CSA Editors note:
This article shows the advantage of learning to “hack”. It is part of a bug bounty program from Tesla. The goal of these “white hat hackers” (ethical – good guy hackers) is to find weaknesses in systems before the black hat hackers (bad guys) do. This way the weaknesses can be strengthened and people and companies are safer.
The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy
A few years ago, a hacker managed to exploit vulnerabilities in Tesla’s servers to gain access and control over the automaker’s entire fleet.
He was an early member of the Tesla “root access” community, a group of Tesla owners who would hack their own cars to get more control over them and even unlock unreleased features.
At the time, Hughes was using his knowledge to tinker with salvaged Tesla vehicles and build off-grid energy storage systems and electric conversion kits.
He turned the hobby into a business selling Tesla parts from salvaged vehicles and building his own controllers to help people make cool projects out of those parts.
He told Electrek:
“I found a hole in the server-side of that mechanism that allowed me to basically get data for every Supercharger worldwide about once every few minutes.”
The hacker shared the data on the Tesla Motors Club forum, and the automaker seemingly wasn’t happy about it.
The practice, known as whitehat hacking, wasn’t his main focus, but like most tech companies, Tesla has a bug reporting system in place to reward people who find and report vulnerabilities.
It’s at that point that Hughes decided to compile a bug report (today he released an annotated version of the report). Since he was already recently in contact with Tesla’s head of software security, who was Aaron Sigel at the time, he decided to email him directly with his finding.
This was a big deal.
Within minutes of receiving that email on that Friday afternoon in March of 2017, Sigel called Hughes.
Now back then, Tesla’s autonomous capabilities were much more limited than the driver-assist features found in Tesla’s Autopilot and Full Self-Driving packages now.
Tesla Cybersecurity Today
The good news is that Tesla has since significantly increased its effort to secure its network and overall cybersecurity.
The automaker increased its max payout per reported bug to $15,000 in 2018, and it has ramped up its security team as well as its relationship with hackers through participation in hacking conferences.
Over the last few years, Tesla has brought its cars as targets in the popular Pwn2Own hacking competition.
David Lau, vice president of vehicle software at Tesla, recently commented on the effort:
We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 — the first to include a connected consumer vehicle — we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.
Also, Tesla owners will supposedly soon get two-factor authentication for their Tesla account.
Source: https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet