Re: [EVDL] $10k bounty on Tesla-S hacks entices tinkerers, aggravates Tesla
Yes, the article that had a blurb on the original post was about an app that uses the existing API. Tesla has no problem with that. There was also a link to a story about the $10k hacking contest. This is totally different. The goal of that contest is to gain unauthorized access to a Tesla you don't own. Presumably it isn't that easy to do that - at least we all hope. I'm sure that Tesla has gone to some length to prevent something like that from happening. Tesla probably does use code signing for the code that runs on their central computer system. That would certainly make sense. But, there isn't any need to break that in order to hack the car. Historically, CANbus traffic has not been too terribly well secured. I can personally attest to this. ;) The center console computer in the Tesla has 6 CANbus links. It's possible to get at all of them from a diagnostic connector right there in the center of the dash. Chances are those buses are not that terribly secure. The biggest reason they haven't been attacked is that far more hackers are comfortable with wifi, ethernet, and computer tampering than are comfortable with CAN. The Tesla does have some protection against attacks that would target the drive train. For one, the accelerator pedal goes straight to the inverter so there is likely no way to command the car to take off without the pedal being pressed. Likewise, the inverter knows the state of the brake pedal from digital inputs so that can't be spoofed by comm traffic either. That's a reasonably old-school way to protect the car but it could be fairly effective. -Collin On Thu, May 21, 2015 at 9:41 PM, Mike Nickerson via EV ev@lists.evdl.org wrote: In this specific case, the facts don't line up with the hype and the headlines. The Tesla hacks haven't modified the vehicles at all. The application is using the same API that the smart phone apps use. That allows the program to unlock doors, open the sunroof, turn on the AC, and collect data on location and battery state. Not exactly much of a modification. If Tesla is smart, they have implemented code signing on their execution code so they can detect and reject unauthorized changes. We even do that for laser printer code. I'm sure that Tesla would do that with the code that runs a high performance car. Mike On May 20, 2015 7:37:33 PM MDT, Alan Arrison via EV ev@lists.evdl.org wrote: I am surprised that auto makers haven't locked down their systems with encryption. If they haven't yet they probably will if for no other reason than liability issues. Al On 5/20/2015 4:50 AM, brucedp5 via EV wrote: Every since the first cars rolled out of factories, owners have been modifying them to suit their own personal needs and tastes. With the extensive computer controls used in modern cars, people are now finding a different way to do that. Certain Tesla Model S owners are giving their cars upgrades, but instead of changing tires, brake calipers, or paint jobs, they’re changing software. ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA) ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA) ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
Re: [EVDL] $10k bounty on Tesla-S hacks entices tinkerers, aggravates Tesla
On Wed, May 20, 2015 at 6:37 PM, Alan Arrison via EV ev@lists.evdl.org wrote: I am surprised that auto makers haven't locked down their systems with encryption. If they haven't yet they probably will if for no other reason than liability issues. What liability issues? There would be none. If I make a mechanical change to my car now and it causes an injury or something the manufacturer is not liable for it. The same is true with a software change. When I buy a car, I get a title to it. It is mine to do with as I see fit, including doing something that voids the warranty if I want. It should be illegal for an auto manufacturer to lock me out of making changes to any car I buy. -- David D. Nelson http://evalbum.com/1328 http://www.levforum.com ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
Re: [EVDL] $10k bounty on Tesla-S hacks entices tinkerers, aggravates Tesla
In this specific case, the facts don't line up with the hype and the headlines. The Tesla hacks haven't modified the vehicles at all. The application is using the same API that the smart phone apps use. That allows the program to unlock doors, open the sunroof, turn on the AC, and collect data on location and battery state. Not exactly much of a modification. If Tesla is smart, they have implemented code signing on their execution code so they can detect and reject unauthorized changes. We even do that for laser printer code. I'm sure that Tesla would do that with the code that runs a high performance car. Mike On May 20, 2015 7:37:33 PM MDT, Alan Arrison via EV ev@lists.evdl.org wrote: I am surprised that auto makers haven't locked down their systems with encryption. If they haven't yet they probably will if for no other reason than liability issues. Al On 5/20/2015 4:50 AM, brucedp5 via EV wrote: Every since the first cars rolled out of factories, owners have been modifying them to suit their own personal needs and tastes. With the extensive computer controls used in modern cars, people are now finding a different way to do that. Certain Tesla Model S owners are giving their cars upgrades, but instead of changing tires, brake calipers, or paint jobs, they’re changing software. ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA) ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
Re: [EVDL] $10k bounty on Tesla-S hacks entices tinkerers, aggravates Tesla
On the flip side I remember a story about a boat owner that didn't like the factory fuel system on his boat so redid it himself. Gassed up one day, boat burned, disfigured his two daughters. He won in court against the boat manufacturer. Bring that here. A software genius modifies his Tesla, car somehow sticks in WOT, smacks a concrete wall, kills his wife. HOW DARE Tesla allow me to make changes that let this happen. Who do you think would win in a court with a jury of his peers? Mark Grasser On Wed, May 20, 2015 at 6:37 PM, Alan Arrison via EV ev@lists.evdl.org wrote: I am surprised that auto makers haven't locked down their systems with encryption. If they haven't yet they probably will if for no other reason than liability issues. What liability issues? There would be none. If I make a mechanical change to my car now and it causes an injury or something the manufacturer is not liable for it. The same is true with a software change. When I buy a car, I get a title to it. It is mine to do with as I see fit, including doing something that voids the warranty if I want. It should be illegal for an auto manufacturer to lock me out of making changes to any car I buy. -- David D. Nelson http://evalbum.com/1328 http://www.levforum.com ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA) ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
