Tesla Model S Hack

Impressive remote hack of the Tesla Model S.

Details. Video.

The vulnerability has been fixed.

Remember, a modern car isn't an automobile with a computer in it. It's a computer with four wheels and an engine. Actually, it's a distributed 20-400-computer system with four wheels and an engine.

Posted on September 21, 2016 at 7:33 AM • 41 Comments

Comments

ThomasSeptember 21, 2016 8:20 AM

Interesting...

"check the nearest charging point" ... while we MITM the request and hack your car?

"we can fold the mirror while you're changing lanes" implies that there is an interlock of some sort.

"Patch Tuesday", coming soon to a car near you!

MikeASeptember 21, 2016 10:27 AM

There is good news and bad news about "this time the software will be patched". In my experience over at least the last five years, and despite chirpy "Got to admit it's getting better" from the vendors, I still see vulnerabilities being introduced at about the same rate as they are (sometimes grudgingly) removed. Yes, on all of Apple, MSFT, and the half-dozen or so Linux distros I've used.

Probably not unrelated to the priority of Revenue Enhancement (Or Ideology) over Security and Stability that they all have (yeah, probably related to the bug density and type of bugs). In two general categories:

1) Tie a user more firmly to vendor-supplied cloud services, to allow data-mining and "you don't own anything, but we will rent it to you".

2) Not back-porting even simple patches for glaring holes back to "obsolete" (say, 3-5 years old) hardware. "Hey, sorry we left Heartbleed and Shellshock in your car, but we can't be arsed to roll a patch for your model, so you'll just have to shell out another $50K

And of course, the update process itself. E.G. the game-wardens in Africa whose communications were cut off while the PC that managed their satcom link "updated" to Windows 10, over said satcom link. Or the various bricked iDevices.

Tim van BeekSeptember 21, 2016 10:30 AM

Isn't it nice that your car company can update your car's software anytime without you even noticing it? Super easy...

AndrewSeptember 21, 2016 10:39 AM

Why the car can connect to wifi? Oh, sorry, we want to make remote killing possible and this is the best idea we had.

Jim NSeptember 21, 2016 10:41 AM

@ Tim van Beek,

"Isn't it nice that your car company can update your car's software anytime without you even noticing it?"

You ain't see nothing yet. This is just another step on the "roadmap" to a finer horizon. ;)

JAMESSeptember 21, 2016 10:43 AM

Maybe we should be treating these "self driving" cars the same as a commercial passenger plane/jet. It has autopilot, but should only be used during the extended period the vehicle is traveling. If you are traveling in a non congested road/highway and your are going a certain distance, then auto can be engaged. Auto pilot cannot be engaged during rush hour or under a certain amount of miles, near your resident or place of work or etc.

All cars must be accompanied by a licensed driver and the driver must have passed an autopilot safety course.


Alien JerkySeptember 21, 2016 12:06 PM

We already have ransomware. I predict we will soon have hostageware. The doors lock, The A/C is turned off and heater turned full blast on a hot summer day. A nefarious digital voice comes over your radio speakers telling you to log into your bank account now and transfer all your money to them or else you die of heat stroke.

Just wait. I am sure some variation of that will happen in the near future.

Or how abouut the unhappy spouse that wants to collect the life insurance. So the car gets momentarily tweaked to cause a fatal crash.

Or the spooks need five more minutes to finish planting stuff in your place, so they cause a temporary "mechanical problem" that magically goes away in a few minutes.

Good thing my tin foil hat keeps me from being paranoid.

albertSeptember 21, 2016 12:37 PM

The best of both worlds: mobile banking.

An ATM in your car. Of course you'd have to refill the cash box periodically, but imagine the convenience. Plus you could do all your banking right there, while you're driving. Isn't technology wonderful?

Of course I haven't thought this through completely, but why should I be any different then those IoT geniuses?

. .. . .. --- ....

Fred PSeptember 21, 2016 12:48 PM

@Alien Jerky -
Your first issue could be solved (where I live) by a phone call to a locksmith or the police. I guess it could be a viable attack in a sparsely populated desert - at least until the victim attacks a side window.

The second issue is a more viable avenue of attack, although even with an old non-computerized car, one could do something similar mechanically, although one would need physical access to the car. I wonder how good their logs are to expose this sort of issue after the fact.

I think the third is more of a movie plot; there are plenty of ways to distract someone for a few minutes that don't require car hacking.

JTSeptember 21, 2016 1:03 PM

The most reasonably choice against these sort of things may be the culture of the industry/company that develops the item (in this case, car).

Automobile -- priority one is minimal cost to build, development always rolls their own, and lawsuit payouts are cheaper than included safety.

