Enov8 Solutions on LinkedIn: #tesla #keyfob #keyfobs #replayattack #rollingcode #flipperzero… (2024)

Real security and privacy threats to Over the Air vehicle software could come from within OEMs“But between 2019 and 2022, groups ofTesla employeesprivately shared via an internal messaging system sometimes highly invasive videos and images recorded bycustomers’ carcameras, according to interviews by Reuters with nine former employees.”One of the expectations that we have with our phones and computers is that they are automatically updatable to fix potential bugs and other issues.More and more so we’re seeing this with our cars as well, particularly with Tesla.I for one am very pleased to see new features appear as we own the vehicle.During our Tesla ownership we’ve seen new games, convenience features, mapping, more horsepower, increased range, recall updates and all sorts of other things.However, there is a downside: What happens if malicious software infects our vehicle?Or uploaded information is inappropriately shared, as happened here?While new features, such as sentry mode and dash cam are wonderful for security purposes, the double edged sword is potential inappropriate use of the content.The same goes with the flexibility to download new apps and information.Despite the occasional hacker being able to penetrate parts of Tesla’s software, it remains tightly locked down for most people, like all other OEMs.Yet, I am sure there are many people who would appreciate more of an Android approach to the vehicle system by being able to customize settings, create apps and download information to suit their specific driving needs. However, this could be a huge security and privacy issue, and a boon for bad actors.Worryingly though, the Tesla threat came from WITHIN the company. So, the question really is two fold:1)What is the appropriate level of safety and privacy caution that goes into OTA and user customizability?2)How do OEMs and their suppliers maintain privacy and security for owners within the company?For #1, OEMs have essentially done this by access restriction to within the company. For #2, the question really needs to be what processes and procedures are in place to ensure compliance, and essentially, to root out bad actors?Given the company culture that led up to diesel-gate, this problem may be greater than some may imagine, and if this Tesla data and privacy breach is any indication, such issues may not go away.What are your thoughts on how OEMs should carefully guard against internal issues with Over the Air privacy and securityLet me know your thoughts in the comments below#automotive #batteries #climatechange #security #innovation #software #sustainability More here: https://lnkd.in/gTy3QG7x

26

11 Comments

🔒🚗 A team from French cybersecurity firm Synactiv recently demonstrated the vulnerability of internet-connected vehicles by hacking into a new Tesla Model 3 in less than two minutes during a competition at the Pwn2Own conference. The hack, which did not involve the car's propulsion systems for safety reasons, enabled the team to access the vehicle’s gateway and infotainment subsystems, even replacing the Tesla logo with their own.In another demonstration, Synactiv managed to open the car’s trunk and doors while it was in motion, utilizing the car's Ethernet network. Their combined efforts won them $350,000 and a new Tesla Model 3.Tesla has confirmed the breach and promised to issue a patch to resolve the vulnerability. It's a sobering reminder that as vehicles become more connected, their vulnerability to cyber-attacks increases, posing significant challenges for automakers. #Cybersecurity #Tesla #ConnectedVehicles #cyber #hacking #safety #network https://lnkd.in/eWkK3fci

1

💰Cybersecurity is usually hard and expensive to implement, but more expensive is to break your business model.🚗Tesla has one of the most advanced softwares on the automotive market (Unfortunately, on the mechanical side is another story). It has hidden or disabled many features, some of them just a kind of Tesla “labs” to be published on the future and another ones that are already on the marked but for which you have to pay for.🏭 Because Tesla many years ago realized that having a unique production line, producing almost the same car and just disabling some features (like seats heating) simplifies a lot their busy productions lines, saving costs and allowing the customization of their cars just with change on their software.〽️ Well, now that’s how some group of hackers (seems that with a simple Fault Injection on the Voltage) elevated their privileges to reconfigure the cars, and access to private data (Including car locations). With this attack, in theory, attackers were able to enable the Full Autonomous driving system (7500$ worth!). About this attack, today we will have more news.💸 Because saving money sometimes costs money, We need to have always in mind the cybersecurity of our products.#Cybersecurity #Innovation #Hacking

3

Behold, the Tesla Model 3 as it speeds into the world of automotive innovation, leaving behind a trail of other hacked vehicles in the rearview mirror! All it took was a pesky two minutes at the Pwn2Own contest for this tech-savvy ride to get cyber-jacked. It's like watching James Bond's favorite spy car getting a taste of its own gadget-filled medicine. This speedy breach should serve as a gentle reminder-ride that when we put the pedal to the metal on fancy tech and internet connectivity, a miscalculated turn can lead straight to the chop shop of cyber vulnerabilities. So, dear friends, remember: indulging in the thrill of high-speed cyber innovation is all well and good, but make sure you park the car of caution where it belongs - on the sturdy ground of cybersecurity.