[EVDL] $10k bounty on Tesla-S hacks entices tinkerers, aggravates Tesla
http://www.digitaltrends.com/cars/tesla-model-s-owners-write-new-code-for-their-electric-cars/ Some Tesla owners pimp their rides with code By Stephen Edelstein — May 18, 2015 [image http://icdn2.digitaltrends.com/image/2015-tesla-model-s-p85d-2.jpg Tesla Model S P85D EV ] Every since the first cars rolled out of factories, owners have been modifying them to suit their own personal needs and tastes. With the extensive computer controls used in modern cars, people are now finding a different way to do that. Certain Tesla Model S owners are giving their cars upgrades, but instead of changing tires, brake calipers, or paint jobs, they’re changing software. Tesla itself continually tweaks cars with over-the-air software updates, and now some owners are making changes themselves. While Tesla hasn’t explicitly opened the Model S to outside programmers, a few owners are writing their own code for the car to gather data or perform new functions, according to the MIT Technology Review. Joe Pasqua, an employee of a database company in San Carlos, California, fiddled with Tesla’s official iPhone app to create Visible Tesla, a new app that further tethers electric cars to smartphones. The app can lock and unlock doors, operate the climate control, or open the sunroof. It can also send location-specific text messages depending on where the car is, and monitor charging. Owners can also use the app to compare vehicle data, to get a better idea of how driving style, climate, and other factors affect cars’ performance. Maximizing range per charge is very important with electric cars for reasons of both efficiency and practicality. Tesla doesn’t seem bothered by the third-party app, even though Pasqua accidentally bombarded the company’s servers with data once. Tesla could shut down the app if it wanted to, but it hasn’t, Pasqua said. Another owner tweaking Tesla software is Edward Arthur, a semiconductor designer from Massachusetts. He wrote a script to check whether the car was charging at 9:30 a.m. every day. He gets a text message to remind him if the car isn’t plugged in. Tesla reportedly hasn’t ruled out offering a software development kit to help formalize this kind of tinkering, but it isn’t a priority for the company right now. But that doesn’t mean owners won’t continue finding their own ways to alter what they get from the factory. [© digitaltrends.com] ... http://www.digitaltrends.com/cars/syscan-announces-1-prize-hacking-tesla/ $10,000 bounty on Model S hacks entices tinkerers, aggravates Tesla http://www.technologyreview.com/news/537251/some-tesla-owners-pimp-their-rides-with-code/ Some Tesla Owners Pimp Their Rides with Code By Will Knight on May 7, 2015 A few Tesla drivers are rewriting the programming in the Model S to make the car do interesting new things. Why It Matters As cars become more computerized, the behavior of various systems could be automated. The Tesla Model S comes with a 17-inch touch screen for entertainment, maps, and system controls. Tesla Motors’ Model S isn’t just a symbol of enthusiasm for electric driving; it’s also a sign of how customizable cars are becoming. With Internet connectivity, regular software updates, a 17-inch touch-screen display for the control console, and even its own Web browser, it’s an impressively high-tech vehicle. And although Tesla hasn’t yet opened it up to outside programmers, some enthusiasts are already writing code that gathers data from the car or makes it do something new. Joe Pasqua, who works for a database company in San Carlos, California, helped reverse-engineer, or decode, the protocols used to send messages between the official Tesla iPhone app and the company’s servers. After logging in with a username and password, Model S owners can use the app to access a range of data and configure various systems in their car. Pasqua has created a free app called Visible Tesla that uses the official app’s protocols to track the status of systems in a Model S over time and can be used to schedule commands. “You can do all the basic control functions,” he told me. “You can unlock the doors, and you can turn on the heater or air conditioner, and you can change the temperature, open the sunroof—things like that. You can get location information; you can control the charging function.” I met Pasqua, appropriately enough, at the Computer History Museum in Mountain View, California. He showed me Visible Tesla running on his car’s Web browser in the museum’s parking lot (the software runs on a PC but can configured for access via the Web). Visible Tesla lets drivers collect data about their car. Pasqua and scores of other Visible Tesla users share data on the way different driving habits affect their cars’ batteries. This way they can, for example, see if a recent hot spell has caused other Model S batteries to drain more quickly. Visible Tesla can also effectively add new functionality to a vehicle by triggering commands based on
Re: [EVDL] $10k bounty on Tesla-S hacks entices tinkerers, aggravates Tesla
I am surprised that auto makers haven't locked down their systems with encryption. If they haven't yet they probably will if for no other reason than liability issues. Al On 5/20/2015 4:50 AM, brucedp5 via EV wrote: Every since the first cars rolled out of factories, owners have been modifying them to suit their own personal needs and tastes. With the extensive computer controls used in modern cars, people are now finding a different way to do that. Certain Tesla Model S owners are giving their cars upgrades, but instead of changing tires, brake calipers, or paint jobs, they’re changing software. ___ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)