Absolutely, I agree, but the software update mechanism is somehow able to update or interface with that system. If you're able to jailbreak _that_, then its one less barrier in the way of taking over the drive control.
I'm sure only signed updates are allowed. Same as with intel microcode updates and most firmwares. They'd be highly irresponsible if jailbreaking was left possible.
Nobody intends jailbreaks to be possible. It's done through exploiting bugs. And saying it'd be highly irresponsible to write a bug is like saying it'd be irresponsible to use the bathroom. It may stink, but everyone does it.
I'm aware these are just bugs, but there's a huge difference between iOS/android (let's keep it fairly secure, if anyone breaks it we'll release a fix... maybe, noone really cares) and car's system (probably at the level of: holy shit this cannot run untrusted code, even if that means adding trusted execution module that prevents booting if there's any unsigned byte present).
Sure, I agree, but what system checks the signature? A responsible engineering team would have a dedicated piece of hardware for that. For decent security, it would need to physically sit between the untrusted, internet-connected machine and the embedded hardware.
Not to mention that there must be some key floating around Tesla that can be used to completely reprogram any Model S from anywhere.
Its not the first time a company has needed to privately secure a key, but this time there's a lot more at stake. I wonder what the privacy success rate is for companies with highly-sought-after keys like that. Over a long period of time, the chance of a key leak has got to be pretty high.
> For decent security, it would need to physically sit between the untrusted, internet-connected machine and the embedded hardware.
TPM style solutions already exist. Keys burned into the chip + verification at boot should do most of the work.
> there must be some key floating around Tesla that can be used to completely reprogram any Model S from anywhere.
It could be something more interesting. A set of keys where signature requires N out of them? Even if there is some master key, they wouldn't keep it on a node connected to the network (one would hope...) Some hardware crypto-box maybe?
> Even if there is some master key, they wouldn't keep it on a node connected to the network (one would hope...) Some hardware crypto-box maybe?
I imagine Elon sending the only copy to space on one of the recent SpaceX launches, so that they can deorbit it when needed, but to steal it, you'd actually have to go up there and find it ;).
Jailbreaking is always possible, period. It's only matter of trying hard enough, and (un)fortunately, it's usually enough for one person to put the effort once, and then everybody can use the results.
Lots of systems are built to only allow signed updates, but bugs often allow bypassing that. If you can exploit the existing firmware, you can effectively load new ones. That's how iOS jailbreaks work despite Apple's attempt to only allow booting an Apple signed OS.
...which you can hack, as all car systems are connected by the CAN bus, and people already have exploited buffer overflows in car radios, in turn giving access to the CAN bus, and unlocking the vehicle.
According to the article, the car's network consists of three devices - the centre console, the dashboard, and one unknown device. There's no way that the whole car has only three computers.
My guess is that this ethernet network is only for the user interface. I'd also guess that the unknown device serves as a gateway (and, hopefully, a firewall) between the critical systems of the car and the car's UI.
Firewall? The CAN bus interfacing with the core vehicle components assumes no access controls or anything. Any device connected to it is inherently trustable, no questions asked.
There are usually discrete CAN bus firewalls that sit between controllers that are explicitly programmable, and the bus. They might be ASICs, microcontrollers or FPGAs, but there's no way into the mfrom the network. The only attack vector onto the bus is to stab the car with a sharp knife until you have the PCB in your hands, at which point you have owned the car anyways.
Depends what level we're talking about surely? SpaceX have their own real time Linux which they do use on rocket systems - stands to reason they might bring a similar idea over to automotive systems.