Cybertruck Weaponized

[T3slaDad]

This is wrong, Tesla’s have historically terrible cyber security.

References, please. Because hackers at the annual hackathon would beg to disagree with you. Also, the only successful hackathon team that won of all the hackathons Tesla has been to was only successful once the stars aligned, and through the simplest method possible - the browser.

The hack required you to have access to the car's dash already, open the browser, connect to an evil twin wifi network, and visit a compromised site. Oh and all that work and planning got you to the browser's root code, not the vehicle's.

So yeah, Tesla's are kind of secure. One of the best hacking teams to appear since 2011 could barely scratch the surface, and Tesla patched it 10 days later.

And not to be a broken record, but every other vehicle is less secure than a Tesla in my opinion. Other vehicles don't get regular patches. Other vehicles don't have proactive updates. Other vehicles don't give you the luxury and various safeties.

Other vehicles are WAY more vulnerable and the various car thieves, hackers, etc out there are targeting them over a Tesla. Why? Ease, speed, convenience, and anonymity. You steal a Tesla, congrats, you're being tracked by the owner. You fail at stealing a Tesla? You're being recorded by sentry mode and swiftly caught (or way better chances). Thieves are learning that Tesla's are bad targets and avoiding them for the low hanging fruit (every other car without active security).

TL;DR, post facts before saying Tesla's have terrible cyber security and realize that it's light-years ahead of the competition.

Advertisement

 

[FutureBoy]

References, please. Because hackers at the annual hackathon would beg to disagree with you. Also, the only successful hackathon team that won of all the hackathons Tesla has been to was only successful once the stars aligned, and through the simplest method possible - the browser.

The hack required you to have access to the car's dash already, open the browser, connect to an evil twin wifi network, and visit a compromised site. Oh and all that work and planning got you to the browser's root code, not the vehicle's.

So yeah, Tesla's are kind of secure. One of the best hacking teams to appear since 2011 could barely scratch the surface, and Tesla patched it 10 days later.

And not to be a broken record, but every other vehicle is less secure than a Tesla in my opinion. Other vehicles don't get regular patches. Other vehicles don't have proactive updates. Other vehicles don't give you the luxury and various safeties.

Other vehicles are WAY more vulnerable and the various car thieves, hackers, etc out there are targeting them over a Tesla. Why? Ease, speed, convenience, and anonymity. You steal a Tesla, congrats, you're being tracked by the owner. You fail at stealing a Tesla? You're being recorded by sentry mode and swiftly caught (or way better chances). Thieves are learning that Tesla's are bad targets and avoiding them for the low hanging fruit (every other car without active security).

TL;DR, post facts before saying Tesla's have terrible cyber security and realize that it's light-years ahead of the competition.

For a while a few years ago it was popular to write stories about hacking vehicles remotely. But none of those stories were about Tesla as I recall.

Ahh, here is Inside Edition reporting on a story from Wired.

 

[xodarap1]

I wish the brakes could have stopped my motorcycle when it got stuck on full throttle, but NOPE I got taken for a wild ride, until I crashed. A kill switch is a must!!

what about just pulling the clutch and let it blow?

 

[Crissa]

many sources tell me this was not a “brake malfunction”
https://www.independent.co.uk/news/...o-almost-crashes-missouri-watch-a7923241.html

This cite doesn't support your allegation.
Your other cites are completely unverifiable anonymous accounts.

So I find your additions to this thread dubious, at best. Especially when faced with their relative quality, which is that they've never caused an accident with a memory space violation like Toyota.

-Crissa

 

[T3slaDad]

This cite doesn't support your allegation.
Your other cites are completely unverifiable anonymous accounts.

So I find your additions to this thread dubious, at best. Especially when faced with their relative quality, which is that they've never caused an accident with a memory space violation like Toyota.

-Crissa

Well, to be fair the bluetooth attack does have merit as it was published and is being patched. However, it's an attack that adds key to the car and allows the hacker to drive away. But this still doesn't address the root issue - the vehicle owner can still track and recover the vehicle.

@imwill - We're talking about 2 different issue. You are talking about the ability for a Tesla to be hacked in any way. This thread is talking about gaining control of the vehicle, not just someone being able to reboot the cars mid-drive (which doesn't affect AP or driving components, by the way) or steal the car by adding their own key, etc.

I'm asking for proof that the vehicle drivetrain can be controlled by a hacker to make the vehicle go places it is not intending to go without being on the car and turning the wheel themselves. Show me where one has been successful at stopping the car mid-drive, made the wheel turn, hit the brakes or accelerator, told AP to navigate to an undesired destination while disregarding all safety features (ex drive off a cliff), etc. The OP wants to know if the car can be turned into a weapon, not just stolen or toyed with.

 

[Crissa]

Well, to be fair the bluetooth attack does have merit as it was published and is being patched.

Yes, and it was discovered by Tesla working with outside groups and giving them access to their on-board computer. Which is the opposite of them hiding their exploits and not fixing them.

