
Tesla Model S Ethernet Network Explored - tty
http://www.dragtimes.com/blog/tesla-model-s-ethernet-network-explored-possible-jailbreak-in-the-future
======
AceJohnny2
I am very amused that people in this thread assume that this ethernet port
allows tinkering with the automotive systems.

Automotive systems communicate over a CAN [1] bus, not ethernet. In fact, this
bus is usually physically separated between drive-critical bus (which controls
things like ABS) and "comfort" bus (such as electric window controls, central
door locks, wheel-mounted audio controls). Ethernet has none of the industrial
strength qualities that make CAN a valid automotive control bus, such as
signal hardening and real-time guarantees.

As far as these users have found, this ethernet port is connected to the
infotainment system: the 17" display.

I would be deeply disappointed in Tesla if the infotainment system can modify
drive-control devices with anything less than signed binaries and commands. As
an aside, I wonder what the legal requirements of such safeties are.

[1]
[http://en.wikipedia.org/wiki/CAN_bus](http://en.wikipedia.org/wiki/CAN_bus)

~~~
anologwintermut
Sadly, the segregation between CAN buses is not nearly as good as you would
think. ONSTAR, for example, sits on the drive critical bus (and is
exploitable). Of course, this is not on a Tesla, but still.

[http://www.autosec.org/pubs/cars-
usenixsec2011.pdf](http://www.autosec.org/pubs/cars-usenixsec2011.pdf)

~~~
gcr
A few years back, a joint UW-UCSD team showed that car systems are _remotely_
exploitable. They were able to literally call the car's cell phone number and
control the brakes/gas/door locks remotely.

[http://youtu.be/bHfOziIwXic](http://youtu.be/bHfOziIwXic)

~~~
gcr
(oops, sorry about gratuitous use of "literally" \-- i should learn not to
editorialize better)

------
mitchellh
The cool things: Tesla is running Linux (!) and standard
technologies/protocols such as SSH, NFS, X11, HTTP, etc. to do things in the
car. That is cool, and probably highly efficient since developer test labs can
probably just be basic Ubuntu-like virtual machines.

The sketchy things: Jailbreaking a car seems pretty dangerous, especially
since as far as I'm aware, the electronic systems control things including the
brake. I know this only because Tesla recently released a software update that
added "hill assist" which will hold the brake in place for 1 second when at a
certain incline to avoid rolling back. Imagine a malicious software update
that disabled the brake! Personally, I would jailbreak a phone, but not a car.
:) HOPEFULLY the system the ethernet port provides access to is firewalled out
of being able to update any software (i.e. the software update mechanism is
some other device), but who knows.

The phone home can also be considered sketchy, but any Tesla owner is well
aware the car pings home and relays diagnostic data to Tesla. At the very
least, Tesla owners know it must ping home to check for updates periodically.

If anything, I thought it was kind of cool that Tesla engineers detected it
and reached out so quickly. Imagine if you weren't tampering with your car and
it WAS a high-tech attacker. It is good to know that they can detect the
basics.

~~~
jcdavis
No way is the drive control software is running linux, its almost certainly
running on its own embedded system.

~~~
mitchellh
Absolutely, I agree, but the software update mechanism is somehow able to
update or interface with that system. If you're able to jailbreak _that_, then
its one less barrier in the way of taking over the drive control.

~~~
viraptor
I'm sure only signed updates are allowed. Same as with intel microcode updates
and most firmwares. They'd be highly irresponsible if jailbreaking was left
possible.

~~~
jamesaguilar
Nobody intends jailbreaks to be possible. It's done through exploiting bugs.
And saying it'd be highly irresponsible to write a bug is like saying it'd be
irresponsible to use the bathroom. It may stink, but everyone does it.

~~~
viraptor
I'm aware these are just bugs, but there's a huge difference between
iOS/android (let's keep it fairly secure, if anyone breaks it we'll release a
fix... maybe, noone really cares) and car's system (probably at the level of:
holy shit this _cannot_ run untrusted code, even if that means adding trusted
execution module that prevents booting if there's any unsigned byte present).

------
driverdan
“Tesla USA engineers have seen a tentative of hacking on my car.”, “can be
related to industrial espionage and advised me to stop investigation, to not
void the warranty”.