Software -- Zing and Zow before function, total control of the purchased item, look to the next release and leave the older ones behind.

Aerospace -- Our rocket shall not blow up, our airplane shall not crash, we will always be able to bring them home.

We've got the first two players. I'd gladly entertain a product from the third.

MichaelHastingsSeptember 21, 2016 1:08 PM

Tesla "hack". But can it really be hacked, as in modified for the user's benefit. I would love to own a Tesla, if, and only if, I could purge it of shitware and ridiculous features, notably wireless. I'm sure it would involve legal carnage, but it would be jolly if companies began springing up and offering security and privacy hacks for modern vehicles. Maybe even just toasting the wifi chips as a service. Massive Faraday car socks anyone?


I know someone who was driving a 2016 Lincoln Nav recently when suddenly for no apparent reason, on flat ground, it autonomously set itself to "hill assist" mode and instantly reduced its speed to 5MPH on a busy road, nearly causing a collision. They made all sorts of excuses at the dealership, but none that were acceptable to anyone unaccustomed to buying lots of bridges. There's a market for safe vehicles, or modifications to achieve such. But how to implement it is the question, if at all possible. Maybe ;) we could have a darknet service that does it remotely, payable in bitcoin... Is vehicle security that absurd?


- Michael Hastings

K.S>September 21, 2016 1:58 PM

""Patch Tuesday", coming soon to a car near you!"

Why would anyone ever want a connected car? What do you, the owner, gain for assuming all this risk?

JonSeptember 21, 2016 2:03 PM

""Patch Tuesday", coming soon to a car near you!"

Why would anyone ever want a connected car? What do you, the owner, gain for assuming all this risk?


The same as any time where the consumer assumes risk like this, convenience. You don't have to take your car to the dealership to get the software updates, it's just pushed to your car while you sleep.

EvilKiruSeptember 21, 2016 2:16 PM

@Fred P @Alien Jerky: Car door locks lock the outside door handles, not the inside handles (unless you've previously engaged the manually-operated child safety locks on the rear doors).

Clive RobinsonSeptember 21, 2016 4:14 PM

@ K.S.,

Why would anyone ever want a connected car? What do you, the owner, gain for assuming all this risk?

Think of all those "Cute Kitty Pics" you are missing out on whilst driving? All you need is HUD with the same resolution as that 50inch plasma display you have for them at home.

When (money/sense) is greater than 1, such daftness is an odds on certainty...

ComputersSeptember 21, 2016 5:00 PM

"Actually, it's a distributed 20-400-computer system with four wheels and an engine."

Modern computers are all actually distributed multi-comptuer systems, with all the different subsystems and controllers and firmwares all over them for different parts...

Sancho_PSeptember 21, 2016 5:41 PM

Which TLA will collect car zero-days to protect us (== stop / kill “terrorists”)?
Calm down, only if the person isn’t protected by the constitution, of course.

Is it part of the VEP?

Druther WahkSeptember 21, 2016 6:26 PM

My reading suggests human drivers and AI auto-drive vehicles cannot coexist. The essential problem is AI will react based on hard coded rule sets, while humans can and do adjust the rules and their driving according to the situation.

Thus, truly SAFE driver-less cars are a very long way from implementation.

I hope I never am forced to buy a "connected" vehicle. In my view they are just another, expensive, corporate/government tracking device.

Jim NSeptember 21, 2016 6:46 PM

@ albert,

"An ATM in your car."

Right. Fill the ATM in my car with my own cash money. Why didn't I think of that?


Michael HastingsSeptember 21, 2016 7:18 PM

Mr. Schneier,


When you write "The vulnerability has been fixed.", I interpret it in the sense of Price Fixing. I wonder if Elon would lose some subsidies if he promoted a secure vehicle.

I find the state of modern automobiles utterly embarrassing, as if all drivers had the discretion of children. It really does tempt misanthropy. It seems the consensus is that technology has purified the human psyche of all mischief and evil, therefore assuring us that the new and improved version of humanity has lost all such vestiges and is now 100% trustworthy. From here, no matter how gruesome it all gets, Hanlon's Razor is law.

Something Completely DifferentSeptember 21, 2016 9:14 PM

Hacking a car is a frightening proposition-- especially for the owner as well as the accident victim-- and almost humorous, ridiculous when viewed from somewhere in left field. Consider, too, hacking electrical grids, IOT, trains, nuclear facilities, medical devices, elections, brainwaves, and DNA. The Tesla is an appetizer for the feast yet to behold! Ugh. I prefer order to chaos.

