Friday, September 18, 2015

Cracking Tesla mysterious hackers are how to do it

"Editor's note" author is a listed company, senior security specialist, dedicated safety information deep throat

This article information from security me talk about Tesla Motors, some would say, Tesla Motors and several more security than before, jumping is too big, how shall I think of this?

Google's Project Zero program as mentioned earlier, and relatively recent burst of a message is the head of Google's Project Zero Chris Evans left to lead the Tesla motor vehicle safety, so the brain hole, wanted to talk about Tesla.

Tesla the poaching is due in August on the DEFCON, Lookout security company kaiwen·mahafei (Kevin Mahaffey) and mark Rodgers (Marc Rogers) issue, this topic explains how they hack into Tesla Motors.

Lookout company blog released a detailed technical document of cracking Tesla, interested can look at.

They are from the browser, Bluetooth, USB port, SD card interface, WiFi hotspot, unknown hardware connection 6 levels penetration testing of security, I will not do full-time English translator, pick useful information for analysis.

Two buddies balabala a bunch of failed test, which is an interesting browser this entry:

They found one Tesla is webkit browser kernel, version is 534.34 and managed to crash it, but could not find a suitable methodology to bypass memory protection measures such as DEP and gave up.

Interestingly Tesla this entrance was keen 2014 team attack, CVE is CVE-2014-1303,keen of this mark is using that vulnerability lay in Pwn2Own 2014 the Apple browser, so first find out the loopholes in the Tesla is keenteam.

After the other go no, these two guys had to remove the car, found the Ethernet interface, Ethernet interface, students should have a smile of the do cable, do you remember Crystal head approach of the wire, crossing lines of parallel lines, orange white Orange green white blue blue white green brown white brown.

Connect the network cable to your router, you can enter the car's internal network security testing, balabala found many control packet of instructions, to get a firmware upgrade. Marc Jacobs Galaxy S4 case

Marc Jacobs Galaxy S4 Dog Silicone Case Pink

Firmware found after a reverse has a hard-coded in the firmware hotspot wifi WPA key and find out this is for Tesla Service Center, car service center, you can active WiFi hotspot services related to the use of the link service center.

So the two brothers finally found really useful remote entry, a hacker could construct a malicious same password WiFi hotspot until after Tesla even to get into the car's internal network, access to Tesla Motors internal services. But control over key internal service control cars, still needs to be physical hardware interface real-time access to relevant links inside the car keys and data in order to control related services.

So it's not a very successful crack, only physical intrusion cannot be ranged attacks, but buddy's selfless sharing for all of Tesla's security investigation based on the possible paths.

In addition to keenteam Lookout and rigid-Flex cracking Tesla technique, there are other dimensions of black, such as Tesla's wireless key wireless protocol crack app password brute force broker-friendly and hijacking, which is not saying in this article.

Hope my information can provide information more symmetrical, Tesla Motors is not something people want to run the four-wheeled mobile phone so simple, as manufacturers pay more attention to security, I want to crack the way more and more narrow. Marc Jacobs Samsung Galaxy S4 case

1270 votes

Tesla Model s-P85D

P85D Tesla MODEL s is Tesla sells cars in the fastest and most expensive, in terms of appearance and the remaining few models did not much change, the main change is to drive and battery capacity. MODEL s-P85D, 691 peak horsepower BHP, four wheel drive, 0-96 km/h in 3.2 seconds.

View details of the voting >>

No comments:

Post a Comment