

Tesla Plans to Open Car Doors to All Hackers This Summer - wglb
http://www.forbes.com/sites/thomasbrewster/2015/04/28/tesla-opening-car-to-hackers/

======
TwoBit
I expect that remote key amplifier attacks work against Tesla like they do
against other cars. I wish automakers weren't in denial about this problem.

~~~
POiNTx
Is there anything car manufacturers can do against this attack while still
keeping all functionality of the key fob?

~~~
mikeash
It's hard to see how it could be fixed. Fundamentally, what is different about
a local key fob, and a relay connected to a remote key fob? It seems
fundamentally impossible to tell the difference.

The one thing that I could see working in theory would be detecting the
roundtrip transmission time with a strict ceiling on it. No matter how good
your relay is, it can't relay data faster than the speed of light, so you can
enforce the fob being close by only listening to it if it responds fast
enough.

The problem with this is that light moves pretty fast, and internal delays
within the fob will dominate. If you want to put the range limit at, say,
30ft, that means your response time ceiling is a mere 60ns. Can you build a
fob that responds anywhere close to that fast?

Edit: one other possibility is if the fob knows where it is. A GPS receiver on
the fob, for example, would allow the fob and the car to securely confirm
proximity (absent GPS spoofing). Getting a GPS receiver to run on a wireless
fob's battery is left as an exercise for the reader.

~~~
halviti
I think this is an easy problem to fix, no?

Why not just make the keys responsible for starting the car again?

We've traded too much security for convenience and it's time to take a step
back.

You can still start the car with the push of a button.. only now that button
is on the key.

Problem solved.

~~~
mikeash
The implied context here was "while keeping wireless keyfobs."

Yes, the problem becomes substantially easier if you require a direct physical
connection, but that's not such an interesting problem.

Also, given that modern cars are _vastly_ more difficult to steal, I object to
your characterization of "traded too much security for convenience." If the
current state is too insecure, then you must think that cars from 20+ years
ago are absolutely appalling.

~~~
hn_
Can you explain to me why older cars are easier to steal? I'm not familiar
with auto theft/security and I'm curious.

~~~
mikeash
Really old cars have very simple electronics. Even after computers started
showing up in cars, they were pretty simple and didn't interact much with the
security aspect of things. When you start a car like this, you're just making
a connection between two wires to power up the electronics, and briefly making
a connection between another two wires to run the starter motor. The only
security in the whole system is provided by the fact that the connection is
made by a switch that requires a key to turn it. If you don't have the right
key, you can't turn the switch, and that means you can't connect the wires.

The trouble is that the wires must be fairly exposed to the occupants of the
car, since the switch has to be accessible. That means you can just bypass the
switch entirely by removing the appropriate covers and attacking the wires
directly. This is "hotwiring."

Physical locks are also not all that difficult to defeat directly. You can
pick an ignition switch much like you might pick any other lock.

Starting around the late 90s or so, car manufacturers started adding more
robust security measures. These include things simple like locking the
steering column when the ignition switch is off (thus preventing you from
driving the car after hotwiring it), all the way up to authenticating the key
with a relatively sophisticated protocol, and having the engine computer
refuse to run the car unless it can sense a real key.

As a result of these changes, the list of most stolen car models is _still_
topped by cars manufactured in the late 90s. Low-end Hondas from around 1998
are right at the top of the list, because they occupy a sweet spot of being
relatively valuable and still fairly easy to steal. Modern cars are stolen
literally orders of magnitude less frequently; about 100,000 older Hondas
stolen per year in the US, whereas new cars are stolen at a rate of hundreds
per model per year at worst. Also as a natural result of these changes, car
theft is _way_ down in the US. About 700,000 cars were stolen in the US in
2013, compared to almost 1.7 million in 1991. Pretty much the only way to
steal a newer car is to either tow it away or steal the owner's keys. (A
common scenario for car thefts is a burglary turned into auto theft when the
burglars find car keys in the house.)

------
ryandetzel
I don't need more reasons to own a Tesla.

~~~
netcan
just more money?

~~~
skore
GP and your comment - Exactly the thought process I go through every time I
see something about Tesla. "Look Elon, you already got me, there's really no
point in continuing to rub it in over and over again!"

------
hunt
The automotive industry certainly has some interesting times ahead with regard
to security. Audi's proposed plan for allowing deliveries to be placed in the
boot of a locked car [0] certainly seems like it could be ripe for
exploitation.

How seriously are car manufacturers going to take security though? Is it going
to be like the numerous router manufacturers that don't seem bothered? Perhaps
some kind of regulatory body will need to intervene to make automotive
manufacturers take security seriously.

