Slashdot Mirror
Tesla Model S Has Been Hacked
cartechboy writes: First, it was Chrysler last month with its Uconnect system being hacked while being driven down the road. Now, it's Tesla's turn. That's right, the Silicon Valley automaker's very own Model S electric car has been hacked by two white-hat hackers. The duo were able to manipulate the speedometer, lock and unlock the car, and at speeds of less than 5 mph they were able to make all the electronics go blank and shut down the car while engaging the emergency parking brake dragging the car to a stop. Tesla's already issued a software update that owners can download to path the security flaw. Welcome to the new world where cars can be hacked thanks to all their electronics.
IoT sucks! Welcome to the future.
What the summary fails to omit is that you first need physical access to the car and since they have the ability to do updates over-the-air, they don't need to recall more than a million vehicles to fix the issue.
Didn't they have to physically "break" the car before they got access into it? Your post is clearly a scare tactic.
Nothing here... So... SHOOO!!!
To protect against cyber threats that would work. To protect against nuclear EMP (since we were talking Fallout)? Not so much. Even 70s and 80s cars use coils and ECUs, and that would get fried. What you need is mechanically injected car with non-electronic control. Some of the early 70s Mercedes would almost work, since they used vacuum to control everything.
Tesla's efforts still won't provide the level of electronic security from remote hacks that old Lucas equipment did.
Time to offend someone
as a college grad with more debt than a south american country, I can tell you I was worried about this bug. I came up with a handy countermeasure to avoid nefarious car hackers:
I work two jobs and drive a 2001 Ford crown victoria i bought for six hundred bucks at a police auction. It burns oil, and smells like parking citations and regret. On a hot day it stinks like hamburgers; I do not know why. The jiggle required to get the spare key to engage the ignition is nothing short of a shao-lin kung fu scene. This car still has a throttle cable, and practically came off the line with the check-engine light on. The upholstery is permanently stained with the detritus of an entire cities overweight, underpaid cops.
Hacking my brakes wont work, the pedal goes to the floor to try and stop this 2 and a quarter ton house on wheels so if anything it might be an improvement. randomly triggering the accellerator, assuming one can do this in a vehicle with a throttle cable, will result in a godless heavy metal grunt from the engine as this 210 horsepower v8 struggles to maintain basic lane positioning. The AC hasnt worked since the clinton era, and mysteriously burps up pieces of foam. The door locks are mysterious and random enough already, and functionless for the rear passenger.
Good people go to bed earlier.
Any car or computer can be hacked when you have physical access to the car. Furthermore Tesla has apparently already issued a patch making this pretty much a non-event.
When they get hacked remotely with no physical access (which is conceivable) then we should sit up and pay attention.
The only reason why this is happening is because the software developers are morons. In a mission critical system you never give write access from an entertainment module to critical system. The information system should not have the ability to make any changes in the engine software. The best way to enforce this is to use a hardware read only bus that sits between the entertainment system and engine system and only allow traffic to flow from the engine to the info system but not the other way around.
I use is in emergencies all the time in the winter. Every time I'm in a parking lot after a fresh snow, I urgently need to do 90 and 180 degree turns repeatedly. I assumed that was what it was for as it works perfectly - what do you use it for?
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
When hydraulic brakes were introduced there was concern that if they failed, the driver would have no way to stop the vehicle. So, regulations were added to require every car with hyrdaulic (or electric) brakes to also have an Emergency brake that was totally manual and not connected to the hydraulic system. This was to satisfy FMVSS 105 (now replaced with FMVSS 135):
" Vehicles shall be capable of stopping under partial failure of the service brake system, inoperative brake power assist unit or brake power unit, antilock failure, variable proportioning valve failure, and with the engine off"
There is a maximum distance and pedal pressure specified.
FMVSS 135 also states:
"Each vehicle shall be manufactured with a parking brake system which, when engaged, shall be capable of holding the vehicle stationary on a specified grade for a specified time. "
I have never seen a passenger vehicle with two separate systems, so the Emergency Brake is also the Parking Brake. Or handbrake if you prefer as it is manual brake.
Why would you NOT use the e-brake in an Emergency? You are barrelling down the highway at 70mph when your oil filter lets go. Your engine overheats and fails within seconds. Do you a) do nothing or b) use the ebrake to slow down and pull over? why would you not want to save your own life?
But it won't require as much replacement wiring smoke as the Lucas electronics did. http://www3.telus.net/bc_trium...
There is no God, and Dirac is his prophet.
Can we stop calling you guys 'editors', and just get on with 'clowns who post story submissions'.
Because it's quite clear you don't actually, you know, edit.
