Quantcast
Chinese hacked Tesla via browser vulnerability - Beyond.ca - Car Forums
Results 1 to 14 of 14

Thread: Chinese hacked Tesla via browser vulnerability

  1. #1
    Join Date
    Jan 2004
    Location
    Calgary, Alberta
    My Ride
    Bicycle
    Posts
    9,269
    Rep Power
    49

    Default Chinese hacked Tesla via browser vulnerability

    http://www.autoblog.com/2016/09/20/c...12-miles-away/

    Is it just me or the fact that you can affect drive units via any kind of network connectivity is a design flaw?

  2. #2
    Join Date
    Jan 1970
    Location
    YYC
    My Ride
    1 x E Class Benz
    Posts
    23,598
    Rep Power
    101

    Default

    It was fixed in 10 days. But yes, the ability from the browser to traverse the network to drive functionality is an odd design choice.
    Originally posted by SEANBANERJEE
    I have gone above and beyond what I should rightfully have to do to protect my good name

  3. #3
    Join Date
    Apr 2008
    Location
    calgary
    My Ride
    CLK 55 / 2g Eclipse / EP3
    Posts
    4,422
    Rep Power
    22

    Default

    The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot.
    Pretty much all public WIFI hotpots can be malicious or misused.

  4. #4
    Join Date
    Jun 2003
    Location
    Alaska
    My Ride
    Model S
    Posts
    2,034
    Rep Power
    26

    Default

    Still waiting for details, but I don't believe it's accurate that they have to be on the same network or physically near the car. It sounds like Tesla misunderstood the issue, and assumed that something done for the demo was a requirement to make the attack work, when it isn't.

  5. #5
    Join Date
    Jan 2004
    Location
    Calgary, Alberta
    My Ride
    Bicycle
    Posts
    9,269
    Rep Power
    49

    Default

    Originally posted by googe
    Still waiting for details, but I don't believe it's accurate that they have to be on the same network or physically near the car. It sounds like Tesla misunderstood the issue, and assumed that something done for the demo was a requirement to make the attack work, when it isn't.
    Sounds like the injection is done via browser and compromise wifi hotspot (common since everybody is connecting to free wifi and login page without 2nd thoughts anyway). Once in, they install something to remote pwn the car over LTE/3G.
    Last edited by Xtrema; 09-21-2016 at 09:02 AM.

  6. #6
    Join Date
    Jun 2003
    Location
    Alaska
    My Ride
    Model S
    Posts
    2,034
    Rep Power
    26

    Default

    Originally posted by Xtrema


    Sounds like the injection is done via browser and compromise wifi hotspot (common since everybody is connecting to free wifi and login page without 2nd thoughts anyway). Once in, they install something to remote pwn the car over LTE/3G.
    But there is no technical reason why it would have to come via a hotspot vs any random site sitting on the internet. You just have a few more options to force a visit if you're on the same network, but it's not strictly needed. The browser is totally unconcerned with that layer of the network stack. And the OS upon which the browser is running has access to the CAN bus, which is wide open once you can talk to it.


    Also, I don't believe Tesla fixed it properly either. I think they just patched the browser bug. They didn't fix the fundamental bad design that a browser bug can allow one to pivot through the OS. This is a problem because there are always more browser bugs. Some people will find them and submit them to Tesla and get their name out there, others will find them and quietly sit on them.

    One might think "oh as long as I don't open strange links in my car, I'll be fine." Not the case. First of all, we know from the recent leaks that it's the NSA and GCHQ's modus operandi to compromise routers around the internet and have those insert/redirect traffic to sites to identical copies of those sites with the malicious payload snuck in (LinkedIn was one of their favorites). If they can do it, so can less friendly nations. The other issue is forums and ad networks being compromised with exploit kits, so that users visiting a legit site get served the attack without their or the site owners knowledge. Imagine getting ransomware on your car! Tesla's advantage here is that they can push out upgrades fairly quickly, so the window might be so small as to not be worth it for attackers.

    Compare to airplanes, which are in no way allowed to have the entertainment functions on the same physical network or circuit as the plane's controls. Planes are designed so that if some passenger compromises the OS in their seatback unit or runs loose on the wifi network, nothing they could possibly do can physically reach any input to the flight controls or safety systems. That's what Tesla needs to do.

  7. #7
    Join Date
    Jan 2004
    Location
    Calgary, Alberta
    My Ride
    Bicycle
    Posts
    9,269
    Rep Power
    49

    Default

    Originally posted by googe
    Compare to airplanes, which are in no way allowed to have the entertainment functions on the same physical network or circuit as the plane's controls. Planes are designed so that if some passenger compromises the OS in their seatback unit or runs loose on the wifi network, nothing they could possibly do can physically reach any input to the flight controls or safety systems. That's what Tesla needs to do.
    Totally agree. So far if anyone should understand that it's Tesla. It's bad enough that FCA is screwing up with their U-Connect.

