Hacker News new | ask | show | jobs
by AceJohnny2 4464 days ago
I am very amused that people in this thread assume that this ethernet port allows tinkering with the automotive systems.

Automotive systems communicate over a CAN [1] bus, not ethernet. In fact, this bus is usually physically separated between drive-critical bus (which controls things like ABS) and "comfort" bus (such as electric window controls, central door locks, wheel-mounted audio controls). Ethernet has none of the industrial strength qualities that make CAN a valid automotive control bus, such as signal hardening and real-time guarantees.

As far as these users have found, this ethernet port is connected to the infotainment system: the 17" display.

I would be deeply disappointed in Tesla if the infotainment system can modify drive-control devices with anything less than signed binaries and commands. As an aside, I wonder what the legal requirements of such safeties are.

[1] http://en.wikipedia.org/wiki/CAN_bus
10 comments
anologwintermut 4464 days ago
Sadly, the segregation between CAN buses is not nearly as good as you would think. ONSTAR, for example, sits on the drive critical bus (and is exploitable). Of course, this is not on a Tesla, but still.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

link
gcr 4464 days ago
A few years back, a joint UW-UCSD team showed that car systems are remotely exploitable. They were able to literally call the car's cell phone number and control the brakes/gas/door locks remotely.

http://youtu.be/bHfOziIwXic

link
gcr 4464 days ago
(oops, sorry about gratuitous use of "literally" -- i should learn not to editorialize better)
link
anologwintermut 4464 days ago
The above paper is one of two the UW/UCSD group wrote.
link
tlrobinson 4464 days ago
Assassination via car hacking would have seemed like sci-fi a decade or two ago.

See Michael Hastings conspiracy theories: http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...

link
rdl 4464 days ago
Assassination via physical-access car hacking (cutting brake lines, etc.) has been around for a long time. Seems like a small jump to electronic.
link
ferongr 4464 days ago
Has there ever been a successful assassination using this method? If some cut my brake lines I would know about it the moment I started the engine and applied the service brakes while putting the car into drive/releasing the e-brake, or become aware of it while maneuvering out of a parking space at speeds under 5mph.
link
DanBC 4464 days ago
The theory is that the brake lines are weakened and fail at some point during the journey.
link
btbuildem 4464 days ago
Not necessarily -- it would take a good few pumps of the pedal to introduce enough air into the system for the brakes to become ineffective.
link
rdl 4463 days ago
There are a bunch of cases of amateurs who do this. http://www.dailymail.co.uk/news/article-2081590/Man-arrested... http://www.ktbs.com/story/22346692/man-accused-of-trying-to-...

I'm more used to people just putting car bombs on the vehicles, though.

You should be good with the e-brakes, and should never 100% depend on your primary brakes when driving, but in practice I'm sure a lot of people get into situations where they wouldn't know to switch to e-brake if the main brakes failed, or wouldn't have time. The biggest risk to the assassin is that car accidents in modern cars just aren't that fatal -- you can hit another car head-on at 60mph and, with seatbelts, non-offset crash, airbags, etc., either walk away or at least survive at a hospital. It also leaves enough forensic evidence, especially if the driver survives and reports "my brakes just didn't work!" that it wouldn't be surreptitious.

A bomb isn't likely to be taken as an accident, either, but is at least likely to be effective.

link
el_benhameen 4464 days ago
I'm probably missing something here, but wouldn't it make sense for ONSTAR to sit on the drive critical bus? If it's able to monitor collision data and (in newer models) slow down a stolen car, it'd need access to drive-control systems.
link
obituary_latte 4464 days ago
I'm unsure whether it makes sense in the context of safety. However, in the context of being able to sell the product as having those features - makes perfect sense.
link
mdorazio 4464 days ago
Thank you for pointing this out. A few additional notes on the way most modern car electronics work:

1) The entertainment system generally has read-only access to the CAN bus via an intermediary DCU. Even if you were able to "jailbreak" it, you wouldn't be able to modify the CAN.

2) The control unit(s) that actually have the ability to modify things like brakes, maximum speed settings, etc. are ECUs (http://en.wikipedia.org/wiki/Electronic_control_unit) and are entirely separate from the entertainment system.