Power Grid: https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

Nuclear: https://en.wikipedia.org/wiki/Vulnerability_of_nuclear_plants_to_attack

Medical Devices: http://www.nextgov.com/cybersecurity/2016/05/unlikely-threat-posed-hacked-medical-devices-va/128608/

Elections: http://www.bloomberg.com/features/2016-how-to-hack-an-election/

BIO-Phishing: http://www.wired.co.uk/article/the-bio-crime-prophecy

Brainwaves: https://www.fastcompany.com/3050498/elasticity/meet-the-hackers-who-are-decrypting-your-brainwaves

More brainwaves: http://www.dailymail.co.uk/sciencetech/article-3722558/Hackers-inside-BRAIN-Experts-warn-growing-threat-monitoring-controlling-neural-signals.html

oliverSeptember 22, 2016 2:33 AM

Hi Bruce.

Explain to me again, please, why this vuln' is exclusively only on tesla cars?
Is it because it is an always-online-connected car?
Or could this be on all cars that have any remote funtionality, that is on all the time?
E.g. can I use the keyless-entry system to hack into the CAN bus on any car that has it?

Just playing devils advocate here.

Thanks, Oliver

PiskvorSeptember 22, 2016 6:22 AM

"why this vuln' is exclusively only on tesla cars" - that's where the researchers found it; not all systems are vulnerable to everything.

But: while specifically this vulnerability is unlikely to be present in other cars, this *class* of vulnerabilities exists on any remote-connected car (a simple search has found various articles on Jeeps, BMWs, Toyotas and Audis). Anything that can be connected to can be hacked into.

albertSeptember 22, 2016 12:22 PM

@Jim N,

Well, if your ATM was filled by Jamie Dimons' or Warren Buffets' money, that might be better....

Perhaps you're too logical, reasonable, and intelligent. The formula for being a successful futurist is this: think of the dumbest, most idiotic thing (make sure it involves computers and the Internet, and maybe space travel), then predict it.

. .. . .. --- ....

Clive RobinsonSeptember 22, 2016 12:45 PM

@ Albert, Wael,

The formula for being a successful futurist is this: think of the dumbest, most idiotic thing (make sure it involves computers and the Internet, and maybe space travel), then predict it.

Does that mean my two --ridiculous-- ideas I've posted in the last 24 (HUD for cat clip watching drivers, and glamping girl combined curlers) makes me a "futureologist" ;-)

Tony H.September 22, 2016 1:00 PM

@Thomas:
"check the nearest charging point" ... while we MITM the request and hack your car?

Yeah, I noticed that. This suggests that they provided a WiFi access point that the car was willing to connect to. Surely they weren't able to MITM the cellular network? I mean, that's manifestly illegal Stingray stuff for spies and cops only, even in China. But was the Tesla preconfigured ("prepared" as musicians or magicians might say) to accept that WiFi network, or do they have a more general hack for any Tesla? Do people actually configure their Teslas to connect to any old open WiFi network they find?

WaelSeptember 22, 2016 1:16 PM

@Clive Robinson, @albert,

and glamping girl combined curlers) makes me a "futureologist" ;-)

It does. Doesn't make you rich until a schmuck investor finances your ideas :)

Peter A.September 22, 2016 3:08 PM

@EvilKiru: "Car door locks lock the outside door handles, not the inside handles"

No. In many models it depends on "locking mode".

If it's "from inside" like pressing door lock button on your console or pushing in that little peg on the door or pushing the handle (some models lock by pushing the handle as opposed to pulling it to open), then external handles are disconnected from door latch mechanism (not locked - as not to be susceptible to forcing), but internal handles are not disconnected and/or trigger unlocking by actuators. In some models, when you had locked from inside you need to pull the handle twice. First time it unlocks your door (or all doors; sometimes only driver's or both front doors unlock all others), second time it opens your door.

If it's "from outside" like pressing lock button on your remote (try it while sitting inside), or turning the key in the lock from outside, all handles are disconnected, including internal ones. The original intent is to prevent thieves from opening the door by slipping a piece of string or wire between the window glass and the frame, maneuvering it to get hold of a handle, and pulling it to open the door.

Tip: never buy a car with all windows electrically rolled up. Just have that old-school cranks in the back. In emergency you can scramble to the back, roll a window down and squeeze yourself out. It is also much easier to break the glass if it's half rolled down (in case rear windows do not roll all the way down as it happens in some models). And have a seat-belt cutting knife and a glass breaking hammer handy!