[0]
[http://www.bbc.co.uk/news/technology-32431301](http://www.bbc.co.uk/news/technology-32431301)

~~~
kenrikm
Currently many deliveries are just left on people's doorstep, and people "Pre-
Sign" for expensive things so they don't risk missing the delivery (Apple
offers this option). I fail to see why someone would go through the effort of
trying to get into a trunk when you can easily target the non-Audi owners with
packages out in the open?

~~~
thesimon
The Audi delivery thing is tested in Germany and basically all packages
require signature. I can't recall any site where I was able to "presign".

If you miss your package, it'll get taken to a nearby store where you can
collect it with an ID or it'll be given to your neighbour.

~~~
kenrikm
In the US USPS/UPS/Fedex usually will usually just leave it on the porch/in
front of the door. If it's a package that you need to sign for you can print
out a "Pre-Sign" form that you leave on the door and they will just leave the
package.

------
christianbryant
I worked at a process automation firm in the early 00's that had micro-
controller software written in ASM and C that was in sore need of
standardization; we referenced MISRA C [0] in researching a sound way to
improve that code. After all, those instruments were headed for nuclear
refineries and submarines.

Per EETimes [1]: MISRA C is a subset of the C language. In particular, it is
based on the ISO/IEC 9899:1990 C standard, which is identical to the ANSI
X3.159-1989 standard, often called C ’89. Thus every MISRA C program is a
valid C program. The MISRA C subset is defined by 141 rules that constrain the
C language. Correspondingly, MISRA C++ is a subset of the ISO/IEC 14882:2003
C++ standard. MISRA C++ is based on 228 rules, many of which are refinements
of the MISRA C rules to deal with the additional realities of C++.

I did a quick search for Tesla programming jobs and they do command a
familiarity with MISRA C, so somewhere it is being used by Tesla in their
firmware. That standard is supposed to ensure security and reliability in
firmware programming for critical devices, such as motor vehicles. I wonder if
this knowledge expands upon this challenge and other avenues for hacking
Tesla, and also I wonder if MISRA C practices extend to outlying modules in
the vehicle...

[0] MISRA C: [http://www.misra-c.com/](http://www.misra-c.com/) [1]
[http://www.eetimes.com/document.asp?doc_id=1279810](http://www.eetimes.com/document.asp?doc_id=1279810)

------
sylvinus
From the title I thought they were opening an API for the car ;-)

~~~
joshstrange
I too thought the same thing and got really excited (not that I own a Tesla or
have any chance of owning one any time soon). Tesla just gives me hope for the
future of automobiles.

------
joshstrange
Obligatory: HACKERS CAN TURN YOUR _CAR_ INTO A BOMB [0]

But on a more serious note this is pretty cool to see not only Tesla but GM
and BMW reaching out to these groups. We saw an article or two here on HN not
to long about about, IIRC, car makers trying to use DMCA to prevent people
from modifying the software in their cars [1] (I know there was another
article about tractors as well [2]). I'd be interested to know Tesla/GM/BMW's
stance on that issue. They are opening up to hackers to find issues but that
doesn't mean they are on board with making it easy for people to modify
software in their cars.

[0] [http://www.homelandsecureit.com/wp-
content/uploads/2012/10/C...](http://www.homelandsecureit.com/wp-
content/uploads/2012/10/Computer_bomb.jpg)

[1] [https://www.eff.org/deeplinks/2015/04/automakers-say-you-
don...](https://www.eff.org/deeplinks/2015/04/automakers-say-you-dont-really-
own-your-car)

[2]
[https://news.ycombinator.com/item?id=9414211](https://news.ycombinator.com/item?id=9414211)

------
task_queue
So do I have to tie both hands behind my back to find a problem before Tesla
will acknowledge their error or award a bounty?

What if there is an intractable design flaw that is costly to fix? Will it get
swept under the rug as they get litigious with those who attempt to expose it?

The assumption usually is if the bounty is less than the expected reward from
exploiting a system, then you're really not doing anything other than a PR
stunt.

I don't see a mention of a bounty. I do see a mention of them keeping track of
those trying to exploit their system at Defcon. Not sure of what the supposed
benefit to those that attempt to break their system is.

It makes a nice headline though.

------
supergeek133
It's interesting reading this about a car maker, when I work for a home device
maker and fight tooth and nail to open up API control of home
security/thermostats.

People find a way in either way, whether you want them to or not.

~~~
scuba7183
Sounds like in your case, they want customers locked in to their products

------
hipster_robot
We can only hope this becomes a more widely adopted practice. Vehicle computer
security, especially when it relates to self driving Autos, needs way more
attention to operational security than it has been given.

------
ww520
Can we get a test car as part of the dev kit?

