The reality is that a Tesla is mostly really good software, really good engine, and really good battery, surrounded by a reasonable (but not excellent) rest of the car. That's more then worth it to me, and the Tesla Stretch is real, because the car is incredibly compelling. I would argue that the value is just as much a outcome of the software, and it needs to be hardened.
While there are some fine details (like the suspension) that others pointed out, the body panel gaps and the unusual service experience leave a lot to be desired for some people. Now whether these issues go unaddressed due to Tesla not having the proper resources or due to a conflict in priorities, either reason makes you wonder why Tesla is choosing to do it this way...
I mean, it obviously is something that has to be improved but, for example, I’ve seen panel gaps with a 85k € new Audi Q5 MY18.
It definitely wasn't an isolated issue since I’ve seen the same thing on at least other two same models around town but no one online or any media is shouting right and left about it...
Disclaimer: Model 3 owner
Much different than Fiat/Jeep when they got owned via media console a ways back.
Call me a luddite, but in my opinion there are no compelling-enough reasons a car needs to be wirelessly networked at all, and I won't buy a car with those "features".
I'm just not a fan of OTA updates for cars. Needing to have physical access raises the bar.
Remote updates just increases the attack surface, and makes RCE possible - and RCE on an entire fleet of 2 ton vehicles that can go 200kph is a nightmare scenario.
They could even use the gps in the car to target specific locations!
I believe a state actor or motivated team would have the resources to make this possible, and it would kill more than 9/11. The poor country's cruise missile!
I'd be OK with doing updates via usb or direct connection however.
Honestly, it's a little worrying to me that a car would need updates so often.
To say that I was surprised at some things doesn't even begin to do justice.
In modern usage, the term engine typically describes devices, like steam engines and internal combustion engines, that burn or otherwise consume fuel
Also, "electric motor" is definitely a lot more common than "electric engine":
Between the infotainment system, onboard Linux computer, autopilot, self-driving hardware, OTA updates, mobile apps, and the amount they phone home, Tesla are probably doing some of the most advanced computing in any consumer car (some deconstructions have suggested they are miles ahead here, pardon the pun).
This is great, but it all comes with additional surface area for attacks, and software engineers have spoken out about the fast paced shipping that happens at Tesla and the corners that are cut as a result.
This is just not true. Software that often goes unupdated is the most insecure software of all. If Teslas are more insecure than other vehicles it will simply be because their software is more complex than the competition.
You'll note that I never made comparisons on how secure Tesla software is in comparison to other vehicles, or that Tesla's software would be the "most insecure software of all".
What I said is that Tesla's development is fast-paced, and this is difficult to do whilst maintaining software security. I agree with you that outdated software is a huge security risk, but I don't see how that contradicts with my statement on Tesla's software.
I have written my own ECU flashing tool for Simos18 as well as a message injection system for the VW/Audi MQB platform (similar to the commercially available PolarFIS product). Really the only protection at all is that ECU flash files are encrypted in transit (on dealer DVDs) and over the wire, but with a fixed AES key and IV which is present in plaintext on the flash once the file is written. The CAN gateway messages are generally not encrypted, both over the infotainment CANbus and the powertrain CANbus.
Almost all cars are nearly completely insecure once you have interior physical access - which, IMO, is mostly OK as long as the bus wiring is in a reasonable location inaccessible to someone like a taxi passenger.
What is more interesting is the prevalence of head units with wireless or remote access - over 3G, Bluetooth, and WiFi. Compromising these hosts (and then finding a pivot or escalation between the infotainment bus and the powertrain bus via the gateway) is an interesting attack vector.
May be i was wrong, but there are nothing on the CAN bus in latest generations of Mercedes.
It does seem like most commodity FlexRay systems are still hackable although it's certainly harder than CAN where you can just attach a node and start spewing garbage from whichever address you'd like: https://brage.bibsys.no/xmlui/bitstream/handle/11250/2453093... (I'd expect all modern BMWs to be similar or identical to this MINI for cost reasons, although as evidenced I may be surprised!).
I still haven't found a robust use of end to end encryption anywhere in an automotive application - even the "most protected" routines like ECU flashing seem to be protected by weak XOR/known-secret seed/key security in tandem with symmetric cryptography using fixed key material.
Looks like it is AES-CBC with static IV, not very good, but not that bad. Still very very far from hackable. Even if you will be able to guess AES key (somehow) there are no way to hack asymmetric keys. Sure you can leak them during delivery of firmware, but i really feel that this is not the case for Mercedes. Also that's how they make money (and provide security) - lock down access to everything.