35

6 Comments

Modding and tuning your car has always been a thing with car enthusiasts. Buy a cool car, and modify certain aspects to get better performance or features thatwere not included in the price. This carries the risk of damaging your car and voiding your warranty, but still, online forums are full of people dedicating time to this hobby.In the advent of remote connected services and software defined vehicles(#SDVs),this niche could take on a different turn. Hackers find ways to circumvent OEM security mechanisms, and can make these tools available (for free, or for a price) to owners who wish to have certain features for free, be it car seat heating, more engine power, battery range, or installing pirated apps on their head-unit, possibly weakening built in security mechanisms and increasing the vehicle's exposure to#cybersecurityrisks.

42

3 Comments

Day 60 of the #cybertechdave100daysofcyberchallengeVulnerabilities in EV Technology.Researchers at Pwn2Own 2024 in Tokyo have uncovered multiple zero-day vulnerabilities in electric vehicle chargers, operating systems, and Tesla components. On the first day of the event, they demonstrated 24 unique zero-day exploits, earning $722,500 in winnings, with more to come in subsequent days. As vehicles become increasingly complex systems, the lack of external scrutiny in the past raises concerns about security issues in this evolving space.Last year, a team managed to breach a Tesla Model 3 in under two minutes at Pwn2Own. This year, researchers have exploited various targets, including electric vehicle chargers and Tesla components. They achieved a three-bug exploit chain against Tesla's modem and a two-bug chain against its infotainment system, each earning a $100,000 prize. These vulnerabilities are subject to a 90-day remediation period before public disclosure.Modern vehicles are integrating wireless connectivity and remote access features, expanding their attack surface. The increasing reuse of mainstream computing in cars brings along security challenges typical of mainstream computing. Balancing IT and safety-critical systems is a challenge, compounded by differing product life cycles.Vehicle cybersecurity is evolving, with some advocating for infotainment systems to be provided by smartphones like Apple CarPlay and Android Auto. Another approach is to let large companies like Google manage key functions directly wired into cars. However, vehicle manufacturers must address a growing list of security issues, from EV chargers to modems and operating systems.The key is to maintain strict segregation between mainstream computing and control systems to create effective choke points and limit vulnerabilities. Achieving robust cybersecurity in vehicles requires investment, audits, and rigorous testing, and external intervention may be necessary to push the industry toward better cybersecurity practices.#cybernews #cyberawareness #cybersecurity https://lnkd.in/gPAhifkS

1

Researchers Find Super Simple Way to Hack Tesla Keys: Security researchers have found numerous vulnerabilities in some of today’s most popular vehicles, including finding ways to access owner data, take control of vehicle systems, and more. Tesla’s vehicles aren’t immune, and a team of researchers recently showed how easy accessing one of the advanced EVs with a simple electronic device can be. #car #cars #awesome

At Pwn2Own 2024 in Tokyo, researchers have made significant strides in uncovering vulnerabilities within electric vehicle chargers, operating systems, and Tesla components, revealing numerous zero-day exploits. This year's competition has notably expanded its focus to include automotive technology, resulting in the discovery of 44 unique zero-days over the first two days, with participants earning substantial rewards.The event highlighted the increasing complexity and interconnectedness of modern vehicles, emphasising the need for greater research and scrutiny in automotive cybersecurity. A notable instance from the competition involved the Synacktiv team, who successfully exploited Tesla's modem and infotainment system using a series of vulnerabilities, demonstrating potential control over various car functions.This year's Pwn2Own has underscored the evolving landscape of vehicle security, illustrating the challenges and opportunities in protecting the increasingly digital and networked automotive environment. The event serves as a call to action for manufacturers to invest in cybersecurity, conduct thorough audits, and ensure the resilience of their systems against sophisticated cyber threats.#Pwn2Own #tesla #hacking #vulnerabilities

6

Big#Threatto#Tesla!!!#Researchersfrom the#Technical#Universityof#Berlinmanaged to#jailbreakthe#AMD-based infotainment systems used in new Tesla car models and make it run any software they choose. They even extracted the unique hardware-bound#RSAkey used for car#authenticationin Tesla's service network & managed to unlock paid features such as seat heating and acceleration boost.Tesla's infotainment APU is based on an AMD Zen 1 CPU, which is still#vulnerableto previously discovered#weaknesses.Full details will be published in an upcoming#BlackHat2023 presentation scheduled for August 9, 2023#infosec#informationsecurity#cybersecurity#vulnerabilitymanagement#automobile#TPRM#VRM#supplychainattacks

Clever … social engineering… Human ignorance of the risks is the most known vulnerability and main reason of systems compromise … we all have to keep ourselves aware regarding security risks, and spread awareness all over around us!Think twice before using keyless/remote unlock with cars … and avoid connecting to open WiFi hotspots… 😅Stay safe and informed ✌️Knowledge is power.

4