Yes, the article that had a blurb on the original post was about an app that uses the existing API. Tesla has no problem with that. There was also a link to a story about the $10k hacking contest. This is totally different. The goal of that contest is to gain unauthorized access to a Tesla you don't own. Presumably it isn't that easy to do that - at least we all hope. I'm sure that Tesla has gone to some length to prevent something like that from happening.
Tesla probably does use code signing for the code that runs on their central computer system. That would certainly make sense. But, there isn't any need to break that in order to hack the car. Historically, CANbus traffic has not been too terribly well secured. I can personally attest to this. ;) The center console computer in the Tesla has 6 CANbus links. It's possible to get at all of them from a diagnostic connector right there in the center of the dash. Chances are those buses are not that terribly secure. The biggest reason they haven't been attacked is that far more hackers are comfortable with wifi, ethernet, and computer tampering than are comfortable with CAN. The Tesla does have some protection against attacks that would target the drive train. For one, the accelerator pedal goes straight to the inverter so there is likely no way to command the car to take off without the pedal being pressed. Likewise, the inverter knows the state of the brake pedal from digital inputs so that can't be spoofed by comm traffic either. That's a reasonably old-school way to protect the car but it could be fairly effective. -Collin On Thu, May 21, 2015 at 9:41 PM, Mike Nickerson via EV <[email protected]> wrote: > In this specific case, the facts don't line up with the hype and the > headlines. The "Tesla hacks" haven't modified the vehicles at all. The > application is using the same API that the smart phone apps use. That allows > the program to unlock doors, open the sunroof, turn on the AC, and collect > data on location and battery state. Not exactly much of a modification. > > If Tesla is smart, they have implemented code signing on their execution code > so they can detect and reject unauthorized changes. We even do that for > laser printer code. I'm sure that Tesla would do that with the code that > runs a high performance car. > > Mike > > > On May 20, 2015 7:37:33 PM MDT, Alan Arrison via EV <[email protected]> wrote: >>I am surprised that auto makers haven't locked down their systems with >>encryption. >>If they haven't yet they probably will if for no other reason than >>liability issues. >> >>Al >> >>On 5/20/2015 4:50 AM, brucedp5 via EV wrote: >>> >>> Every since the first cars rolled out of factories, owners have been >>> modifying them to suit their own personal needs and tastes. With the >>> extensive computer controls used in modern cars, people are now >>finding a >>> different way to do that. >>> >>> Certain Tesla Model S owners are giving their cars upgrades, but >>instead of >>> changing tires, brake calipers, or paint jobs, they’re changing >>software. >>> >>> >> >>_______________________________________________ >>UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub >>http://lists.evdl.org/listinfo.cgi/ev-evdl.org >>For EV drag racing discussion, please use NEDRA >>(http://groups.yahoo.com/group/NEDRA) > > _______________________________________________ > UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub > http://lists.evdl.org/listinfo.cgi/ev-evdl.org > For EV drag racing discussion, please use NEDRA > (http://groups.yahoo.com/group/NEDRA) > _______________________________________________ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