So long as you don't cause any damage they can't void your warranty in the US
thanks to the Magnuson–Moss Warranty Act.

~~~
jnbiche
And that's a mighty hacker-unfriendly stance to take for a company whose
client base is made up of a disproportionately large number of engineers and
computer scientists, many of whom will doubtless be curious as to the inner
workings of their car computer systems.

I mean, could you imagine if a car manufacturer took this attitude toward car
owners who were exploring the car's transmission, which is clearly just as
critical to the car's safety as the car computer system?

My view of Tesla just sank a notch (but I still want one).

Edit: Actually, I thought about it a bit, and I actually _don 't_ want one
anymore if this is the attitude that prevails inside the company. For the same
reason that I don't want any Apple products. I'm far from a Stallman acolyte,
but I'll be damned if I'll buy from a company that wants to forbid me from
hacking on hardware that I have purchased and own.

~~~
Vespasian
I think there is a difference between hacking (or even exploring) something
like a phone, game console or router and a car, plane or any other thing that
can immediately put in danger the live and health of many unrelated persons.

Therefore I thinks Tesla acts as responsible as they should when detecting and
reacting upon active (as opposed to passively analyzing radio transmissions)
manipulation of their cars inner systems. As other comments have pointed out
you don't want to find out about bugs in critical systems triggered by your
entertainment system jailbreak when driving with 100km/h+ on a crowded
highway.

Your phone hack / mod fails badly => Buy a new phone Your car hack fails badly
=> People die

It's simply not worth it.

~~~
kybernetikos
> Tesla... of their cars

This is the key point. If I've bought it, the car does not belong to Tesla
anymore and they have no valid reason to be policing what the owner of the car
is doing with it. If there should be rules against modification, then that
should be the purview of vehicle licensing, not Tesla (and while you're at it,
you should probably outlaw people maintaining their own cars or building them
from scratch too.) The most that is reasonable is for them to refuse to honor
the warranty if I've damaged it while modifying.

~~~
bloat
You don't have to outlaw homebrew vehicles. The car already has to pass an
inspection to be allowed on the road. I guess, if it doesn't already, that the
inspection will soon have to include that any safety critical software is
unmodified. And when people are making their own fly by wire cars, and writing
their own software - who knows how they'll certify it.

------
mschuster91
A quick google for the source code only revealed
[http://www.teslamotorsclub.com/archive/index.php/t-10748.htm...](http://www.teslamotorsclub.com/archive/index.php/t-10748.html)
\- apparently Tesla has never released the source code of the "modified
Ubuntu" they're using.

Whoops.

Also, looks like Tesla has got international deals with mobile carriers for
data flatrates. I'm looking forward to see the first guy stream youtube or
youp*rn on the dashboard :D

~~~
eik3_de
If they don't modify gpl code but just configure existing software and add
their own packages, do they still have to pub everything?

~~~
mschuster91
Yes, you at least have to say where to get the source from if you
publish/distribute binaries to others.

~~~
eik3_de
but only if their binary is linked against a gpl library..?

~~~
mschuster91
Nope, it is enough to distribute _any_ binary made with GPL source code to
have an obligation to publish the code. As soon as you use GPL code, no matter
if you modify it or not, you have to re-distribute the source code you used.

~~~
sounds
"The source code you used" which you obtained from GPL sources.

You do not have to distribute proprietary source code which has not been
incorporated into the GPL code (the definition of this varies depending on
whether the GPL code is GPL, LGPL, etc.)

------
jwise0
The original thread that this came from:

[http://www.teslamotorsclub.com/showthread.php/28185-Successf...](http://www.teslamotorsclub.com/showthread.php/28185-Successful-
connection-on-the-Model-S-internal-Ethernet-network)

Interesting in particular is one poster's claim that Tesla gave him a
seemingly-dismayed call...

[http://www.teslamotorsclub.com/showthread.php/28185-Successf...](http://www.teslamotorsclub.com/showthread.php/28185-Successful-
connection-on-the-Model-S-internal-Ethernet-
network/page12?p=610152&viewfull=1#post610152)

------
scotty79
So, inspecting a product you own is industrial espionage now?

------
dm2
Can Tesla detect if settings or the files for one of their cars are modified?

I would like an option to contact home base to verify that all files and
configurations in my car are exactly like their suppose to be, else either
disable the car or download the correct software.

Maybe a way to enable a developer mode which can only be used on a non-public
road.

I just can't imagine modifying an electric vehicles computers and settings for
anything useful. Please offer some suggestions if you can.