  8. #8
    Join Date
    Jan 1970
    Location
    YYC
    My Ride
    1 x E Class Benz
    Posts
    23,598
    Rep Power
    101

    Default

    Originally posted by googe
    Compare to airplanes, which are in no way allowed to have the entertainment functions on the same physical network or circuit as the plane's controls. Planes are designed so that if some passenger compromises the OS in their seatback unit or runs loose on the wifi network, nothing they could possibly do can physically reach any input to the flight controls or safety systems. That's what Tesla needs to do.
    I believe there was an airline hack where someone was able to go from the entertainment network as the plane's data or controls network. I'll have to look it up again.

    Realistically though, segregation is what ALL car makers need to do. It's insane how much control CAN has with all the automation coming into play. Of course with segregation comes functional limitations. How else can you remotely move your car in and out of the parking spot simply with your phone?
    Originally posted by SEANBANERJEE
    I have gone above and beyond what I should rightfully have to do to protect my good name

  9. #9
    Join Date
    Apr 2008
    Location
    calgary
    My Ride
    CLK 55 / 2g Eclipse / EP3
    Posts
    4,422
    Rep Power
    22

    Default

    Originally posted by rage2

    I believe there was an airline hack where someone was able to go from the entertainment network as the plane's data or controls network. I'll have to look it up again.
    I think I posted that - that particular even was proven false apparently, however some questions still came up as to certain IFE systems in older aircraft are linked to through the same data bus.

  10. #10
    Join Date
    Oct 2005
    Location
    Red Deer, Alberta
    My Ride
    1995 WRX STi
    Posts
    1,560
    Rep Power
    0

    Default

    Originally posted by rage2

    It's insane how much control CAN has with all the automation coming into play. Of course with segregation comes functional limitations. How else can you remotely move your car in and out of the parking spot simply with your phone?
    Canbus is designed to lock users out of the ability to make changes or repair their car.

    There is no reason for Canbus to exist as there are plenty of durable, proper industrial communications protocols/systems that could be used in a car.

    I especially like how (for instance) the electric power steering module has to have the proper VIN flashed to it for it to work when installed in a new car. F*&king ridiculous.

    You don't need browser software for the functionality to work. The browser should be completely separate, thats the dumb part.

  11. #11
    Join Date
    Jan 1970
    Location
    YYC
    My Ride
    1 x E Class Benz
    Posts
    23,598
    Rep Power
    101

    Default

    Well it's not just the browser, that's just the entry point. Tesla's designs have that screen controlling everything in the car from HVAC to drive settings, so you do need it to communicate somewhat with driving systems. It's just that the browser sits on the same screen.

    Why the hell a car needs a web browser is beyond me though. The last used Tesla that I test drove, the guy had the browser open with a fireplace video playing.
    Originally posted by SEANBANERJEE
    I have gone above and beyond what I should rightfully have to do to protect my good name

  12. #12
    Join Date
    Jul 2004
    Location
    YYC
    Posts
    4,304
    Rep Power
    85

    Default

    Originally posted by rage2
    Why the hell a car needs a web browser is beyond me though.
    Beyond on the Go.

  13. #13
    Fuji's Avatar
    Fuji is offline Track Events Co-ordinator
    Join Date
    Jun 2002
    Location
    Calgary
    My Ride
    cars
    Posts
    2,011
    Rep Power
    24

    Default

    Originally posted by rage2

    I believe there was an airline hack where someone was able to go from the entertainment network as the plane's data or controls network. I'll have to look it up again.

    Realistically though, segregation is what ALL car makers need to do. It's insane how much control CAN has with all the automation coming into play. Of course with segregation comes functional limitations. How else can you remotely move your car in and out of the parking spot simply with your phone?
    That was never actually confirmed. It was a guy who said he could do it, in the wild and in practice it hasn't been demonstrated to be done yet.

  14. #14
    Join Date
    Jul 2010
    Location
    Homeless
    My Ride
    Blue Dabadee
    Posts
    9,593
    Rep Power
    100

    Default

    My BMW has a browser. What a waste of development dollars...
    Originally posted by Thales of Miletus

    If you think I have been trying to present myself as intellectually superior, then you truly are a dimwit.
    Originally posted by Toma
    fact.
    Quote Originally Posted by Yolobimmer View Post
    This quote is hidden because you are ignoring this member. Show Quote

    guessing who I might be, psychologizing me with your non existent degree.

Similar Threads

  1. Vulnerability in Netgear and other home Routers

    By ipeefreely in forum Computers, Consoles, and other Electronics
    Replies: 10
    Latest Threads: 12-20-2016, 11:22 PM
  2. Tesla Megathread (was Just lost $40k USD on Tesla options)

    By RedDawn in forum General Car/Bike Talk
    Replies: 297
    Latest Threads: 10-27-2015, 09:25 AM
  3. OpenSSL/Heartbleed Vulnerability

    By frizzlefry in forum Society / Law / Current Events / Politics
    Replies: 85
    Latest Threads: 04-16-2014, 01:07 PM
  4. NFC for Android - Vulnerability +++?

    By jwslam in forum Computers, Consoles, and other Electronics
    Replies: 1
    Latest Threads: 07-26-2012, 10:43 PM
  5. Replies: 10
    Latest Threads: 01-17-2004, 07:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •