Tesla's launch in the automotive industry, just like Apple in the mobile phone industry, are products of certain epoch-making significance. After the evolution of core components of automobiles from traditional mechanical structures to software definition, software and cybersecurity have become important issues.
Recently, a 19-year-old young man in Germany successfully "invaded" 25 Tesla cars in 13 countries by using third-party programs used by Tesla vehicles. The 19-year-old released very little information on the Internet, and no specific disclosure was made of where the 13 countries were and what models were invaded.
What is the reason for this time that Tesla is back in the topic of being "hacked" by hackers?
These 25 Teslas, what is the problem?
On January 11 of this year, a 19-year-old hacker publicly stated online that he had successfully "hacked" 25 Tesla cars and was able to achieve remote control of the vehicles. This time the hackers can remotely control the features, including the following points:
Disable sentry mode, after the shutdown of the vehicle will stop monitoring the surrounding environment;
Start keyless driving, open doors and windows;
When driving, you can flash lights and play music/video content in the car;
Check the exact location of the vehicle and check if there are any people in the car.
Although only 25 Tesla cars were invaded, the number is not large, but the above functions are enough to pose a certain threat to vehicles and personnel. But the hacker also said that he could not achieve true "full control" of the invading vehicles, that is, he could not drive these vehicles through remote control and did not constitute an intrusion into the driving domain. Focusing on several information points, the hackers claimed that vehicles were hacked through third-party applications, and most of the vehicles invaded had 2FA (two-factor authentication, token) functions. Subsequently, tesla Tesla App manufacturers updated the verification tokens distributed by Tesla.
Tesla launched a two-factor authentication feature in October 2020, and users need to enter a Tesla account to use a third-party authenticator to activate the feature. There are three existing settings, namely mobile device settings, desktop QR code settings, and security key settings. Of the 25 Teslas that were hacked this time, the problem seems to be here.
So, what is the logic of two-factor authentication?
Two-factor authentication adds another layer of verification layer on top of the original account + password method, but the industry does not have a fixed way for how to increase this verification layer. The common practice in China is to issue a string of verification codes in the form of text messages, while foreign countries will basically do it through Google and Microsoft's authenticators.
The traditional one-fold authentication is the combination of account number + password, and this information is fixed; the advantage of two-factor authentication is that the verification code is dynamic and irregular, which is relatively more secure. General two-factor authentication uses the TOTP algorithm, the underlying logic of the algorithm is to keep the Key unchanged every 30 seconds or so to generate a different 6-digit password.
If hacked, it is likely to be a vulnerability in the TOTP algorithm of Tesla's two-way authenticator third-party vendor, and the specific hacker has not been specifically announced on the network. However, the only thing that can bypass the encryption processing of this layer of two-layer authentication can only start from the underlying algorithm.
The encryption process of two-factor authentication is not new, and Tesla only added this feature at the end of 2020, and there are already a variety of means to bypass two-factor authentication to control the control behind it. Another question, why are there only 25 Teslas? The only explanation is that the hacker did not have access to the core database of user resources.
Is the vulnerability only on Tesla two-factor authentication?
In fact, the incident of Tesla being hacked has been common in recent years. The problem focuses on vulnerabilities in charging piles, core servers, and owner apps. Several events since 2017, including:
Discovering a core server vulnerability in 2017, hackers accessed the server image database in Tesla's network, causing user information leakage and enabling remote vehicle control. After entering the vehicle VIN code, hackers can query the vehicle's location, remaining battery life, configuration, and personal privacy information, and can also control the doors, windows, front/trunk, and vehicle air conditioning;
An incident that occurred in 2020, a bug in the owner's app. On the app, the owner can control Tesla vehicles far away in Europe, unlock the doors, open the windows, turn on the air conditioner, and so on.
The first problem we can boil down to is the remote control function of the owner app, and the core server has a vulnerability car owner information is made public. The second problem comes down to a bug in the owner's app's system that gives the owner control over a Tesla vehicle in Europe. After the second incident, in October of the same year, Tesla released the function of two-factor authentication for car owners.
But in early 2022, the same kind of incident re-emerged, and it was also the first incident after two-factor verification when hackers hacked and took control of vehicles. The function realized after this intrusion is still the operation of the basic control function of the vehicle, and there is no substantive intervention in the driving function of the vehicle.
Similarly, we can see two problems, one car owner App itself is not stable enough, there have been loopholes, BUGs; two Tesla later set up dual identity authentication also has loopholes, allowing hackers to bypass the vehicle after control. But it can also reflect the problem that on tesla models that are very digital, intruders can only have simple control over the vehicle, and do not have the authority to control driving, FSD and Autopilot.
So, is Tesla still safe?
Regarding the answer to the subtitle, Tesla is still safe. We can conclude from several hacking incidents that hackers have and only have control/access to vehicle doors and windows, sound systems, lighting systems, interior data, and location information.
Again, hackers cannot actually drive/control vehicles even if they hack remotely. In fact, the 25 Teslas that were hacked this time, combing through the intrusion process should be to obtain user information - bypass two-factor authentication - to obtain the same control permissions as the owner's App. Because the above functions are given the label of "remote control", and because of remoteness, the above functions have the right to be controlled by hackers.
Now all remote control and data exchange on the vehicle need to rely on the CAN bus, such as car navigation, remote start and other functions, the CAN bus is like a main line in series of these functions. However, with the development of mobile devices and Internet of Vehicles technology, these functions are gathered on the smart terminal of mobile phones, and the cost of convenience is to reduce the security of the original CAN bus.
Simply put, mobile devices connected to the CAN bus will not put any pressure on the control function, but may become a breakthrough for hacking. Once invaded, reverse engineering is used to find the entrance to various functions of vehicle control, so as to form a control over the vehicle, but the only thing that appears on Tesla models is the audio-visual entertainment system and the control of doors, windows, and lights.
The reason why there is no control over the power, steering, braking and other aspects of Tesla vehicles is that after the realization of new electronic appliances, the functions of CAN bus access are mainly intelligent cockpit domain and body function domain, and there is no access to power, chassis and auxiliary driving, and there is no "entrance" for hackers Even after invading the cockpit domain and body function domain, it cannot be reverse engineered to several other functional domains.
summary
In the face of increasingly digital automotive products, they are also facing the problem of being hacked. However, the premise of hacking must be remote, which is also the limitation of being invaded, that is, why it can only be controlled for the basic functions of the vehicle, rather than really driving it.
So, is Tesla still safe? Standing on the premise of whether it can cause personal safety, it is safe, at least after being invaded, it will not bring power and brake problems. Standing on the risk of vehicle theft is not safe enough, hackers can unlock it remotely and can locate it, which means that strangers can get your car keys, but whether you can get in and drive the car away is another matter.