Tesla Model S Ethernet Network Explored(dragtimes.com) |
Tesla Model S Ethernet Network Explored(dragtimes.com) |
Automotive systems communicate over a CAN [1] bus, not ethernet. In fact, this bus is usually physically separated between drive-critical bus (which controls things like ABS) and "comfort" bus (such as electric window controls, central door locks, wheel-mounted audio controls). Ethernet has none of the industrial strength qualities that make CAN a valid automotive control bus, such as signal hardening and real-time guarantees.
As far as these users have found, this ethernet port is connected to the infotainment system: the 17" display.
I would be deeply disappointed in Tesla if the infotainment system can modify drive-control devices with anything less than signed binaries and commands. As an aside, I wonder what the legal requirements of such safeties are.
See Michael Hastings conspiracy theories: http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...
1) The entertainment system generally has read-only access to the CAN bus via an intermediary DCU. Even if you were able to "jailbreak" it, you wouldn't be able to modify the CAN.
2) The control unit(s) that actually have the ability to modify things like brakes, maximum speed settings, etc. are ECUs (http://en.wikipedia.org/wiki/Electronic_control_unit) and are entirely separate from the entertainment system.
3) Updates to vehicle-critical systems generally never even go through the entertainment system. They are sent over the air to the car's receiver (usually a kind of DCU), and are processed outside the purview of the entertainment system. The only thing the entertainment system can do is schedule the download and read the progress of the update.
It's interesting to see that Ethernet is used to connect the infotainment displays, but this isn't really a security concern as far as I can see. It just means we'll probably see some mods for the displays in the future, like turning off the YouTube lockout or enabling different data displays.
You could even run the service diagnostics on the entertainment system and avoid the need for extra hardware in repair shops.
I'm still surprised people think like this. We had 60+ years of technology hacking to learn that if it is not airgapped, it can be hacked. And even if it is, it probably still can be (cf. Stuxnet). So while I doubt Tesla is using Ethernet to control critical car systems, I also don't think that they can't be tinkered with using that port if someone cares hard enough to try.
http://www.dspace.com/de/gmb/home/products/newprod/microauto... (Table: Host-Interface = Ethernet)
Apple is mainly a Design firm, they are good at making things look pretty... not much else..
[1] http://www.broadcom.com/products/Physical-Layer/BroadR-Reach... [2] http://www.eetimes.com/document.asp?doc_id=1315425
The sketchy things: Jailbreaking a car seems pretty dangerous, especially since as far as I'm aware, the electronic systems control things including the brake. I know this only because Tesla recently released a software update that added "hill assist" which will hold the brake in place for 1 second when at a certain incline to avoid rolling back. Imagine a malicious software update that disabled the brake! Personally, I would jailbreak a phone, but not a car. :) HOPEFULLY the system the ethernet port provides access to is firewalled out of being able to update any software (i.e. the software update mechanism is some other device), but who knows.
The phone home can also be considered sketchy, but any Tesla owner is well aware the car pings home and relays diagnostic data to Tesla. At the very least, Tesla owners know it must ping home to check for updates periodically.
If anything, I thought it was kind of cool that Tesla engineers detected it and reached out so quickly. Imagine if you weren't tampering with your car and it WAS a high-tech attacker. It is good to know that they can detect the basics.
So long as you don't cause any damage they can't void your warranty in the US thanks to the Magnuson–Moss Warranty Act.
Whoops.
Also, looks like Tesla has got international deals with mobile carriers for data flatrates. I'm looking forward to see the first guy stream youtube or youp*rn on the dashboard :D
I wonder if they ship coreutils?
http://www.teslamotorsclub.com/showthread.php/28185-Successf...
Interesting in particular is one poster's claim that Tesla gave him a seemingly-dismayed call...
http://www.teslamotorsclub.com/showthread.php/28185-Successf...
I would like an option to contact home base to verify that all files and configurations in my car are exactly like their suppose to be, else either disable the car or download the correct software.
Maybe a way to enable a developer mode which can only be used on a non-public road.
I just can't imagine modifying an electric vehicles computers and settings for anything useful. Please offer some suggestions if you can.
http://www.teslamotorsclub.com/attachment.php?attachmentid=2...
I just don't think it's worth compromising safety and implementing more systems (to regular where the modified cars are driven) to satisfy the small percentage of people who want to use a Model S as a serious track car.
