Vulnerabilities in the Tesla network made it possible to seize control of the car

NEWS_BOT

Статус
Offline
Joined
5/18/20
Messages
182
Reaction score
0
Through the Tesla infrastructure, it was possible to obtain superuser rights on the information system of any car.

Security researcher Jason Hughes has revealed details of vulnerabilities in Tesla networks that, when exploited, could completely compromise the infrastructure that interacts with consumer cars. The detected problems allowed the attacker to gain access to the server, which provides communication with cars and sending commands through a mobile application.

The attacker was able, through the Tesla infrastructure, to obtain superuser rights on the information system of any car or remotely send control commands to the vehicle. The specialist could send commands to the car such as starting the engine and unlocking the doors. To gain access, all that was required was knowledge of the VIN number of the victim's car.

The problems were related to a set of tools offered for download from toolbox.teslamotors.com. Tesla car users with accounts on the site could download all the developer modules, but the latter were poorly protected, and the encryption keys were provided by the same server.

The expert discovered embedded credentials in the module code for various Tesla services on the company’s internal network, which is accessed via VPN. The code also contained the user credentials of one of the hosts in the dev.teslamotors.com subdomain on the internal network.

The compromised server turned out to be a cluster management node and was responsible for delivering applications to other servers. Upon authorization to the specified host, the specialist received part of the source texts of internal Tesla services, including mothership.vn and firmware.vn, which are responsible for transmitting commands to customer cars and delivering firmware. Passwords and logins for accessing the PostgreSQL and MySQL database management systems were also found on the server. As it turned out, access to most of the components could be obtained without credentials; you just need to send an HTTP request to the Web API from the subnet accessible to clients.

The researcher discovered the problems in early 2017. He reported his findings to Tesla, but made this information public only three and a half years later. Tesla immediately fixed the problems and radically strengthened the protection of its infrastructure, and paid the researcher a reward of $50 thousand.
 
Top