At AUTOSAR encryption docs there are RSA and ED25519, that is very good encryption obviously. (https://www.autosar.org/fileadmin/user_upload/standards/clas...)
OTA is great but my experience with my TM3 is clouded by one issue, I want blue tooth audio support to be enhanced so I do not have to use my phone to select tracks, playlists, artists, and such. Instead what was the big update of near the holiday season, fart humor, holiday fireplace like a screen saver, and the old Atari pole position game.
Seriously? Yeah I know they also updated auto pilot, put in a new animation for setting vents, and such, but I really don't need the easter eggs when there are so many programmable features this car should already have and audio support including the mentioned blue tooth support is all easily a decade behind what other cars have. hell our energy meter is a joke, it won't break out power used to move from that to maintain the pack, doesn't want to count when I am not moving, and blends in the HVAC. Auto hi beams that are spastic and auto wipers that are just, well odd.
Sorry for the ramble but the security stunt is one thing but non essential crap like easter eggs is just more things to break or be exploited. bring the cars customer facing electronics up to date before farting around more.
love my car, have serious doubts about their priorities.
It's because of entitled comments like this that companies don't develop easter eggs. They know that someone who doesn't understand how software development works will ask this very question - "why easter eggs? Why not that one feature I want?"
What you get is something that costs money and has the chance to decrease the quality of your software.
Now there are intangibles that make Easter eggs worth it. Mostly, you have to keep the developers happy. But don't act like they have zero cost.
Full disclosure, I shipped an easter egg in the Sun x86 service processor about 11 years ago.
My kids gleefully get to “drive” my Tesla using the steering wheel to play Pole Position. They snicker when we goof around with the whoopie cushion.
It’s hard not to be positively influenced by something that gives your children joy. I appreciate that there are these bits in the software which are whimsical that my family can play with.
Navigate on Autopilot (Beta) suggests lane changes but does not proceed without confirmation. But autonomous lane changing is live in Tesla internal test vehicles and will roll out after more testing. Getting on and off the highway and changing lanes is a step up, so they are shipping real features.
They enhanced the cruise to be more aware of sharp curves (will adapt speed, even below your set point, in advance of a curve).
They also added blind spot monitoring showing vehicles behind and to the sides which had not been displayed on the guidance system previously. They also distinguish betweeen the type of cars with different icons for trucks, buses, and SUVs. They also added rudimentary pedestrian detection and a very goofy pedestrian icon on the guidance display.
And also dash cam support which had been much requested.
I agree with you that the media control from the phone is lacking. The good thing is I’m confident an update will come along one day and make it better. More than I can say for any other car!
Lastly, the humorous apps have a purpose. My 6 year old son is absolutely in love with the Tesla and now begs to take my car instead of moms Mercedes. He asks me at least once a week about when I’m going to get the Roadster with the rocket boosters. (As if!) It’s genius marketing even if it is a bit silly.
A fireplace video and new game is exactly what I would expect as a bit of fun to wrap up the year.
OP claimed Tesla has their priorities wrong. I strenuously disagree and provided ample evidence to back my assertion.
Consider that the fireplace screen saver might not just be about having a fireplace, but perhaps a test of streaming video over the air, or maybe it's rendered with OpenGL, or maybe it's testing a new app deployment mechanism, etc. Easter eggs are a great way to test new tech that could be very important, on a low-impact area of the system.
Or the fart mode could just be fart mode.
On my 3, track name and album art (if available) is displayed, and I can control via the touchscreen or steering wheel controls - same as on my 2016 VW Golf R.
It's more-or-less exactly what I need and want, but of course more features are more compelling. I've never seen another vehicle from any marque offer any more options over Bluetooth. If you can select playlists, can you do the same with (say) Spotify, or only with in-phone playlists of local music? iOS? Android? Both?
I wish we had the option to have Spotify instead of Slacker radio as they do in Europe, as I actually pay for Spotify, but to be honest, I don't get a whole lot of value from browsing through playlists on my in-dash screen. I used Carplay precisely twice in my Golf for this very reason. Frankly, the phone controls are more familiar and easier to use with minimal diversion of attention.
But, I'd love to hear more about what Bluetooth supports and which cars support those advanced features.
I echo your comments on the easer eggs. I give precisely zero shits about them, and IMO, they're not even easter eggs when you practically click a menu that says EASTER EGGS. When I was 14, they were fun, when passed around via word of mouth. I've never opened any of them on my 3, I just don't care. For some reason, my (retired) dad really loves them, but I guess he's got plenty of time to sit around in the car in the garage playing games :P
Plus, CAN bus is just layer 2/3, you could build secure extensions on top of it, but I agree it is insecure by default.