It's already pretty competitive on the track https://www.youtube.com/watch?v=VLCdP6sMN9k
One wreck from a modified Model S would be disastrous for Tesla, it's just not worth it at this point in my opinion.
Given how critical the software already is, I would be surprised if there isn't a system already in place, that car companies are required to put in, that can use to verify the software for any car.
Wouldn't a real industrial espionage operation disconnect or Faraday cage the vehicle's remote communications capability as their very first step? If you were trying to reverse engineer Tesla's secrets, would you really care about voiding the warranty?
The title is 'All the things she said', which originally was a #1 Top 40 song by the Russian pop group 'Tatu'. However the picture is definitely not the Russian duo. Is this a German cover version of some sort?
However, a simple YouTube search for the song name turned up a bunch of cover versions. This one matches the length shown (4:17): https://www.youtube.com/watch?v=tytPcvyJASc
The band, Simple Plan, also appears to have five members, which is pretty strong supporting evidence. Strangely, I couldn't find the exact image shown in the Tesla photo.
As a driver who will have to occupy space around people playing with this while driving...F#&*!
Also, the car should not move.
According to the article, the car's network consists of three devices - the centre console, the dashboard, and one unknown device. There's no way that the whole car has only three computers.
My guess is that this ethernet network is only for the user interface. I'd also guess that the unknown device serves as a gateway (and, hopefully, a firewall) between the critical systems of the car and the car's UI.
MISRA Compliance...Coming soon in Ubuntu 149.04 Zany Zealot!!</s>
While you may not be comfortable jailbreaking your own car, you might also not be comfortable replacing your own brakes? Do you think my replacing the brakes of my own car would also be sketchy? I am a better programmer than I am a car mechanic. Also, after-market mods which reprogram the engine have been around for a while, so it's not like people do things like this already.
First, locate the hood, second, use the release to pop it. Locate the master cylinder, and the hose running to the engine, cut it. Now the brakes don't work very well. Locate the hose not running to the engine, cut that, now the brakes don't work at all.
Imagine that any person strong enough to operate side cutters can hack into your car and disable the brakes.
With high-tech cars, an attacker could hack every car of the same model. With thousands of Teslas on the road, I think it merits a higher concern than somebody with side cutters.
I thought it was obvious. Next time I'll let it go unsaid..
I mean, could you imagine if a car manufacturer took this attitude toward car owners who were exploring the car's transmission, which is clearly just as critical to the car's safety as the car computer system?
My view of Tesla just sank a notch (but I still want one).
Edit: Actually, I thought about it a bit, and I actually don't want one anymore if this is the attitude that prevails inside the company. For the same reason that I don't want any Apple products. I'm far from a Stallman acolyte, but I'll be damned if I'll buy from a company that wants to forbid me from hacking on hardware that I have purchased and own.
Therefore I thinks Tesla acts as responsible as they should when detecting and reacting upon active (as opposed to passively analyzing radio transmissions) manipulation of their cars inner systems. As other comments have pointed out you don't want to find out about bugs in critical systems triggered by your entertainment system jailbreak when driving with 100km/h+ on a crowded highway.
Your phone hack / mod fails badly => Buy a new phone Your car hack fails badly => People die
It's simply not worth it.
Imagine headlines if someone would be killed due to not correctly operating component because the owner used a buggy mod.
But people are well within the right to do so.
Yeah, it looks like ethernet, but it isn't. It is not used in cars. Currently, I don't know if it will be used in cars. Presumably not. Ethercat is used for hardware in the loop simulation.
100% agree with you that if you're already inside the car security of the entertainment system is a moot point. There are attack vectors you could use that bypass software controls entirely.
But just because there maybe a bad story or two doesn't mean that Tesla should prevent people from doing whatever they want to their own car.
This is the key point. If I've bought it, the car does not belong to Tesla anymore and they have no valid reason to be policing what the owner of the car is doing with it. If there should be rules against modification, then that should be the purview of vehicle licensing, not Tesla (and while you're at it, you should probably outlaw people maintaining their own cars or building them from scratch too.) The most that is reasonable is for them to refuse to honor the warranty if I've damaged it while modifying.
I might have misused the words "their" in this sentence so what I was trying to say is that since modifying software can very easy (no special tools, garage or knowledge required, just an unchecked download and a 5€ self made adapter of ebay) I'm in the favour of locking down security critical systems (the WHOLE car) as much as possible since not only you but everyone around you is concerned at least until checks associated with getting a valid license are updated and enforced.