Lost at C:>. Found at C.
OK, so there's a security patch available. So what? "We regret that you crashed at 85mph yesterday - please download our latest patch?" The problem is not the software per se, but the mere fact that there's external access at all. Because there's simply no such thing as "flawless" code. And the internet's been around long enough to show us that, if there's any legitimate way in, people who want to abuse the system will get in as well, and find a way to subvert it. And right now all we're seeing are "white hat" attacks; just wait until the black hat guys start getting creative.
To protect against nuclear EMP (since we were talking Fallout)? Not so much.
Trust me on this... EMP is NOT an issue for your automobile... They tested this with a number of vehicles years ago and found that EMP was not a major issue for the electronics in cars.
EMP affects electronics to varying degrees. I break it down into three groups. First there is the "no noticeable" affect group. This is where an EMP has no noticeable affect on the equipment's operation, for a car this means it keeps running. Second there is the "upset" where the EMP causes the equipment to malfunction temporally. Then there is the "Requires repair" category where the EMP breaks something so the system doesn't operate.
As I recall, they tested a dozen vehicles, ranging from small cars to large trucks and they applied pulses at the strength one expects to see just outside the blast radius of your standard nuclear device where one would expect that people could drive. ALL of the vehicles fell in the first two categories, with most falling in the first. It was like 2 out of 12 vehicles that where upset enough to stop running, and both of these where "repaired" by turning off the key and restarting them.
I conclude from this that EMP isn't a problem for the vast majority of vehicles on the road today. If you think about this, it makes perfect sense. Electronics in cars are basically inside of a metal box, which is itself inside of metal boxes. They are self contained electrical systems in a faraday cage, especially the parts that "make it run" down the road.
So don't worry your self over your modern car not running in the event of an EMP.... There will be MUCH bigger fish to fry if that happens. You are going to need water, food and protection first, not transportation.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
As opposed to the old world where a car that didn't have any sophisticated electronics was trivial for someone to steal?
File under 'M' for 'Manic ranting'
The only way we are safe from the Cylons is to not network all the systems in the ship together.
The ebrake will NOT lock your wheels up as long as you have a bit more finesse than an angry gorilla. Press and hold the button in and lift the lever until you feel it begin to grab. Do not yank the lever up like an idiot.
Because people are trusting their life to a system that has consistently proven that it is not secure
You know what else I'm trusting my life to? You not turning your steering wheel a quarter turn left when we pass each other on the road. I'm trusting that you will actually stop at a stop sign. I'm trusting that my airbag will not malfunction. I'm trusting the ignition to actually work. I'm trusting that you are capable of driving competently unimpaired by alcohol. We trust our lives to a lot of things that have consistently proven to not be secure and this bit of hacking is no where near the top of the danger list. Sure, let's be concerned about it but let's not blow it out of proportion either.
Do these come in turquoise?
Don't look to Tesla to change the OTA acccess their building into their cars any time soon. I'll tell you why.
There's a frightening amount of electricity generated by their cars and mechanics who don't know what they're doing are quite likely to eletrocute themselves.
Then the headline will be:
Another Mechanic Killed By Tesla Car.
To prevent that headline from ever materializing and destroying their market share, they reserve the right and aiblity to remotely brick the car.
If the car is in an accident, it gets bricked and the only result of trying to start the car is a message on the instrument panel which reads (approx) : "Take car to Tesla service station for service".
Mechanics CAN'T work on Tesla cars.
Unfortunately, when you connect a car to the internet or otherwise make it accessible OTA you dramatically increase the attack surface area.
Here's a few characterisitics of the new attack vectors:
*A criminal can effect many cars at once. Previously, a 1:1:1 ratio existed between criminals, cars and some discrete unit of time.
*A criminal can make a criminal event imitate an accident. Previously, if the car blew up Mafiosa-style or was stolen, the criminal event was clearly recognizable as a criminal event. Even cutting the brake lines left tell-tale signs. Obviously, a surreptitious way to access the car's electronics is, well, surreptitious .
*The attack vectors have mutiplied to as many zero-day exploits in as many electronic parts as could be effected by zero day exploits. Previously, even if there was a theoretical way to access the computer that controlled critical systems, it was still a head-under-hood affair involving that system.
*Zero day exploits aren't going away. There is no "recall" that is going to "fix" the problem because the problem is now a changing target. Previously, just as criminals and car thefts (or other crime) were 1:1, so also were defects and defective components. Recalls could fix the componnt and return the car to service. Now the subsystem is known to be fundamentally unfixable.
If we could stop people from exploiting critical computer systems, we would have done it. A car is not going to be special in this regard.
Bring it.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel