Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Transportation Security

Teen Hacker Finds Bug That Lets Him Control 25+ Teslas Remotely (arstechnica.com) 57

An anonymous reader quotes a report from Ars Technica: A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday. David Colombo explained in the thread that the flaw was "not a vulnerability in Tesla's infrastructure. It's the owner's faults." He claimed to be able to disable a car's remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car's exact location.

However, Colombo clarified that he could not actually interact with any of the Teslas' steering, throttle, or brakes, so at least we don't have to worry about an army of remote-controlled EVs doing a Fate of the Furious reenactment. Colombo says he reported the issue to Tesla's security team, which is investigating the matter.

This discussion has been archived. No new comments can be posted.

Teen Hacker Finds Bug That Lets Him Control 25+ Teslas Remotely

Comments Filter:
  • They changed their passwords to 1234.

  • My sister's getting annoyed at her rear camera cutting out

    • I think there is a recall out for the cable to the rear view camera becoming damaged which causes a loss of power to the rear view camera. I suggest you contact Tesla service.

      • I think there is a recall out for the cable to the rear view camera becoming damaged which causes a loss of power to the rear view camera. I suggest you contact Tesla service.

        You are correct. There is a recall of nearly 500,000 Tesla vehicles due to poor manufacturing [cbsnews.com]. One recall is for the camera issue stated above due to closing the trunk causing worn wires (think about that for a moment), and the other is for the front hood spontaneously popping open while driving because the latch fails.

        Can't wait for the fake wood [slashdot.org] to desintegrate.

  • Hope he doesn't get arrested for it...

  • API tokens where is the 3rd party repair access apis?

  • why must a car be connected to the internet in any capacity?
    why does it need software updates?
    why does it need telemetry and tracking?

    can you disable this nonsense? i like the idea of a tesla, but the privacy aspect is a deal breaker.

    • As always, the answer is Miata.
      https://engineswapdepot.com/?p... [engineswapdepot.com]
      https://m.youtube.com/watch?v=... [youtube.com]

    • Re: (Score:3, Interesting)

      by King_TJ ( 85913 )

      Seriously? I'm assuming you already know the answer to these questions, if you're savvy enough about tech to even read Slashdot in the first place.

      But in a nutshell? A Tesla has two separate computer systems; one for the infotainment center/touch-screen, and the other a discreet system that handles the autopilot/self-driving capabilities.

      The software updates Tesla pushes out over wi-fi (or a cellular LTE network in cases where they're not too large) are to improve the touch-screen infotainment experience.

      • Okay, so you need the OTA updates for features that are gimicky, not-necessary, and just kind of silly. (i contend that a freaking tablet in the center console is in all ways inferior to tactile knobs, and having instrument clusters directly above/behind the steering wheel is still wise). And, at the end of the day, it's still just a car.

        it's interesting the amount of pearl clutching caused by someone having the audacity to hold a phone in their hand while driving; yet silly infotainment gadgets like the ab

        • by psergiu ( 67614 )

          Example of free OTA updates I received since i got my M3 2 years ago:
          - Optimization of regenerative charging and improvements in power usage, adding 10 miles of range to the car.
          - Option of also view-ing side cameras while reversing ( very useful when backing out of a parking spot)
          - Voice commands for almost every operation done in the UI. And improvement to the voice commands (original version had issues with my accent, latest ones understand everything)
          - AutoPilot recognizing speed limit signs and using t

        • by micheas ( 231635 )

          How to adjust the wipers:

          • tap wiper stalk on steering wheel
          • tap the popup on the display that I can reach without taking my hand completely off the steering wheel if I tap it with my right pinkie
          • done

          Learn how to use the controls of a car before driving the car. No matter what car it is. Yes, you can get to the wipers by going through three menus, but that isn't how you should get to them while driving. I'm sure that there are convoluted secondary ways to get to controls in other cars as well.

          As far as I kn

          • I'm still not sold on replacing simple mechanical devices with electronics that drive more complex mechanical devices. ... with a very very few exceptions, like ignition (fuel injection).

        • First, the speedometer is *never* covered. Ever.