~~~
hamiltonkibbe
I could certainly see people modifying cotor controller settings. Changing
hard RPM limits, or tuning PID controller gains for extra milliseconds on the
track.

~~~
dm2
I doubt there is too much that can be done to increase the performance.
Removing seats seems like it would be more effective than messing with RPM
limits.

[http://www.teslamotorsclub.com/attachment.php?attachmentid=2...](http://www.teslamotorsclub.com/attachment.php?attachmentid=2755&d=1317483193)

I just don't think it's worth compromising safety and implementing more
systems (to regular where the modified cars are driven) to satisfy the small
percentage of people who want to use a Model S as a serious track car.

It's already pretty competitive on the track
[https://www.youtube.com/watch?v=VLCdP6sMN9k](https://www.youtube.com/watch?v=VLCdP6sMN9k)

One wreck from a modified Model S would be disastrous for Tesla, it's just not
worth it at this point in my opinion.

------
rrouse
Interesting that it phoned home

------
csense
How can the car communicate with the Internet? Does it have a cell modem or
something? Is a lifetime subscription included in the purchase price of the
vehicle, or does the user get a monthly bill?

Wouldn't a real industrial espionage operation disconnect or Faraday cage the
vehicle's remote communications capability as their very first step? If you
were trying to reverse engineer Tesla's secrets, would you really care about
voiding the warranty?

------
Theodores
Onto more important matters, does anyone know the track being played?

The title is 'All the things she said', which originally was a #1 Top 40 song
by the Russian pop group 'Tatu'. However the picture is definitely not the
Russian duo. Is this a German cover version of some sort?

~~~
nemo1618
I tried reverse image searching the photo, but got nothing.

However, a simple YouTube search for the song name turned up a bunch of cover
versions. This one matches the length shown (4:17):
[https://www.youtube.com/watch?v=tytPcvyJASc](https://www.youtube.com/watch?v=tytPcvyJASc)

The band, Simple Plan, also appears to have five members, which is pretty
strong supporting evidence. Strangely, I couldn't find the exact image shown
in the Tesla photo.

------
lelf
Source:
[http://www.teslamotorsclub.com/showthread.php/28185-Successf...](http://www.teslamotorsclub.com/showthread.php/28185-Successful-
connection-on-the-Model-S-internal-Ethernet-network)

------
zw123456
Someone should post some wireshark pcaps.

------
afhsfsfdsss88
As a hacker...Cool!

As a driver who will have to occupy space around people playing with this
while driving...F#&*!

~~~
chris_mahan
Agreed. There should be a large warning on the console: "Warning to
passengers: The Vehicle Systems have been Compromised. Please do not ride in
this vehicle. A Service tow truck has been dispatched."

Also, the car should not move.

~~~
jnbiche
Wow, as someone who grew up "hacking" on my car (i.e., on the engine) this
attitude is pretty amazing. What a dangerous, mysterious thing a car must seem
to you.

~~~
j-g-faustus
It's different in a number of ways: Suppose it's not you hacking your car,
it's an enemy that want you dead. So they disable the brakes. Or perhaps it's
possible for an attacker to disable the brakes only when you're braking hard
and have a speed above 100 km/h (60 mph).

Or suppose a neighborhood kid is angry at you, have figured out how to hack
the system, but haven't yet figured out the difference between "that'll teach
them a lesson" and "this might actually kill them".

Or, hypothetically, if system hacks don't require a physical connection, it's
wide open for anyone anywhere in the world to replicate something like the
file encryption extortion scam[1]: Break into as many cars as you can. Send
them a mail saying that you hacked their car. They can take the chance of
figuring out what you did on their own, or pay you money to revert it. The
scam might work just as well for cars you didn't break into, as long as the
owners believe it's a credible threat.

The point isn't necessarily that these scenarios are more likely than in the
physical world. The point is that many people have a fair idea how the
physical world works, while they have only vague notions about "hacking" in
the virtual world. We know that there are new threats, but we don't yet know
what they are, so these new threats will be inherently scarier than the
threats we already know about. (The devil you know, etc.)

[1]: [http://www.techspot.com/news/17678-file-encryption-
extortion...](http://www.techspot.com/news/17678-file-encryption-extortion-
scam.html)

~~~
jotm
Cutting the brake lines or using a kitchen knife (or a gun bought off
Craigslist in the US) to kill the person you hate works just as well and is
much simpler.

I personally would like to see various "hacks" adjusting the suspension,
brakes, spark timings and other things for a better ride in certain conditions
(racing, drifting, mountain roads, etc).

~~~
dutchbrit
The scary thing would be if people started writing viruses aimed at infecting
Tesla's. And when I say viruses, I don't mean the type that mine doge :)

~~~
zxexz
I'd mine doge on a Tesla. Maybe it would mine enough to pay for a rapid
battery change once a year on its own.

