Monday, August 31, 2020

Tesla vehicles 100% hacked.

/Ctrl/Shift/Del...Oops.
It develops that in 2017 an enterprising hacker managed to hack his way so far into Tesla's server system that he gained control over -all- Teslas everywhere.

A new Electrek story details the saga of Jason Hughes, a whitehat hacker who says he managed to gain a flabbergasting level of access to Tesla's internal servers — managing to seize control of the company's entire fleet of electric vehicles.
The alleged hack took place back in March 2017, and Hughes immediately alerted Tesla's security team, which quickly patched the security hole. Still, it's a fascinating glimpse at the perils of connected vehicles.

The Jewel in the Crown hack. Mr. Hughes managed to activate the "Summon" command of individual Tesla cars. When used the car comes to your location from where it is parked, by itself. Meaning he could steal any Tesla in the world without even being there.

Let us consider a few things.

1. This is proof that the Tesla company has remote control over your Tesla vehicle. And by remote control I mean they can make it start up and drive away from where you left it. Not a conjecture anymore. Proof.

2. Possibly the Tesla company could make your Tesla vehicle go where they want, with you in it. It depends how they wrote the software. There might be a "police" function that ignores input from the steering, brakes and accelerator. I would not be amazed to find such a thing was written and downloaded to every car, but not implemented. That's how Silicon Valley thinks.

3. Tesla's security is about average. If random hacker Jason Hughes can get in, guys with ulterior motives can get in. Also, people who work for the company are potentially corruptible. You wave some money (or other things) in front of people, one of them may take it.

Now, the cherry on top. This situation applies to ANY VEHICLE that can accept wireless computer updates. Any Ford, GM, Chrysler, Audi, BMW, Mercedes can be hacked in this manner. If it has a self-driving feature like some electric cars do, it can be instructed to drive away. Not just Tesla. All of them.

Just thought you ought to know.

2 comments:

Anonymous said...

You hit my thoughts pretty much on the nose. When I read this...

Mr. Hughes managed to activate the "Summon" command of individual Tesla cars

...yes, there was some distress at the idea that someone could access that illegally, but it was dwarfed by my brain screaming, "WHY THE HECK DOES THE CAR HAVE A 'SUMMON' COMMAND IN THE FIRST PLACE?" My car is mine, and oughtn't be summoned by anyone, "authorized" or not.

The fact that the command can be hacked is just the cherry on the crap sundae.

The Phantom said...

The scenario for the Summon command is probably having the thing drive over to the elevator in your condo parking garage, so that you don't have to schlep all your crap through the dingy and possibly unsafe garage. Probably a big selling point in LA or San Francisco, where they have a serious goblin infestation.

But the thing can be remotely accessed by the company? Are you kidding me? How is that good? Not to mention, according the the article the car reports -all- its data to the Mothership. How fast you were going, where you went, when was the last time the passenger door opened, how many people were in the car, etc.

Needless to say, I will not be buying a Tesla.