          Second, while the new update has made some settings harder to get to (which I find really fucking annoying, but that's probably because I was used to where they used to be after driving a Model 3 for 2+ years), there is a physical button to make the wipers do a swipe of the windshield immediately on the end of the turn signal stalk. Also, you can use the voice thing to adjust the wipers - "set wipers to 2", "turn on wipers", "set wipers to auto" etc. work ju

      • And the brake system. https://www.theverge.com/2018/... [theverge.com] If you can fix them OTA, you can break them OTA.
      • by AmiMoJo ( 196126 )

        Tesla does update the autopilot features over the air. They upgrade and downgrade them quite often, in fact. Sometimes you get new features or improved operation, other times they disable features due to regulatory issues or accidents.

        That is except for in Japan, where the regulator forbid it.

      • I don't think you are right, from tesla.com (I don't think you can get more authoritative than that) https://www.tesla.com/en_NZ/mo... [tesla.com]:

        Full Self Driving Feature

        The currently enabled features require active driver supervision and do not make the vehicle autonomous. The activation and use of these features are dependent on achieving reliability far in excess of human drivers as demonstrated by billions of miles of experience, as well as regulatory approval, which may take longer in some jurisdictions. As these self-driving features evolve, your car will be continuously upgraded through over-the-air software updates.

      • by psergiu ( 67614 )

        The code for the autopilot can be updated. Last year my M3 gained ability to recognize & display other objects on the road besides cars and to read and act upon stop signs and lights and speed limit signs (autopilot speed changes automatically). Also there are all the people getting the new FSD beta code which uses the AI chips in the current-gen hardware.

        You CAN turn off mobile connectivity and wifi and the car will not transmit or receive anything. But then you will lose traffic-aware routing and all

      • The computer and code for the autopilot don't receive updates that way. You only get a new version of that when you buy a Tesla vehicle with a newer generation of it installed. (They had AP 2.0, 2.5 and 3.0 so far, plus the Intel Mobileye tech they licensed initially, which many refer to as AP1.)

        HW3 vs HW2 is a hardware change. But firmware, the code that controls subsystems is updateable over the air. They update it pretty frequently. That's one of the big advantages of Tesla being vertically integrated. They can add a new revision to the LTE modem and then push out updates over the air to fix a bug for instance using too much power.

        The challenge that legacy automakers face is that every component in the car comes from a vendor as a complete package. So if you want your LTE modem firmware updat

        • Well, ok.... I do stand corrected in a sense, here. The crux of the issue is, you've got a lot of computerized systems interacting in something like a Tesla.

          If you're talking about older Teslas with AP1 autopilot? The entire system was a different code-base because they licensed it from Intel. They haven't made any software changes/updates to that since around 2014-15. (Not sure they even legally could?)

          With the newer stuff, yeah - they can update firmware whenever they wish. A lot of the limitations in t

  • I don't want my car connected to anything except me ass.
  • by OverlordQ ( 264228 ) on Wednesday January 12, 2022 @05:48PM (#62168557) Journal

    He found people running a 3rd party app with default credentials.

  • "It's the owner's faults."
    What is the proper form?
    Owners' is for group ownership right and the group owns the fault, right?

  • Query to Oracle whether LOG4J was used internally for Java JVE/Java SDK by Oracle and could the whole ecosystem be compromised brought NO ANSWER AS OF TODAY.
  • but Kitt's gone to the Dark Side

  • I would consider this to be a vulnerability. The fact that the cars can be remotely controlled in the first place, and that critical systems are not air-gapped is a fundamental security design flaw.

    I don't want my car talking to the Internet. I'm not even sure that I want the radio talking the Internet due to privacy implications (this rules out a GPS too obviously, and even having a smart phone in the vehicle), but I can at least see the value there.

    But anything that has to do with the operation of the veh

  • Can some enlighten me about the (Internet) connectivity of any of today's cars? I can see an owner giving his car his Wi-Fi password, but in cases of cellular connectivity, who pays that bill? And are the data transfers through standard Internet sockets? If they're secure, are there certificates involved that expire in ten years, etc.?

    Thank you in advance.

When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle. - Edmund Burke

Working...