3) Updates to vehicle-critical systems generally never even go through the entertainment system. They are sent over the air to the car's receiver (usually a kind of DCU), and are processed outside the purview of the entertainment system. The only thing the entertainment system can do is schedule the download and read the progress of the update.

It's interesting to see that Ethernet is used to connect the infotainment displays, but this isn't really a security concern as far as I can see. It just means we'll probably see some mods for the displays in the future, like turning off the YouTube lockout or enabling different data displays.

link
rjsw 4464 days ago
There isn't any reason why the entertainment system couldn't reprogram the ECUs, I have never seen a read-only CAN controller so the hardware will be able to write to the CAN bus. The OBD-II diagnostic connector provides full access to the CAN bus anyway so once you are inside the vehicle there isn't much security.

You could even run the service diagnostics on the entertainment system and avoid the need for extra hardware in repair shops.

link
mdorazio 4464 days ago
At least with the auto manufacturers I've worked with the entertainment system is controlled by a DCU, which is in turn connected to the CAN controller. It is the DCU that limits the access to be read-only. It may be possible to alter the firmware of the DCU to allow two-way access, but it would not be easy.

100% agree with you that if you're already inside the car security of the entertainment system is a moot point. There are attack vectors you could use that bypass software controls entirely.

link
TeMPOraL 4464 days ago
> I am very amused that people in this thread assume that this ethernet port allows tinkering with the automotive systems.

I'm still surprised people think like this. We had 60+ years of technology hacking to learn that if it is not airgapped, it can be hacked. And even if it is, it probably still can be (cf. Stuxnet). So while I doubt Tesla is using Ethernet to control critical car systems, I also don't think that they can't be tinkered with using that port if someone cares hard enough to try.

link
gcr 4464 days ago
Some high-end luxury cars are remotely exploitable, to the point where attackers can control the breaks/engine/locks using a cell connection: http://youtu.be/bHfOziIwXic
link
marincounty 4464 days ago
Agree-
link
Vik1ng 4464 days ago
I'm not expert on this, but I'm pretty sure the IT guys in our Formula Student Team use a Ethernet cable to connect their laptop to the Autobox and then the Box runs the CAN signals.

http://www.dspace.com/de/gmb/home/products/newprod/microauto... (Table: Host-Interface = Ethernet)

link
threeseed 4464 days ago
I guess the point is that signed binaries aren't full proof. Look at how jail breakers have been able to continually defeat the iOS security controls over the years. And surely Apple has a larger and more experienced development team than Tesla.
link
the_ancient 4464 days ago
Why would you believe that?

Apple is mainly a Design firm, they are good at making things look pretty... not much else..

link
Dwolb 4464 days ago
Just a note, automotive Ethernet PHYs exist [1] and there is some interest in real-time Ethernet applications (piggy-backing on an original audio use case, AVB) [2].

[1] http://www.broadcom.com/products/Physical-Layer/BroadR-Reach... [2] http://www.eetimes.com/document.asp?doc_id=1315425

link
PinguTS 4464 days ago
Yeah, BroadR-Reach is currently used by BMW only. There will be more used cases, but I can't talk public about for obvious reasons. But then, don't expect to have TCP/IP available, like this article suggest.
link
mikepurvis 4464 days ago
There's also EtherCAT, which has been around for a while and has realtime and safety guarantees.
link
PinguTS 4464 days ago
lol, Ethercat, lol

Yeah, it looks like ethernet, but it isn't. It is not used in cars. Currently, I don't know if it will be used in cars. Presumably not. Ethercat is used for hardware in the loop simulation.

link
sliverstorm 4464 days ago
That was my first fear, actually. Reading the headline, cold chill "They can't have been stupid enough to build the Tesla with Ethernet instead of CAN bus, right?"
link
mschuster91 4464 days ago
You can be disappointed - you can unlock the vehicle from your app, thus 0wning/jailbreaking that box will give you CAN-bus access.
link
miah_ 4464 days ago
Super interesting. There was this hack from a few months ago that involved messing with items on the CAN bus. I think they get into more of the details;

https://www.youtube.com/watch?v=oqe6S6m73Zw

link
kalleboo 4464 days ago
What about cars where you can enable/disable features like traction control and auto-break from the entertainment system? They must have some sort of connection, and that connection probably has bugs that could be exploited.
link