Researchers hack Tesla Model S with remote attack - Polidicks

[video=youtube;c1XyhReNcHY]http://www.youtube.com/watch?v=c1XyhReNcHY[/video] [QUOTE]Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the braking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other. “As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” the researchers from Tencent’s Keen Security Lab said in a blog post Monday. “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.” First, while the car was parked, the researchers used a laptop to remotely open its sunroof, activate the steering light, reposition the driver’s seat, take over the dashboard and central display and unlock the car. In a second demonstration, they turned on the windshield wipers while the car was being driven at low speed in a parking lot for demonstration purposes. They also showed that they can open the trunk and fold the side-view mirror when the driver is trying to change lanes. While these operations can be distracting to the driver in certain situations, causing a safety risk, the most dangerous thing they were able to do was to engage the car’s braking from 12 miles away. Such an attack, performed against a car being driven at high speed on a highway, could result in a serious rear-end collision. The researchers reported all of the vulnerabilities through Tesla’s bug bounty program, and the company is working on patches. Fortunately, Tesla cars can receive firmware updates remotely and Tesla car owners are advised to make sure that their vehicles are always running the latest software version. [/QUOTE] [URL="http://www.pcworld.com/article/3121999/security/researchers-demonstrate-remote-attack-against-tesla-model-s.html"]Source[/URL].

If it has code, it can be sowed.

The car needs to be connected to an affected wifi network, so its not like this could be abused on the highway or roads in general. Still good to see tesla responed though

Glad this is being done by a security agency and not a couple of rouge hackers

Already patched before the article was published.

With the combination of self-driving cars becoming more and more likely in the next few years, and hackers finding clever ways to get into them, it's only a matter of time before someone figures out how to basically lock someone in their car and kidnap them. If you got caught hacking a car like this with malicious intent, what could you get charged with? Endangerment? Attempted Murder if it's serious enough?

This was actually an exploit relating to the web browser in the car. The web browser is just an almost stock implementation of Qt's QtWebBrowser, and it's pretty shit.

[QUOTE=fruxodaily;51086810]Glad this is being done by a security agency and not a couple of rouge hackers[/QUOTE] Well there was already that hacker that was caught on camera using a laptop to steal cars. People had no idea how the cars were being stolen so subtly until he robbed a house with a security camera outside. He was using a laptop to somehow unlock the doors and disable the car alarm.

There's got to be tighter security when it comes to the breaking system. It should be on its own, separate, inaccessible system. My fucking breakpad doesn't need Bluetooth support.

[QUOTE=Morgen;51086836]Already patched before the article was published.[/QUOTE] To be honest, this is the usual standard with things like these. Unless the company is a dick and won't give out the bounty.

This is the great thing about Tesla, when this happens to, say, GM, they have to recall the car, and you have to bring it into the shop and get it updated to the fixed software. With a Tesla, you go to bed, and when you wake up it's fixed.

[QUOTE=Morgen;51086869]This was actually an exploit relating to the web browser in the car. The web browser is just an almost stock implementation of Qt's QtWebBrowser, and it's pretty shit.[/QUOTE] I think it was already known this was possible because of the old browser version that the car had.

I think in the long run highly computerised cars should possess a physical emergency switch somewhere which basically severs the on board computer's access from the battery and returns complete manual control of the car to the driver so that in scenarios like this you can regain some control of the car and pull over.

[QUOTE=OvB;51086849]With the combination of self-driving cars becoming more and more likely in the next few years, and hackers finding clever ways to get into them, it's only a matter of time before someone figures out how to basically lock someone in their car and kidnap them. If you got caught hacking a car like this with malicious intent, what could you get charged with? Endangerment? Attempted Murder if it's serious enough?[/QUOTE] I can imagine when Samsung comes out with their electric car that there are rumored to be making it will have the equivalent of Samsung Knox on the software which I won't be opposed to like I am on my smartphone. Samsung Knox is pretty secure on phones so if they use it on their car when they do release one it should be safe but then again you never know.

[QUOTE=YourStalker;51087053]There's got to be tighter security when it comes to the breaking system. It should be on its own, separate, inaccessible system. My fucking breakpad doesn't need Bluetooth support.[/QUOTE] If you really want to know how Tesla setup their security you should watch this: [video]https://youtu.be/KX_0c9R4Fng[/video]

[QUOTE=YourStalker;51087053]There's got to be tighter security when it comes to the breaking system. It should be on its own, separate, inaccessible system. My fucking breakpad doesn't need Bluetooth support.[/QUOTE] The previous defcon talk about this showed that they could engage the brakes and put the car in park at very low speeds, but past that the system just refused to follow anything that wasn't the pedals. I'm not seeing anything indicating any high speed behavior, so that's probably all they were able to do. Makes sense from a safety standpoint. You can remotely lock the cars as is, but not while they are running.

[QUOTE=fruxodaily;51086810]Glad this is being done by a security agency and not a couple of [B]rouge hackers[/B][/QUOTE] ah yes, those sly crimson bastards

[QUOTE=Morgen;51087671]If you really want to know how Tesla setup their security you should watch this: [video]https://youtu.be/KX_0c9R4Fng[/video][/QUOTE] So basically as far as we know no one can really mess with your car while on the read.

[QUOTE=eirexe;51088749]So basically as far as we know no one can really mess with your car while on the road.[/QUOTE] If all hell breaks loose at high speeds you should at least be able to steer your way to the breakdown lane and apply your brakes. If all hell breaks loose at low speeds (like 5 mph) your Tesla will just suddenly stop and shut off.