What would be really great is if manufactures where to offer an API to allow developers and hackers customizations where they make sense (like adding your favourite online service) and not forcing them through the whole process of trial and error.
The attacker would still need physical access like the low-tech attacker to network and update software on the Tesla.
Also, the brake line could be cut in seconds whereas 'jailbreaking' and then flashing the drive control software would take ages in comparison.
even if the software survives a high-speed crash, it's possible for the surreptitiously placed modification to erase itself as its final act. additionally, the surreptitiously placed modification can wait for weeks or months, giving the attacker time to build a cover story or misdirect or accomplish any number of other goals.
You do not have to distribute proprietary source code which has not been incorporated into the GPL code (the definition of this varies depending on whether the GPL code is GPL, LGPL, etc.)
As important, how do you distinguish between a valid concern about the easy of making a stupid error, vs. designing the system to be more resilient to those sorts of mistakes, vs designing the system so the owner isn't able to modify the car without the manufacturer's permission?
(Eg, Massachusetts has a "Right to Repair" law, which is supposed to reduce the last case.)
They ARE significantly special to the media and to consumers. Compare the press coverage of the Tesla fires to the, what, hundreds or thousands of petrol (gasoline) vehicle fires a year?
One fool disables some safety features to squeeze out some more performance from his vehicle, the vehicle catches fire and kills him. How do you think that'll play out in the mainstream American media and what will it do to Tesla's stock price?
I'm more used to people just putting car bombs on the vehicles, though.
You should be good with the e-brakes, and should never 100% depend on your primary brakes when driving, but in practice I'm sure a lot of people get into situations where they wouldn't know to switch to e-brake if the main brakes failed, or wouldn't have time. The biggest risk to the assassin is that car accidents in modern cars just aren't that fatal -- you can hit another car head-on at 60mph and, with seatbelts, non-offset crash, airbags, etc., either walk away or at least survive at a hospital. It also leaves enough forensic evidence, especially if the driver survives and reports "my brakes just didn't work!" that it wouldn't be surreptitious.
A bomb isn't likely to be taken as an accident, either, but is at least likely to be effective.
There must be at least one of those connected because Tesla is able to remote-unlock your vehicle.
The best solution is the simplest: no closed-source systems allowed in cars used on public roads. But I wouldn't hold my breath until everyone gets on board with that.
Or suppose a neighborhood kid is angry at you, have figured out how to hack the system, but haven't yet figured out the difference between "that'll teach them a lesson" and "this might actually kill them".
Or, hypothetically, if system hacks don't require a physical connection, it's wide open for anyone anywhere in the world to replicate something like the file encryption extortion scam[1]: Break into as many cars as you can. Send them a mail saying that you hacked their car. They can take the chance of figuring out what you did on their own, or pay you money to revert it. The scam might work just as well for cars you didn't break into, as long as the owners believe it's a credible threat.
The point isn't necessarily that these scenarios are more likely than in the physical world. The point is that many people have a fair idea how the physical world works, while they have only vague notions about "hacking" in the virtual world. We know that there are new threats, but we don't yet know what they are, so these new threats will be inherently scarier than the threats we already know about. (The devil you know, etc.)
[1]: http://www.techspot.com/news/17678-file-encryption-extortion...
I personally would like to see various "hacks" adjusting the suspension, brakes, spark timings and other things for a better ride in certain conditions (racing, drifting, mountain roads, etc).
Not to mention that there must be some key floating around Tesla that can be used to completely reprogram any Model S from anywhere.
Its not the first time a company has needed to privately secure a key, but this time there's a lot more at stake. I wonder what the privacy success rate is for companies with highly-sought-after keys like that. Over a long period of time, the chance of a key leak has got to be pretty high.
TPM style solutions already exist. Keys burned into the chip + verification at boot should do most of the work.
> there must be some key floating around Tesla that can be used to completely reprogram any Model S from anywhere.
It could be something more interesting. A set of keys where signature requires N out of them? Even if there is some master key, they wouldn't keep it on a node connected to the network (one would hope...) Some hardware crypto-box maybe?
I imagine Elon sending the only copy to space on one of the recent SpaceX launches, so that they can deorbit it when needed, but to steal it, you'd actually have to go up there and find it ;).