Because some people value the pro-Tesla narrative more than the truth. This is too bad, because one can value the pro-Tesla narrative and the truth at the same time. (Putting the truth first, of course.)
So its like the smart home.
Two major differences though:
1) There are accessible ways for you to secure your home network, not so much when it comes to the car network.
2) Someone taking control of your car poses a more immediate risk to your life and the lives of others on the road around you than having your home network hacked.
Finding critical flaws in a super complex system you built for years and sell to the entire world. For just the price of a car.
Or, miracle occurs, nobody finds anything and you get some killer PR.
That's a very good deal.
I think it's safe to think they have considered that already :)
Would you say it's unlikely they just maxed out what they can do internally and want new eyes to work on it ?
When did that occur? They're still selling $40K+ cars while their competitors are selling cars in the $20K range; Tesla cars continue not to make financial sense, they're a luxury good.
Dollar per dollar the best bang for your buck is still likely hybrid vehicles followed by the cheapest electric vehicle you can find.
The Roadster definitely challenged a lot of those assumptions. Tesla proved they could make an electric car people wanted, rather than one they hated but tolerated out of a sense of moral obligation.
> made electrical vehicules economically realistic
To cast some perspective, Nissan has sold about 380k Leafs - the most popular electric car in the world - worldwide over the past 8 years. Tesla has shipped over 160k Model 3s in the US alone over the past 14 months (and currently continues to sell another 20k or so per month).
The vehicle market is huge, and Tesla has by no means conquered it, but they've put a much larger dent in it than any other electric vehicle manufacturer, and have been instrumental in changing public opinion on EVs.
Volkswagen, post diesel fiasco, is best situated to hard-pivot to electric. Nissan is alreday succeeding. Others will follow suit as soon as it's economically viable, and mostly this depends on battery tech improving a little bit more.
Tesla is not the leader: https://www.forbes.com/sites/bertelschmitt/2017/05/01/who-is...
Your article is nearly two years old, though; 2018 was a very different year for EVs because of the Model 3. Here's some actual sales data for you: https://insideevs.com/monthly-plug-in-sales-scorecard/
The Model 3 accounted for 38% of all EV or hybrid vehicles sold in the US in 2018 and 60% of all BEV vehicles. Tesla's 3 vehicles accounted for over 50% of all EV/hybrid sales, and 82% of all BEV sales in the US in 2018. How you can look at that and conclude that they aren't the leader in that space is beyond me.
The US market is not the world market, and world-wide Tesla is inconsequential. Even in the US it's highly localized, and in those areas it's still inconsequential.
The Model 3 has suffered from ridiculous levels of mismanagement and process problems. They are so far behind on targets it's amazing their entire management team hasn't been sacked and replaced with people who know what they're doing.
One day a company that's competent, like Toyota, will brush Tesla aside without even trying. Until then Tesla has a fraction of a fraction of the sales in the US.
The US (well, North American) market comparison is apt because that's the only market that Tesla is manufacturing and selling in in any appreciable quantity right now. It's somewhat difficult to quantify demand response in markets where supply isn't available.
Toyota may well come from behind and eclipse Tesla. I'm not particularly concerned if they do or not, but I do think it's ignorant to look at the EV landscape and not conclude that Tesla has created demand and interest in a market previously marked by tepid apathy. You're arguing global auto markets, I'm talking about impact on consumer sentiment towards EVs. Two totally different discussions (and frankly, a rather clumsy strawman on your part).
I'd say that counts as "economically realistic", even if it doesn't meet your further-back goalpost of "best bang for the buck". If the Model 3 isn't economically realistic, someone should tell that to Audi and BMW and Cadillac and Mercedes-Benz.
It's not safe to say anything about Tesla's capabilities or competencies at this point.
Munroe's teardown also had some interesting findings (both good and bad, but that was the goal):
A suspension worthy of formula one was quite a compliment. I'd say there are some things that Tesla does uniquely well. Safety is another one. Remember that time the NTHSA literallyu broke their testing machine when testing the Model S for crash safety? No? Here are some videos:
That reads like an ad paid for by Tesla
You can "engineer" the hell out of something and still do a terrible job as an engineer. Tesla's infatuation with novel, clever things often gets in the way of shipping. Their fiasco with the model X gull-wing doors is just one example of a billion.
It's easy to make your car better when you can charge vastly more and you've got tons of VC money you can blow through in pursuit of some distant goal. Established car companies have no such luxury.
This is not to say Tesla hasn't had some wins, but on the whole they're losing.
Arguably Tesla is the Juicero of cars.
