care how good their marketing is, and what reviews they have, a name like that would just be a huge Red Flag!) will have the problem, and those just don't get the Press coverage that Tesla has.
News: Tesla are ScArRrRy! Because they are new, (and they don't do advertisements, so the news companies
Gray alien communists ... (Score:4, Funny)
Re: (Score:3)
Re: (Score:3)
Make crop circles at night and return the car to its parking spot before sunlight, so that the owner won't notice.
Re: (Score:2)
Make crop circles at night and return the car to its parking spot before sunlight, so that the owner won't notice.
Hello, National Enquirer? Yes it happened again, my Tesla is spontaneously creating dirt and corn again, but this time I have pictures!
I can't wait... (Score:4, Funny)
I can't wait to be able to use your Tesla to commit a crime for me while you're busy sitting at your desk, eg. deliver a shipment of drugs.
Good luck pinning that one on me!
Re: (Score:2)
Hey look a car with your License plate was found.
A warrant for information about that cars account from Tesla later.
You are being arrested for such and such charges. Because Tesla is showing that your phone is being used to tell the car to go to that location.
Then lets cross reference it with data from your Cell phone company, yep, it shows that you had your phone while you were at work all day.
It is like a Q-Anon idiot who is afraid the Covid vaccine has a tracking chip on it, while complaining that Apple
Expect more (Score:5, Insightful)
Is anyone surprised this happened? Even though this vulnerability was patched that doesn't mean there are others which have not.
So long as manufacturers insist on shoving computers into every minuscule aspect of a vehicle, even when not warranted, this will continue. Just wait until the first instance of a vehicle being taken over while driving on the highway is used to cause a massive pile up. How many dead and wounded will we have to suffer until manufacturers get it through their skull this crap isn't needed?
Re: (Score:2)
It's not the fault of computers, any more than it's the fault of your computer when you go crazy on social media. Fix people and you'll find that a lot of problems go away, oh like say the desire to break into things that aren't theirs.
Re: (Score:2)
Who gets to decide "broken"? That's the new "normal" and "broken" moves on.
Re: (Score:2)
A solution far worse than the problem.
Who gets to decide what "fixed" means?
The auto-lobotomizer will handle such calculations.
Re:Expect more (Score:4, Interesting)
Except all of these driver assist features require some amount of 'computer' even if its just a little micro controller.
EFI is way more efficient than mechanical FI or carbs, but it requires a computer.
Electronic stability control can make a huge safety difference over just simple ABS or nothing - but it requires a computer.
Things like lane assist - the jury is out on if these really improve safety much but they require a computer.
Pure nice to have features like adjustable power steering behavior etc - maybe it could be done with some analog control but practically a computer control implemenation will be more flexible, more reliable, and general superior while also being cheaper.
Comment removed (Score:5, Informative)
Re: (Score:2)
Oof, that's actually somewhat hilariously bad.
Re: (Score:2)
...a better way would require you to e.g. get inside the car and press a service-button or similar first!
They'll fix that in the next software update. It'll be wired to the door handle. On the outside at first. Minor oversight discovered after that funny looking dildo-drone flew by the Tesla dealership and slap-hacked the lot of them.
Then they'll wire it to the trunk release where it should be.
(Baby steps people. We're replacing bugs here, not developers.)
Re: (Score:2)
They configured Connman to automatically connect to any access-point called "Tesla Service" with a hard-coded password stored in the car's firmware!
Seriously? Someone going to deservingly get fired over this.
Re: (Score:2)
Re: (Score:2)
Yes; this was a pretty bonehead move by Tesla; now imagine when Ford or Nissan or Subaru do it on one of their cars that can't even be updated. Oh wait, they have had this kind of problem hundreds of times already and nobody apparently gives one shit.
Re: (Score:2)
But that was patched 6 monts ago. And over the air updates had applied them a while ago. I am more scared about other automakers (who also have inexperienced devs, and often more-so than Tesla) who put it in the cars, without any sort of way to update other than going to your dealer.
Re: (Score:2)
Interesting ... but in Tesla's defense, the ability to have the car auto-establish a wifi connection to any Tesla Service SSID was something many Tesla owners traditionally considered a handy feature. People lacking a good Internet connection would often find their vehicle missed several of the software updates that only get pushed over wifi (vs 3G or 4G cellular connections, which they try not to use except for smaller or really critical patches). The standard advice for these situations was to try to par
Re: (Score:2)
Tesla coming within GPS coords of service center could contact Tesla servers via LTE network, download the access point name and a one time use password. Can connect safely, securely without any involvement of the technicians. There are dozens of assets Tesla could deploy and ensure a secure log in.
