[HN Gopher] Tesla Model 3 Vulnerability - Disable Autopilot Noti...
___________________________________________________________________
Tesla Model 3 Vulnerability - Disable Autopilot Notifications,
Speedometer, etc.
Author : notRobot
Score : 50 points
Date : 2020-03-20 20:14 UTC (2 hours ago)
(HTM) web link (safekeepsecurity.com)
(TXT) w3m dump (safekeepsecurity.com)
| joeblau wrote:
| The MCU on my Model X has frozen a few times without visiting a
| website. I've had to forcefully restart my MCU at a stop sign
| twice since having it.
| tyfon wrote:
| I've had the FSD computer (HW3) freeze in my X once. The
| autopilot/TACC, gps location and even the wipersn which are
| controlled by this even if you're not using auto-wipers (deep
| rain), stopped working. I had to stop and power off the car for
| a few minutes to make it work again.
|
| Everything else was fine though so I think they have isolated
| the driving itself quite well.
|
| I've also had the MCU crash 2-3 times but the two finger salute
| always fixes it.
|
| My car is 8 months old so these events are quite rare.
| FriedPickles wrote:
| I don't believe that autopilot stopped functioning. In my
| experience autopilot functions fine even if the MCU crashes or
| reboots. And there's clearly an autopilot disengagement chime
| after the MCU freezes, probably caused by him manually
| disengaging autopilot.
| aloknnikhil wrote:
| I think he corrects himself in the disclosure.
|
| > Important Note: I stated in the video that this disables the
| autopilot functionality, but that is incorrect. This will only
| disable the notification to place pressure on the wheel. If you
| keep pressure on the wheel, AP will continue to function.
| FriedPickles wrote:
| Thanks, makes sense. Almost all autopilot functionality is
| preserved during MCU problems. The attention warning
| indicator (pressure on steering wheel needed) being one
| notable exception, but that's pretty benign.
| Klathmon wrote:
| Not only is autopilot functionality preserved, but there is
| a seperate speaker for alerts (like the "take over
| immediately" sound) as well for if the display MCU crashes.
| aloknnikhil wrote:
| So how does the rollout for Tesla updates work? Are there
| specific updates that are marked mandatory before you can drive
| the car? Wondering how these disclosures are avoided from being
| exploited when not all of the cars have the patch.
| jmtame wrote:
| They're not mandatory to drive. Tesla does silent over the air
| updates with important fixes since the car has data
| capabilities. Larger updates happen over WiFi.
| dbt00 wrote:
| There's no mandatory updates that I've seen. You get an alert
| that there's an update, and it shows up every time you put the
| car in Park. It prompts you to update now or schedule a time.
|
| You usually have to be in range of wifi to download updates,
| afaik.
| nuzzl wrote:
| Hey, it's the guy from the video. I worked with Tesla on this
| and we waited until a sufficient amount of vehicles had the
| patch before releasing it out. But if someone that acts
| maliciously, just releases it out without co-ordination with
| Tesla, that's a different ballgame. I would imagine they would
| roll it out ASAP.
| segfaultbuserr wrote:
| The car's low-level control is still functional as normal, it's
| just the user interface that crashes, disabling the main display,
| all readouts, and all notifications. Rebooting the UI can fix the
| problem (it will reset itself automatically after two minutes as
| well). So it's a security issue, but not that serious as the
| title may suggest otherwise.
|
| Still, apparently, a bad webpage with a loop of JavaScript that
| hangs the web browser can lead to a complete failure of the
| entire user interface, even disabling the speedometer, turn
| signal (only the notification, visual and sound, not the actual
| signal), and AutoPilot status. Still a red flag and not a sign of
| good engineering.
| TrumpMyGuns wrote:
| Body panels with insane gaps and light housings that allow
| moisture in were already signs of bad engineering. Tesla is a
| joke propped up by social media fanboys.
| [deleted]
| tyingq wrote:
| I'm surprised browsing the web isn't a separate, isolated process
| from the car's general ui.
| Someone1234 wrote:
| Some vehicle systems use a VNC compatible client for this.
| Essentially put the "web parts" into their own system entirely,
| even physically, and then project the results into a window on
| the "safe part" UI. If something bad happens the VNC server
| might crash and client lose connection, but that's the limit of
| the danger.
|
| I know around the time Carplay became popular several auto
| manufacturers were pushing this idea as a Carplay/Android Auto
| alternative implementation: glorified VNC. But I guess the data
| wasn't "rich" enough for some parties.
| nickodell wrote:
| Here's the vulnerability: <html>
| <script> var total = ""; for (var i = 0;
| i < 100000; i++) { total = total + i.toString();
| history.pushState(0, 0, total); } </script>
| </html>
| root_axis wrote:
| Pretty funny. There's a joke in there about running javascript
| in your car.
___________________________________________________________________
(page generated 2020-03-20 23:00 UTC)