I can’t reveal my sources due to revealing sources/methods.

That's called 'false authority' and it's a type of fallacy. It would be like saying I have friends at FireEye, and therefore I'm authoritative on some subject related to hacking. I do, but I don't, because I am not.

-Crissa

 

[Diehard]

Hackers would be much more likely to hack another vehicle. Tesla would likely be much harder to break than a BMW or VW.

Degree of difficulty may be a good demotivator but if size of the reward is large enough to overcome it, hacker may still choose Tesla. If Tesla has less manual and mechanical controls than competition, to the point that they don’t have to be there in person to take it away, the reward could be large enough.

 

[Bigvbear]

Now don't take this the wrong way, I am not anti Chinese at all.

But since Tesla decided to start manufacturing their vehicles there, you can bet the Chinese government has their hands on all the source code and sent it to their state sponsored hacking labs. Anything connected to the internet in China is monitored and censored heavily by the Chinese government.

Take that how you will.

 

[Luke42]

Then why are you against listening to those who are?

Debating 101

If you have to say you're an authority, you're not one.

How do you beat this this? Avoid mentioning your credentials, and introduce novel information (with supporting references) into the conversation.

Caveat: Unsubstantiated assertions are neither novel, nor information.

 

[Crissa]

Note: We have no way of knowing that's you in the news.
Also note: We don't know which one of the people in the news was supposed to be you.

On the Internet, no one knows you're a dog.

-Crissa

 

[Dids]

You’re right, me being quoted on the news, my previous and current employers, and my long list of industry certifications are completely irrelevant to the topic at hand... I guess I shouldn’t trust my doctor, he told me he was a doctor.
Also Wired, Hacker News, the Wall Street Journal, and former Tesla employees are also not supporting references, I made all of that up.

you give me too much credit my friend. I’m good, but not that good.

Correcting 101: Address comments that were actually said, not what you think they said. I’m just about the only one who has referenced any outside source. Where are your sources? Where are anyone else’s sources?

anyone?

Hey thanks for serving, I'm assuming you are 1 of the National Guard in the story... but since you said you work for Amazon I'm confused.

 

[Luke42]

You’re right, me being quoted on the news, my previous and current employers, and my long list of industry certifications are completely irrelevant to the topic at hand...

I can truthfully say all the same about myself, but you won't believe me.

Instead, I share what I've learned -- and keep quiet about my resume/CV.

Argument-by-authority only works in situations where you have earned personal authority. Else it becomes argument-by-ego, in my experience, which is what we're seeing here.

 

[Luke42]

So let’s take ego out of the equation.
Try addressing my references.
What part of my references do you disagree with on a technical note?

I find it very strange that a vocal few of you cherry pick certain comments and act like that’s all I said. Like Crissy with my claim of the car being hacked, or you with my claims of employment and authority.

What about the facts? Former employees, a venerated hacker forum, the Wall Street journal, Wired, are all saying the same thing.
Oh, but you’re busy trying to tell me about debate 101.

Former employees' rants are not a full and objective picture of the IT situation. Tesla is undoubtedly a pressure cooker, which is important in human terms -- but doesn't provide an objective assessment of their IT.

Can you please point me to references which contain actual technical information?

I've been to SANS and I spent a decade in large-scale IT (primarily HPC and Big Data), so please provide a reference that would contain actual technical information at that level. The devils are in the details, so that's where we need to go.

 

[Frankenblob]

Yes, and it was discovered by Tesla working with outside groups and giving them access to their on-board computer. Which is the opposite of them hiding their exploits and not fixing them.


That's called 'false authority' and it's a type of fallacy. It would be like saying I have friends at FireEye, and therefore I'm authoritative on some subject related to hacking. I do, but I don't, because I am not.

-Crissa

Lets keep it simple, ALL computer programs/networks that have a backdoor can and have been hacked.

I remember being told "Apple can't be hacked or IBM cant be hacked or...).

If it has a backdoor it CAN be hacked and to whatever ends the hacker wants!

 

[Dids]

How are a former employees detailed rants not data?

You want an objective scientific study of unpatched Tesla vulnerabilities? That’s not how the real world works.

Read through my previous comments. The HN threads and the Former Tesla firmware engineer’s testimony were very revealing. I was shocked when I first read it, as more came out I realized that Tesla wasn’t so much secure, as much as they were lucky. Solar Winds was in the same boat until their number came up.

OP didn’t ask for proof, or references, or whitepapers. He asked for concerns. I gave them, supported by evidence.
As an experienced IT pro, what are your concerns with Tesla’s?

That’s awesome with the HPC environment. I’ve never worked in anything like that. How was that?

I have also read your "data" and found it unbelievable. Lots of people say things, especially on the internet, and some of it is garbage. You want me to believe that a Tesla is vulnerable to being remotely controlled based on the "data" you provided? Well, i don't.