More importantly they can upgrade every car already sold and in service
Why was this shown on a Tesla? (Score:3)
I mean I don't expect Teslas to be less vulnerable than other cars - I have no reason to believe one way or the other, but since the specific vulnerability used was on the 3rd party 'ConnMan', which Tesla does not use since last year while other manufacturers still do, why not demonstrate on one of those manufacturers? Is it just to feed on Tesla hate by getting 'Tesla hacked' headlines (which sort of imply it is the one vulnerable brand).
At least I am confident my older Ford cannot be hacked. It has a bluetooth enabled sony mp3/cd/dab media center that refuses to cooperate with practically any other device be it android, ios etc to do simple things like play streaming music or receive calls. So when it does not do things it's supposed to do, good luck getting it to do things it's not.
Comment removed (Score:5, Informative)
Re: (Score:3)
Ah, OK, that makes sense, it is not new research. I obviously, in /. tradition, did not RTFA.
Now that I have, this bit is interesting:
Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan. Intel was also informed since the company was the original developer of ConnMan, but the researchers said the chipmaker believed it was not its responsibility.
The researchers learned that the ConnMan component is widely used in the automotive industry, which could mean that similar attacks can be launched against other vehicles as well.
So, Intel makes (the rather serendipitously named) ConnMan and they couldn't care less it has vulnerable :D
Re: (Score:2)
ConnMan creates a vulnerability when Tesla configures it to connect to an AP called "Tesla Service" with a hardcoded password.
It's not clear that it is a problem out of the box.
Re: (Score:2)
That doesn't address the write-up of this, which is all, "Tesla is vulnerable to this, maybe some other people are too.", then at the bottom, oh BTW Tesla stopped using this code but others didn't.
Tesla is not vulnerable to this! They used to be, sure. But not anymore. You can't lead with, "Here's how Teslas can get hacked!" when that's not true anymore. Any reporter without an anti-tesla viewpoint would have written down the facts, not started with an outdated lie.
How hard is it to write, "Researchers plan
Re: (Score:3)
The ability to exploit this was apparently enabled by having Tesla's onboard computer automatically connect to a certain WiFi ESSID with a fixed password (see Gaygirlie's comment above). Maybe other vehicles aren't so gullible, and that's another reason why this was demonstrated on a Tesla?
Re: (Score:2)
People here hate Tesla for some reason so the stories generate clicks. You'd think they would be thrilled their car uses open source software but instead its always Oh fuck that electric bullshit.
Re: (Score:2)
People are generally thrilled by the OSS, but dismayed by the insecure design.
For instance, the software partition should not be writable without throwing a write enable switch.
This ain't that complicated. I mean, security is complicated, but Tesla is failing at it pathetically. They aren't even trying to use best practices. This is inexcusable in a vehicle with the high level of integration that Tesla uses.
Re: (Score:2)
I wondered this myself. There is a push on to hurt and tear down at Tesla and Elon Musk. Are there organized people trying to short his stock? Weren't these the same people putting him on a pedestal for pushing electric cars so hard?
Is his success making him a target for lawsuits, hence the trumpeting and over-hyperventillation at these issues, building a background hate meme in the populace useful in such?
Is he not playing the game of political donations?
I haven't seen stuff like this since the week Tas
Re: (Score:2)
Let me get in via a coat hanger, and hot wire the truck to start. Vs having a drone that costs hundreds of dollars, applying software to target a car (that still isn't always around) Then only to do some features that are annoying. Then after all that time and effort, only to realize they had applied a patch where it doesn't work, where you need to start again.
However I can still get into your Ford Ranger with a a coat hanger, and some basic tools to hot wire it, and then I can just take the Truck.
Re: (Score:2)
Re: (Score:2)
Bags of Gravel? That settles it, you are a guy who owns a Truck just so you can think you are a truck guy, but never uses the Truck as a truck.
A real truck driver, will drive to the query, get the bed filled with gravel (without bags), then pay based on weight. (they weigh the truck before you load and after) then you pay the difference.
Just admit you don't need a truck, you just wanted it. That is fine, it is your money do what you want. But just don't pretend to be Mr. Mandly Men who needs a Truck for
ConnMan or ConMan? (Score:3)
But that wont get clicks .... (Score:5, Interesting)
"Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan," the report notes. Since the ConnMan component is widely used in the automotive industry, similar attacks could be launched against other vehicles.
Tesla can, and did, fix such vulnerabilities discovered after shipping the product. The same vulnerability in other cars can not be fixed so easily and it would involve bringing the car to the stealership, if the car maker agrees to fix it. Not very sure they will fix it for free.
But that story will not get the clicks, so Tesla hacked is bandied about.
Re: (Score:3)
True, but as the post above yours demonstrates there are mistakes, then there are MISTAKES. In other words security 101 says it shouldn't have happened in the first place. This is why security is both a profession as well as a process, and companies (as well as open-source) need people who live and breath this stuff.
Re: (Score:2)
But they were not more moronic than competition, and the Tesla managers were as pointy head bosses as any in competition.