Isn't that called "disruption" and is the entire reason Silicon Valley exists?
It's easy to make a billion dollar start-up if you get two billion in cash you can blow on acquisitions. It's hard to make that company survive more than ten years.
When Tesla runs out of VC money, which they will, things are going to turn ugly in a hurry. All this money they've blown on door hinges and sending cars into space will be gone and they'll have to turn a profit. I'm not sure they can without massively cutting back and radically simplifying their product.
The market for clean vehicles exists because Toyota and Nissan showed there was demand for it. Tesla came in and made better-looking cars (from a distance, they're quite shoddy looking up close), but they're competitively only because Toyota and Nissan have chosen to stick with their distinctive designs rather than put their EV tech into mainstream vehicles.
And Tesla's big problem is that the rest of the industry is finally getting around to putting their EV technologies into mainstream vehicles, almost all of which are better made and far more reliable.
I feel pretty confident in my right to criticize Tesla for it's presumptive and poorly executed overreach.
That aside, i don't trust any car maker to make good software. Especially infotainment. Especially if it has bluetooth/wifi. And especially if there's internet involved.
Let's just say i'm holding back words here.
Grand majority of software development is not very strict on best security practices. But a two ton object that can easily move at speeds over 100kmh demands insane security measures. That's my opinion, at least. I know people will sooner buy a car with spotify. And i know people won't just hack other peoples cars and make them crash. But still, it weights two tons and moves at two hundred kilometers per hour.
As a side note; someone else wrote how Teslas are advanced in terms of computer technology then other cars and how many computers they have in their cars. Lots of other cars have a ton of computers in them. It's nothing new.
Since I'm not giving any evualation in any way about the quality of the software resulting in those actions, is your comment stating that I'm wrong, in a way I couldn't understand ?
Anyway. One of the mails was an infotainment engineer at some car company. Before that I, for some reason, thought that such a big and serious industry is very serious when it comes to software. But right then it clicked that car software makers are just as any other software writers (maybe a bit more serious).
This was before two hackers hacked a Toyota. And later a Range Rover (or something) over bluetooth. Bout those companies are much older and much more serious then Tesla, and probably have plenty of world class coders at their disposal.
As for the first part of what I wrote above (that i forgot by now).
Teslas are not the first commercially viable electric car. They may be among the first to have nice range (over 300km). And Teslas are not the most affordable, that goes to the Nissan Leaf (2017 and above). Granted the Nissan is not a big car, closer to a Clio.
On another though, they could just hire a security company to do a deep audit. Maybe they have. Maybe that's why they are incentivizing crackers. I do not and probably can not know.
edited for readability
EDIT: I'd maybe trust Rolls Royce. But i don't have money for that so it doesn't matter.
I see that you had many experiences with failing engineering, and so have I. What's more, car manufacturers have been involved in more and more scandals, and this does include code quality. As a matter of fact, I did meet people with direct experience on car systems code that reported deep quality problems.
It's then logical to say there is a possibility Tesla screw up.
However, electrical cars have been holding computers since day one. Tesla demonstrated the ability to create, build and sell at scale complex electronic systems with generally well considered performance. Also their will to allow outsiders to attack it can be interpretted as a desire to improve the system, and hence it makes sense to think this desire existed before, and they that did their homework (which is the original topic of this thread).
We are discussing ability to setup a process, not to succeed in it.
I'm sorry. I forgot for a second that I don't want to take part in these kinds of discussions. Tesla, in this case.
You can have your faith.
It's definitely not a "push to all cars" type thing.
If they can push to batches of cars then they can push to all cars if they want to.
I don't think something like this would be allowed in the contest, which is a shame, because it's probably what most of those who want to "hack Teslas" in the real world will attempt to do.
The interesting part is Tesla shipping this in the 45'000$ Model 3 while competitors at the moment are only shipping this in much more expensive models.
That's what i would do in Tesla's case, just to make sure that a lot is fixed. ( if it's possible ofc.)
Tesla's are designed to receive software updates on a regular basis using a cellular connection, whereas with every other car brand you'll need to bring the car to a certified dealership to have a mechanic (!= computer engineer) install the new firmware.
So: a nasty bug in a 'regular' car means the manufacturer must consider a recall of all affected cars, where Tesla will simply push an update to all cars in the field. This also means that Tesla can run the update before the vuln is disclosed.
Musk said he regards Tesla as a software company, their software just so happens to have a car attached to it. I highly doubt other car manufacturers see it that way, they probably see the software development as an expense.
Maybe, but that sounds optimistic. What if the hack turns that off? What if the hack bricks a piece of hardware? Should remote updates be trusted if the car's been infected with malware?
