
Hacking my Tesla Model S - antouank
http://www.su-tesla.space/2016/04/hack-s.html?m=1
======
tajen
Tesla heavily disappoints me here. This looks like pure PR:

\- It is a blog with only 1 entry.

\- The Whois entry is "WhoisGuard Protected" in Panama:
[http://who.is/whois/www.su-tesla.space](http://who.is/whois/www.su-
tesla.space) . Very bad timing with the #panamapapers. The non-technical depth
and the naive writing let me imagine that a junior social media employee could
have done it. And I'm disappointed if Tesla hired such people / let an intern
write a PR article.

\- There is no mention about the previous testimonial of the guy who tried to
hack his Tesla, received a disabling upgrade and a phone call from Tesla.
[https://news.ycombinator.com/item?id=11255160](https://news.ycombinator.com/item?id=11255160)

\- He pretends to have done "2 months of research". What could be researched?
There is no public documentation and the hackerspace is still empty. At the
very least he would have mentioned that he managed to overcome the item above.

In the best case this is an organized leak from Tesla: Let's hope they'll use
this channel to unofficially explain how to hack the Tesla.

~~~
DanielDent
WhoisGuard is Namecheap's privacy protection service. There is nothing unusual
or untoward about not wanting your contact information being used for spear
phishing, spam, ... I'm not convinced contact information should be required
when registering a domain. Why should it matter who owns the domain?

~~~
yoo1I
Time for a quick rant:

Because

* when I ask CloudFlare to stop resolving phishing domains with their nameservers they don't care.

* when I ask amazon to remove the content from their networks that's clearly against their TOS, they don't care.

* when I try to get in touch with PrivacyGuard about this domain, they don't care either.

* I ask aweber.com to cut off this customer who they are providing mailinglistservice for, they don't care.

These are all at least semi-reputable companies, who through inaction continue
to allow criminals to abuse their infrastructure, and do not allow me to
directly contact this offending customer.

So there is no way for me to find out which entity is responsible for actually
creating this phishing operation. Granted, they'd probably fake whois data
anyhow, but it's my last straw :-)

Now, I'm actually all for anonymity, I'm just frustrated with trying to remove
this phishing site that's been up for months now.

------
kidgorgeous
He yada yadad' over the best part

------
yq
I really concerned about ownership of everything today.

Recent events such as Nest from Google, a company can decide to shutdown your
device. Cellphones that don't come with root are the trend. Recent games
require player to stay online for completely nothing other than DRM purpose.
And by the way, how can someone in Tesla just downgrade people's car because
he got root?

This is just the beginning of kill switch. Big companies just field testing
how tolerate customers are nowadays. Once the new become the norm, you don't
know what comes next.

------
Faaak
So much lacking details that it could be a total fake…

------
dolftax
Wait. What?
[https://4.bp.blogspot.com/-e08E6tXwQvc/VwSTUbXgFDI/AAAAAAAAA...](https://4.bp.blogspot.com/-e08E6tXwQvc/VwSTUbXgFDI/AAAAAAAAABo/gCyFvXtCAr0niW71AjTY86_ZQ2iEIxVvg/s1600/hacked.png)

------
bflesch
If the story holds, I think it is interesting to know more details about why
Tesla has chosen Ubuntu server as the underlying OS and nothing else?

I can see that ubuntu server has proven itself in a lot of real-world
environments, but wouldn't they have to run their own fork of Ubuntu at some
point? Or is the distro management toolchain in the Ubuntu world more advanced
than for example some bsd or centos?

Edit: I am talking about the output on this screenshot:
[https://4.bp.blogspot.com/-e08E6tXwQvc/VwSTUbXgFDI/AAAAAAAAA...](https://4.bp.blogspot.com/-e08E6tXwQvc/VwSTUbXgFDI/AAAAAAAAABo/gCyFvXtCAr0niW71AjTY86_ZQ2iEIxVvg/s1600/hacked.png)

~~~
MatmaRex
That screenshot is labelled "dramatic reenactment", which I believe is just
another expression for "fake".

~~~
Hemera-
The stuff above is fake. The actual login is real. Running uname -a gives that
same output.

------
ck2
It's good you can root what you own but you'd think something like a $50K car
would have a locked bootloader that prevents root like a $10 phone does.

Waiting for the EFF lawsuit that you should be able to root your car without
voiding the warranty (and then lobbyists paying congress to prevent that, then
in 10 years the supreme court deciding).

------
homero
If op wasn't a shill, he'd get his car bricked remotely

~~~
FilterSweep
The dramatic reenactment didn't make brute force look graceful to you? ;)

------
darklajid
a) Useless article

b) Previously on HN [1]: 12 and 16 [2] hours ago, the first one has some
(mostly: 'The article is light on details') discussions.

1:
[https://news.ycombinator.com/item?id=11441113](https://news.ycombinator.com/item?id=11441113)

2:
[https://news.ycombinator.com/item?id=11440612](https://news.ycombinator.com/item?id=11440612)

~~~
tajen
Dang,

Can we ask for an investigation here? I'd like to know:

\- Do the IPs of the 3 people who posted the articles match an IP of Tesla
Motors?

\- How did the 3 people discover the articles?

\- How come they posted different urls, with different titles, to the same
article?

If my intuition is correct, you might flag the accounts; but even more
interesting is you might happen to uncover an deceiving behaviour from Tesla.
Passionating!

~~~
phreeza
Do companies like Tesla have identifiable IP blocks in this day and age?

~~~
cowholio4
Yes they do. Although they are not necessarily the only IPs that a company
uses.

Tesla's ASN is 394161 and I only see one block of IP's allocated to them
209.133.79.0/24\. So that's obviously not enough IPs for the entire company.

