SoylentNews is people
SoylentNews
from the going-soon-from-outside-a-house-near-you dept.
Teen hacker finds bug that lets him control 25+ Teslas remotely:
A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.
David Colombo explained in the thread that the flaw was "not a vulnerability in Tesla's infrastructure. It's the owner's faults." He claimed to be able to disable a car's remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car's exact location.
However, Colombo clarified that he could not actually interact with any of the Teslas' steering, throttle, or brakes, so at least we don't have to worry about an army of remote-controlled EVs doing a Fate of the Furious reenactment.
(Score: 3, Informative) by Snotnose on Sunday January 16 2022, @02:18AM (1 child)
The CAN bus is a modified I2C bus, which is much too slow to deal with wireless connectivity.
The conclusion being some upper layer that was responsible for 802.11x to CAN is responsible for security. And it dropped it's pants, not the CAN bus itself.
To put it another way, if your "smart tv" is hacked, can you blame the remote?
My ducks are not in a row. I don't know where some of them are, and I'm pretty sure one of them is a turkey.
(Score: 4, Informative) by Anonymous Coward on Sunday January 16 2022, @03:41AM
Note that the summary says "in 13 countries". Telsas have an app that lets you control some features from your cellphone over the internet. It's a horrible idea, but everything is going that way these days, and luxury cars are no exception. As for this incident, isn't isn't even the car getting hacked but the control website. As per the Ars article, Tesla's fix was to revoke thousands of authentication tokens, no doubt either due to weak passwords or people posting their access tokens to the net. Yes, people do that. Yes, it's just as stupid as it sounds.