> Musk said he regards Tesla as a software company, their software just so happens to have a car attached to it. I highly doubt other car manufacturers see it that way, they probably see the software development as an expense.
Software companies write most of the software bugs, so that doesn't make me feel any better...
Your statement is untrue about OTA updates. Tesla might have been the first to do it in 2012 but most companies are doing it already or plan to.
GM and Ford plan it for 2020 and Mercedes and BMW have announced it in the past year. The Japanese makers are usually more reluctant to adopt new tech.
There are much cheaper APs than a Unifi AC Pro.
Which tells me you probably could've saved money in some other ways as well.
This is not true. Some FiatChrysler vehicles have OTA updates. And if FCA is doing it, others are, too.
when a system is breached with methods that don't leave a signature a clean reinstall from scratch is the only option. once one to all your system are potentially breached by remote exploits it's recall time.
local exploit that require access to the car innards could potentially be patched over the air if the method allows the owner to know if the car was breached into. then it'd be update for safe car and recall for breached cars.
You can maybe come up with a version of this that uses a HSM, or simply some part of the firmware that is read-only.
In the threat model I describe, the attacker who controls the car's system can lie to the server about what is on its system. It also has access to anything that's distributed to the car itself (such as a per-car private key!), and presumably it has oracle knowledge in the form of what the server expects the correct hash to be. A compromised car can freely lie about the hashes of anything on its own system as necessary; it can freely sign any attestation with a per-car private key; it can parrot the expected hashes of files distributed to other cars. Even if you sent watermarked files to cars, the compromised car could remember the hashes of those watermarks to parrot them back later.
So, pray tell, where do you imagine the cryptographic signature actually adds value? As in, how can you pick the owner of the private key and the owner of the hashing process such that a near-omnipotent compromised car cannot fool the server?
What prevents an attacker from overriding some validateFile("path","hash") call to always return 0 ?
You also never store the hash, so once a user has gained access to the car it's impossible to get the right hash (as you would've had to modify the firmware/filesystem/etc in some way to gain entry).
You would also need to include a timestamp/car serial in the hash so that you couldn't reuse an old hash from before your entry (that you had MITM'd) or use a hash from a different car that still had its integrity.
That cat-and-mouse game discourages people from reporting vulnerabilities. Why you think that it improves security?
Does that mean that they think that such attacks are too easy? If they use rolling codes, will they classify any attack with jamming as "rolljam"? If they don't, why specify this?
> If more than one contestant registers for a given category, the order of the contestants will be drawn at random. Based on the contestant order, the first contestant will be given an opportunity to attempt to compromise the selected target. If unsuccessful, the next randomly drawn contestant will be given an opportunity. This will continue until a contestant successfully compromises the target. The first contestant to successfully compromise a selected target will win the prize money for that target in that category. After a target has been compromised, the contest for that category is over and no other contestants will participate in the contest for that category (unless Sponsor has offered an additional winner option, which would be announced at the conference if applicable).
On some level, winning the thing you hacked doesn't sound like the best kind of prize.
I don't think that would be a very good premise for a contest. For example, what if it crashes into another car?
And it's relatively cheap for Tesla to pay out to get these vulnerabilities found and addressed.
edit: there is nothing stopping someone from leasing a tesla, finding an exploit and shooting it within the first 10 seconds, no? In general, how does this work at pwn2own?
If you've successfully hacked a car and shared your method would you then get in said car and drive it away? I'd like a patch or at least a factory reset first....
Guessing just already-successful firms / personalities that want to win Tesla pen-testing contracts in the future?
Or has Tesla released binary blobs of their firmware systems online?
But that still does not address the matter of rigging and whether Pwn2Own has clear rules against it. I don't know, which is why I asked.
Prior to the "contest" beginning everyone participating has to disclose what they have 0day for. In cases where more than 1 person brings 0day for a particular target then they will attack it in turn. The order they get to go in is random. When it's someone's turn they get like 5 minutes to exploit the target. If they can't do it then it's the next person's turn. Whoever exploits it first wins. So if you have 2 people each with a reliable exploit for the same vuln in the same target then who wins is really decided by the coin toss. But let's not forget what this really is: vulnerability sales. So if there's 2 different vulns in the same target then probably the sponsor is going to want to buy them both anyway.
What is it that you mean by rigging? The main point of the event is that sellers feel safe exposing their warez. The rules are clear, they're going to get paid if they have what they say that have. The sponsors get to buy the 0day and know it's real and they're not getting ripped off. And it's all in the open and everyone gets good press.