Tesla engineers detected the intrusion and immediately warned the “hackers”
Tesla is without doubt one of the smartest cars around, so it’s unsurprising that many tech savvy people are trying to explore what’s under the hood of all those computer systems.Drag Times reports that some Tesla Model S owners have identified a 4-pin connector on the car’s dashboard. After analyzing it, they’ve found that it’s actually a disguised Ethernet networking port that gives them access to the network that power’s the car’s communications.
Once they’ve managed to figure out how to connect to the port, – they first had to figure out which wire goes where because it wasn’t a standard Ethernet port – they gained access to the Ethernet network.
They’ve found that Tesla Model S’s network is running at 100 Mbps and it includes three devices, each assigned a different IP address. The IP addresses are assigned to the dashboard screen, the center console and an unidentified device.
The experts have uncovered a number of ports and services, including SSH, telnet, HTTP, NFS, X11 and rpcbind. Apparently, a modified version of Ubuntu is used as the operating system.
Port 80 (HTTP) is normally being used to display a web page containing an image and information on the song that’s being played, but the individuals who hacked into the system have managed to run the Firefox web browser on the 17’’ display.
Interestingly, the Model S owners in question received a warning from Tesla engineered after they fiddled around with the car’s computer system. The message said that a hacking attempt on the car was detected and that it might be related to “industrial espionage.” The “hackers” were advised to stop their investigation not to void the vehicle’s warranty.
Over the past months, Tesla has been taking steps to make sure its vehicles are secure. In February, the company hired Kristin Paget, a world-class security expert.
In late March, a security researcher demonstrated at the Black Hat Asia conference that the doors on Tesla cars could be unlocked by anyone who knew the password used by the owner to access his online account.
The online account enables owners to control certain functions of the vehicle from their iPhones, including locking and unlocking the doors, honking the horn and changing the car’s status.
Another problem is with the REST API, which can be used to query the location of the vehicle. Someone with the password to the online account can track down the vehicle, unlock it, and steal the valuables found inside.