Tag Archive for: Tesla

Hackers Unlock Tesla’s $15,000 Software-Locked Features: ‘Jailbreaking’ – Tesla (NASDAQ:TSLA)

/in


Hackers have discovered an exploit to unlock Elon Musk’s Tesla’s TSLA software-locked features, Electrek reports.

A group of security researchers at TU Berlin found a weakness in Tesla’s onboard computer, enabling them to unlock features such as heated seats, acceleration boost, and the Full Self-Driving package. These features, typically activated by owner payment or subscription, can cost up to $15,000.

The hack, dubbed “Tesla Jailbreak,” requires physical access to the vehicle and involves a “voltage fault injection attack” on the AMD-based infotainment system. The researchers claim their exploit is “unpatchable” and allows the running of “arbitrary software on the infotainment.”

Despite the exploit, the hackers believe Tesla’s security is superior to other automakers. They plan to present their findings in a presentation titled “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater” next week.

Image via Shutterstock

Read Next: Tesla, Rivian Could Clash In California Court Over Trade Secrets Issue: What You Need To Know

Engineered by Benzinga Neuro, Edited by
Pooja Rajkumari

The GPT-4 Benzinga Neuro content generation system exploits the extensive Benzinga Ecosystem, including native data, APIs, and more to create comprehensive and timely stories for you.
Learn more.

Source…

Tesla workers spy on drivers, and Operation Fox Hunt scams • Graham Cluley

/in


Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China's Operation Fox Hunt. Smashing Security podcast #318: Tesla workers spy on drivers, and Operation Fox Hunt scams

Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China’s Operation Fox Hunt.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

(Oh, and when Carole mentioned Colin the Accountant as her “Pick of the Week” she really meant “Colin from Accounts”. Sorry!)

Warning: This podcast may contain nuts, adult themes, and rude language.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Episode links:

Sponsored by:

  • Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
  • Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international…

Source…

Hackers win Tesla Model 3 at security competition with $530,000 exploit

/in


Despite these flaws, the researchers noted that Tesla is doing an excellent job of making the car difficult to hack by putting in place a sophisticated system of sandboxes, which isolates components and makes it more difficult to gain greater privileges by simply breaking into one of them.

TOCTOU attack

The Synacktiv team demonstrated two different exploits. At first, it took them less than two minutes to compromise the Model 3’s Gateway system, which serves as the energy management interface for communication between Tesla vehicles and Tesla Powerwalls.

They inserted the required malicious code using a Time of Check to Time of Use (TOCTOU) attack, a strategy that takes advantage of the brief interval between when a computer examines something like a security credential and when it really uses it.

They weren’t hacking a genuine Model 3 for safety concerns, but they would have been able to open the front hood and doors of the vehicle even while it was moving.

Source…

Hackers expose key vulnerabilities in a Tesla Model 3

/in


As we’ve learned over the past few years, almost anything that connects to the internet, uses Bluetooth or any other wireless protocols, or simply has a computer chip inside can be hacked—and that includes cars. There are just too many potential vulnerabilities across all these surfaces for hackers to exploit, and every time there’s a software update, there is a chance that new ones get introduced even as the old ones are patched out. (Seriously, keep your software up-to-date, though. It’s the best way to stay as secure as possible.)

With that in mind, researchers from French security firm Synacktiv have won $530,000 and a Tesla Model 3 at Pwn2Own Vancouver, a security competition where “white hat” hackers and security researchers can win the devices with previously unknown vulnerabilities (that they discover and exploit)—plus a cash prize.

The team from Synacktiv demonstrated two separate exploits. In the first, they were able to breach the Model 3’s Gateway system, the energy management interface that communicates between Tesla cars and Tesla Powerwalls, in less than two minutes. They used a Time of Check to Time of Use (TOCTOU) attack, a technique that exploits the small time gap between when a computer checks something like a security credential and when it actually uses it, to insert the necessary malicious code. For safety reasons, they weren’t hacking a real Model 3, but they would have been able to open the car’s doors and front hood, even while it was in motion. 

The second exploit allowed the hackers to remotely gain root (or admin) access to the mock Tesla’s infotainment system and from there, to gain control of other subsystems in the car. They used what’s known as a heap overflow vulnerability and an out-of-bounds write error in the Bluetooth chipset to get in. Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative (ZDI), told Dark Reading, “The biggest vulnerability demonstrated this year was definitely the Tesla exploit. They went from what’s essentially an external component, the Bluetooth chipset, to systems deep within the vehicle.” 

According to TechCrunch, Tesla contends that all the…

Source…