Lorenzo Franceschi-Bicchierai has a scoop at TechCrunch on the German kids breaking Tesla because it’s so unfortunately easy.
Christian Werling, one of the three students at Technische Universität Berlin who conducted the research along with another independent researcher, said that their attack requires physical access to the car, but that’s exactly the scenario where their jailbreak would be useful.
“We are not the evil outsider, but we’re actually the insider, we own the car,” Werling told TechCrunch in an interview ahead of the conference. “And we don’t want to pay these $300 for the rear heated seats.”
Ironically, maybe, the thing people like about the car (sloppy and fast, easily changed) is the thing they should hate about the car (compromised safety).
The problem with Tesla is their opaqueness. If they handed out instructions and encouraged right-to-repair and modding (let alone admitted software isn’t “eating” anything — hardware upgrades remain necessary and essential to safety), that would be an entirely different world.
The researchers said they were also able to extract personal information from the car such as contacts, recent calendar appointments, call logs, locations the car visited, Wi-Fi passwords and session tokens from email accounts, among others. This is data that could be attractive to people who don’t own that particular car, but still have physical access to it.
Mitigating the hardware-based attack that the researchers achieved is not simple. In fact, the researchers said, Tesla would have to replace the hardware in question.
The researchers here are actually underselling their findings with a distracting dramatic flair on the conference circuit, in order to make a big splash yet low personal risk.
Extract personal information? Enable heated seats?
They remind me how wolves prefer fishing to hunting.
Tesla hardware security is provably compromised, requiring an expensive update for safety. The “self-driving” and navigation features, or even worse, now have been seriously exposed in ways Tesla is likely in no position to manage properly.