The only saving grace in this fiasco, is Tesla has the means to fix such mistakes.
Re:But that wont get clicks .... (Score:5, Funny)
I regard the fact that my car cannot have its software updated without me physically taking it to a dealer as a feature, not a bug.
Re: (Score:3)
Having lived with Tesla's continuous feature removal and UI downgrades over the air, I'm inclined to agree with you.
I must say that Tesla has really soured me to the whole concept of ota updates on future vehicles, they so often use it to remove functionality or degrade the UI, and almost never to add anything or improve anything. If my car still had the same UI, and the same features it had when I bought it in 2015 it would be a much better vehicle than it is today.
Re: (Score:2)
https://www.autoblog.com/2019/... [autoblog.com]
Granted the story is old, but the point won't go away.
It's not like Win10 May 2021 is substantively more secure than Win10 2016. Better, sure - but more vulnerabilities are always possible. It's not like hackers are going out of business anytime soon.
oh shit (Score:2)
automated drone wifi hacking is going to be a bad time
How to get publicity (Score:4, Informative)
Boss: boring. nobody will read that. Can we make it a Tesla?
Me: Well sure, but then we'd be demonstrating something that is not really relevant anymore and we'd have to find a car that was prevented from getting any updates which they generally do automatically...
Boss: No problem, I know a guy at a junk yard who recovers scrapped Teslas and fixes them and prevents getting updates.. Still, I don't think this is really going to be eye catching enough. I mean there are lots of stories about cars being hacked.. Can we spice it up some more?
Me: Well, I suppose we could say something about a drone
Boss: Is a drone required for this?
Me: No, but it will sound cool.
Boss: Great. Still needs something else.
Me: We could call this old irrelevant attack "T-Bone" to bring forth imagery of a horrible car crash.
Boss: Can this attack be used to create a T-Bone accident?
Me: I guess not really..but maybe.
Boss: It's a go!
----
I am not saying that this is not interesting - doing a test like this to 'demonstrate' something that is well known and patched is a semi-publicity stunt....it does work..so there is that.
Tesla is a high-profile (Score:2)
Lies. It was NOT hacked from a drone. (Score:2)
It is important to note that Dr. Weinmann and Mr. Schmotzle discovered the vulnerability and created a reliable exploit for it without having access to an actual Tesla car. “We emulated Tesla’s ConnMan entirely in our own emulator - KunnaEmu.
Slashdot has a long tradition of people posting without reading the article, but it's beginning to look like the Slash editors are the worst of these.
Re: (Score:2)
Hard to test it on a car when the vulnerability was patched 6 months ago and the manufacturer basically forces the updates to all their users.
Re: (Score:2)
wtf is wrong with you people.
The discovery of the exploit came before the Tesla patch, so yeah it could have been tested on an actual car.
But it wasn't. so the slashdot article title is a lie.
From the embedded link you had not read ...
Named “TBONE”, these exploits were originally written for the PWN2OWN 2020 contest, which was cancelled due to COVID-19. They later disclosed these vulnerabilities to Tesla, who patched them in update 2020.44 in late October 2020.
Re: (Score:2)
So "news" is the part missing, specifically the "new" part.
Re: (Score:2)
So "news" is the part missing, specifically the "new" part.
lol, yes. There is that.
You've expressed the crux of the matter better than I.
Buzzwords (Score:3)
Tesla Car Hacked Remotely From Drone Via Zero-Click Exploit
"3d printer" !!!
You forgot to cram 3d printer into the title!
Damn you, I was that close to crossing out my bullshit buzzword bingo!
Who would use something called "ConnMan"? (Score:2)
There can't be good karma using this.
Maybe somebody thought it was "cute", but I would think that nothing but trouble would come out of something called that.
How long before a cybersecurity attack.. (Score:2)
...sends a fleet of self-driving cars off a bridge?
Re: (Score:2)
...sends a fleet of self-driving cars off a bridge?
More likely someone, who is a thorn in the side of the powers that be, experiences a tragic and unfortunate accident. [wsws.org] It might be best explained as a cyber security attack, but any attempt to determine that will be stonewalled. The corporate media will get behind the narrative of 'nothing to see here move along', while Google and other big tech censors will dutifully concoct an excuse to squash any dissent under the guise of enforcing "community guidelines".
And you think self-driving cars will be better? (Score:2)
TSIA.
We are astonishingly far away from where I'd confidently get into an autonomous car without thinking some darknet script-kiddie isn't going to fuck with me (or worse). This Tesla example is only a faint hint at the data stream and connective systems involved that an autonomously driving car is going to have.
I do *not* understand why we are pushing so bloody hard to adopt something NOT READY FOR PRIME TIME.
Re: (Score:2)
Yeah I'm pretty sure your bot is suffering a hardware breakdown.