Clive RobinsonSeptember 22, 2016 4:06 PM

@ Wael,

Doesn't make you rich until a schmuck investor finances your ideas :)

Hmm, you've left yourself open there :-D

After all if I were to say "Can you lend me a few bucks", what does that say... Not that I would say it B-)

Jim NSeptember 22, 2016 6:49 PM

@ albert

"Well, if your ATM was filled by Jamie Dimons' or Warren Buffets' money, that might be better...."

Oh no, I stutter at the thought of abhorrent interest rates these alleged vampires would demand in return in exchange for their generosity.

"The formula for being a successful futurist is this: think of the dumbest, most idiotic thing (make sure it involves computers and the Internet, and maybe space travel), then predict it."

I got one... tinfoil hats with antennas, made from NASA materials!

TJSeptember 25, 2016 9:32 PM

People in these comments should just go show them how to write hundreds of thousands of lines of code without memory corruption..

These firmwares have ZERO memory protections.. You basically just have to learn OBDII and make an interface

AlexSSeptember 26, 2016 1:10 PM

@James: "Maybe we should be treating these "self driving" cars the same as a commercial passenger plane/jet. It has autopilot, but should only be used during the extended period the vehicle is traveling. If you are traveling in a non congested road/highway and your are going a certain distance, then auto can be engaged. Auto pilot cannot be engaged during rush hour or under a certain amount of miles, near your resident or place of work or etc."

Actually...that's not how these systems work. I drive a Mercedes equipped with a more advanced system of what's installed on the Tesla vehicles. Same vendor (Bosch Mobility Solutions), just more sensors, more cameras, & more advanced processing on mine. So far my car's driven ~30,000 miles without my assistance. There are "deadman" algorithms in the programming to make sure the driver is still alive, awake, and mainly for liability - ie: the driver is in control of the car, not the manufacturer. I've briefly driven a Tesla, and there are differences, so I can only speak on my car. On my car, there are several different algorithms which the car goes between depending on conditions.

Overall, my car PREFERS to be in heavy traffic versus being on the open highway. As traffic picks up, my car is able to detect & "see" the movement of cars around it on medium & long-range radar in addition to its array of cameras. The driver assist computers try to match & verify the data from every sensor as much as possible. If all of the sensors and cameras match, great! If not, the car tries to determine which sensors are believable & which aren't. In brutal stop & go gridlock, the car is for all purposes capable of being fully autonomous. There's a ton of good data it's receiving, even its ultrasonic sensors are sending good data back to the computer. Everything around it is happening slow enough for it to react to any asshattery of other drivers. Trust me, the car's been cut off many of times in rush hour traffic and handles it fine.

Now, on the open highway with very few cars around, the ultrasonic, medium-range, and long-range radar sensors aren't getting a whole lot of data. The car becomes dependent solely on its camera arrays and GPS maps. As long as the road markings are in good shape, sure, it works. BUT, most of the road markings in the USA are sub-par at best. Or worse, non-standard. The car does a very commendable job with it, but there are times when it tells you it's not sure what it's supposed to be doing, like when DOT put a bunch of construction barricades in the traffic lanes. The car rightfully complained there were foreign objects in the roadway.

So the middle of Midtown Manhattan, this thing is happy as a pig in mud and I have no problem letting it do whatever it wants. On the highway it's alright, but I wouldn't trust it implicitly.

I should also point out that twice the car successfully prevented 2 accidents. In both cases, I was about to get rear-ended by another driver. In the first, the car jumped into an adjacent lane and the car behind me slammed into the van that was in front of me. In the second, the car started strobing its taillights like a police lightbar, which got the driver's attention and he swerved around me at the last minute.

TJSeptember 26, 2016 2:29 PM

Just Think This Needs Pointed Out: There is no such thing as a "self driving car".. Lane and parallel assist are far from "self driving" and even they have failure-rates.. I'll walk on Venus way before Tesla or Comma.ai accomplish generic A.I..

William PayneSeptember 27, 2016 7:52 AM

Software quality is the automotive industry's Achilles' heel.

A lot of people talk the talk, but very few walk the walk.

The industry is dominated by a gladiatorial management culture, conceived in the crucible of aggressive (and sometimes downright deceptive and hostile) negotiations between OEMs and suppliers; cascading down to the creation of perma-crunch / perma-crisis working conditions for ordinary engineers.

This environment encourages individuals to take on quite obscene levels of technical debt, and fosters a culture of jaded cynicism and deception to disguise the quantity of duct-tape holding everything together.

This will continue to be a problem for as long as the howls of shock and distress from outraged engineers are met with a "this is just the way the industry works" from middle management.

The sad thing is the extent to which this (a) discourages innovation and (b) makes the whole development process *so* much less efficient. We know what it takes to fix things. W.E. Deming had the answers decades ago. We just need to stop talking and start walking.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.