
Man hacks Tesla firmware, finds new model, has car remotely downgraded - antman
http://arstechnica.com/cars/2016/03/man-hacks-tesla-firmware-finds-new-model-has-car-remotely-downgraded/
======
zyxley
"They punished him by remotely downgrading his firmware" is a frankly absurd
claim... and incorrect, too.

The guy's own post [1] said it was "pending" (e.g. downloaded and ready for an
automatic update), not installed. Given that someone else in the same thread
notes that the update when installed on their car didn't actually fix the
important charging bug it was supposed to, it's much more likely that it was
"somebody in engineering decided to cancel a bad update" than his paranoid
claims.

[1]:
[http://www.teslamotorsclub.com/showthread.php/63905-Tesla-s-...](http://www.teslamotorsclub.com/showthread.php/63905-Tesla-
s-response-to-me-leaking-info-about-the-P100D)

~~~
maratd
> The guy's own post [1] said it was "pending" (e.g. downloaded and ready for
> an automatic update), not installed.

This is correct. It was an attempted downgrade. He stopped it.

> it's much more likely that it was "somebody in engineering decided to cancel
> a bad update" than his paranoid claims.

This is unlikely. He wasn't being downgraded to the version prior to the
current one. He was being downgraded to a much older version that did not
contain any of the secret info. And nobody else was experiencing the
downgrade. If there is a critical flaw that requires a rollback, you do it for
everyone and it's big news. He also made it clear that he found a ton of other
stuff and was not disclosing that (yet).

It looks like somebody at Tesla pushed code to production that shouldn't have
been pushed since it isn't relevant to any production vehicles. Once the leak
happened, there was a bit of a panic and to stop anymore leaks, they tried to
downgrade ... which was silly, because if you know how to root the car, you
probably know how to make a backup and stop remote access.

------
Apocryphon
So a rogue corporate exec ordered an unauthorized op against a ronin hacker
who Robin Hood'ed the underhood of his electric car.

We are living in cyberpunk times.

~~~
stcredzero
_So a rogue corporate exec ordered an unauthorized op against a ronin hacker
who Robin Hood 'ed the underhood of his electric car.

We are living in cyberpunk times._

I remember when cyberpunk was fresh and new, before it was a codified
collection of cliches. Mind you, this was also a time when an author could
write, "His buyer for the three megabytes of hot RAM in the Hitachi wasn't
taking calls," and think this sounded futuristic and criminally lucrative.

~~~
aaroninsf
That reminds me, I was as a public service going to make an auto-updating epub
of Neuromancer which simply incremented the units as needed to sound duly
impressive.

"His buyer for the three petabytes of hot RAM..." etc...

~~~
emmelaich
Better off making something up. Flebibytes or something. Gibson should've done
that in the original.

~~~
kordless
Flebibytes? That's a crazy amount.

~~~
aaroninsf
On the street, sure.

In academe anything under ten mangabytes is noise these days tho and I imagine
the dark economy is two factors beyond anything we have access to. :/

------
SocksCanClose
Great article, and the best is Musk's response. Just one more example of how,
ala Allison and Zeilkow's "Essence of Decision," so much of what happens in
industrial organizations ("industrial" in the philosophical sense -- meaning
organizations with hierarchies, divisions, etc.) is motivated not by the
overall interest of the organization (cf. Musk's response), but rather of the
more parochial needs of the individual managers. Which is to say someone
within the Tesla organization, fearful of an error they made, sought to
retaliate against the guy -- even though the retaliation was unauthorized, and
even counterproductive. An amazing use case for how Twitter, when optimally
utilized as a total free-speech zone, can really help move the world forward,
as things like this enable information to percolate directly to the top
without winding its way through the "mittelebureaucracy."

~~~
Theodores
What would you do if your latest commits went live and they indeed did have
new things in there, e.g. attribute values?

You might just roll the whole thing back a release, in the first instance to
'update' the hacker to a 'safe' version. If there were a need to roll everyone
back then some type of patched new version would need to be released, or, if
speed really mattered, just remote downgrade everyone to something safe. The
major version numbers might not be the safe releases, the last release from a
previous major version might be safer. Hence back to v.12.x.y for him. No
malice be involved, just prudent reaction.

~~~
maratd
> No malice be involved, just prudent reaction.

It's not malice, it's panic and it's _profoundly_ stupid.

Only those with root access to the car can access the secret info.

There are a handful of people out there who rooted their cars. They are
individuals of extraordinary technical ability.

You think they don't know how to make a backup? Or how to stop remote access?

That's exactly what happened. He blocked them and then deleted the pending
downgrade.

~~~
21
Let's assume there is a problem caused be the rooting and as a result the
Tesla spins out of control and kills a bystander.

Would you agree that this extraordinary technical ability individual should be
criminally liable in this case?

~~~
maratd
> Would you agree that this extraordinary technical ability individual should
> be criminally liable in this case?

No. There's no mens rea. He should be liable for damages in civil court.

~~~
21
By this logic killing someone while driving drunk is also not criminal since
there is no mens rea.

~~~
maratd
There is such a thing as criminal negligence.

[https://en.wikipedia.org/wiki/Criminal_negligence](https://en.wikipedia.org/wiki/Criminal_negligence)

In your case, the person was being reckless. I don't think gaining access to
hardware you own can be considered reckless, regardless of the _unlikely_
circumstances that may result. Your death-by-rooting example is entirely
hypothetical and has _never_ happened.

~~~
vectorjohn
Absolutely it could be considered reckless. You think some guy messing with
his car's firmware understands it well enough to be as safe as the
manufacturer? If an accident caused by manufacturer firmware can make the
manufacturer liable for an accident, then someone tampering with it obviously
can make them liable.

It has never happened? Who cares, what does that matter?

~~~
maratd
I never said the hacker shouldn't be liable. I said he shouldn't be
_criminally_ liable.

By your logic, if the manufacturer puts out software that is responsible for a
death, would you throw the software developer who wrote in jail? That's silly.

All this stuff is limited to civil liability.

~~~
rbanffy
It really depends on what the developer did. If the developer knowingly
removed all tests that weren't passing because the car, sometimes, did not
recognize old ladies crossing the street, then this person should go to jail.
This is evidently negligence.

------
fosco
I do not understand "Good Hacking is a gift" remark.

I would love if Tesla's were open for hacking but a previous article [0]
pointed out that there appears to be a strong stance [1] against this.

Disclosure:I am a huge fan of the Tesla brand, just cautiously optimistic.

[0]
[https://news.ycombinator.com/item?id=11233898](https://news.ycombinator.com/item?id=11233898)
[1]
[https://news.ycombinator.com/item?id=11234465](https://news.ycombinator.com/item?id=11234465)

~~~
maratd
Elon Musk != Tesla

Or at the very least, Elon Musk is the voice of Tesla, but there are many
other people who work there. You judge a company by their actions, not their
words. I'm a huge fan of what they're doing, but not necessarily how they're
doing it.

The cars are absolutely awesome.

Unfortunately, they only provide service manuals in Massachusetts (where they
are required to by law) and charge $100 per day to view them. Do not sell
parts to the public. Ports in the car (obd/ethernet/etc.) are disabled by
default. API is undocumented/proprietary. No access to OS. No access to
diagnostic information.

Very similar to how Apple does things.

~~~
nivla
> Elon Musk != Tesla

He is the CEO, he is responsible for the actions of his employees that are
work related. Under the same guise, he shouldn't receive praises for anything
everyone else under him does either.

------
johansch
[http://mashable.com/2016/02/03/tesla-refuses-rude-
customer/](http://mashable.com/2016/02/03/tesla-refuses-rude-customer/)

------
grav
How did someone manage to find the image from the SHA hash?

~~~
evmar
I just made a lucky guess from the keywords in the article:

    
    
        $ echo -n 'P100D' | sha256sum 
        5fc38436ec295b0049f186651ebba5fd55e8d7b81eb61cbd00d3f1bf18dd9c81

~~~
mikeash
It's so short that you can also just brute force it. Using hashcat in "try all
short alphanumeric+symbols strings in increasing length" mode on this hash
produces the resulting string in about ten seconds on my computer.

I imagine it was just guessed, though. Any Tesla fan thinking of "cool new
upgrade to the car, currently secret" would put a P100D model near the top of
the list of things to try.

~~~
ChristianBundy
Yep. There are plenty of sites that have already brute-forced hashes for
arbitrary n-length alphanumeric strings.

[https://md5hashing.net/hash/sha256/5fc38436ec295b0049f186651...](https://md5hashing.net/hash/sha256/5fc38436ec295b0049f186651ebba5fd55e8d7b81eb61cbd00d3f1bf18dd9c81)

------
sabujp
Do you own your car? Just the metal, but not the software that's required to
actually make it do anything useful.

------
Overtonwindow
"Root the car" man what an amazing time we live in.

------
PhasmaFelis
I don't see any evidence that this guy's car was targeted specifically. From
the info in the article, a much more likely scenario is that they accidentally
pushed an update with private data to all cars, realized their mistake after
the tweet was posted, then rolled back the update on all cars, so they could
fix it before rolling it out again. That's exactly what you'd expect them to
do and not sinister in the least.

I haven't read the 48-page forum discussion linked in the article, so there
may be more info there, but at the very least the article writer hasn't
adequately backed up his claims.

~~~
PhasmaFelis
I seriously have no idea why this is getting downvoted. Anyone?

~~~
jessaustin
In TFA it quotes Musk himself confirming OP's claims. Why would Musk do that
if they weren't true?

~~~
PhasmaFelis
He doesn't say that, though. "Wasn't done at my request" means that _if_ it
was done, he didn't order it; it neither confirms nor denies that it actually
happened. Musk is being cagey; it's possible that he didn't yet know exactly
what had occurred or who had ordered it.

Again, maybe there's something in that 48-page thread that proves me wrong.
I'm fine with that. But it makes no sense to swallow the article's simplified
interpretation without first doing the homework.

------
marincounty
$100 a day to view basic service manuals? I will Never buy a Tesla; even if
one day I can afford one.

I can't believe you wealthy boys are putting up with this.

Do you guys really want to be sitting on the side of a road clueless over your
toy? I don't expect you boys to pull out the DVOM, and Snap-on tools, but a
little knowledge of why it broke down?

Isn't it kinda the American way to at least know what the underlying problem
is? Or, have we been conditioned into being good obedient victims?

Personally, I feel emasculated if I need to ring a ding ding AAA? Especially,
if the problem is minor. Will never know if we aren't able to read up on the
toy?

~~~
ocdtrekkie
If you can afford a Tesla, you can probably buy a new one before the warranty
wears out. And you probably/definitely have roadside service.

~~~
Vraxx
Not a very good argument considering they're coming out with cheaper models.
Not to mention, just because someone bought something doesn't mean they can
afford it by a wide margin, it's sad but true. I think the poster you respond
to has some points on why it isn't optimal for the end user, but they
certainly could have phrased it a bit better.

~~~
ocdtrekkie
I'm not saying I endorse this position. (I'm amazed I got downvoted as if I
did.) I'm just saying this is why people have put up with it: Almost nobody
realizes it, because people who buy Teslas generally aren't servicing their
own cars, and most of them are still under warranty and they'll probably
upgrade before that date arrives.

