DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
ฝัง
- เผยแพร่เมื่อ 12 ต.ค. 2024
- The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data that this connected car collects and what Tesla does with this telemetry. We will also be releasing a tool that will enable Tesla Model S owners to view and analyse that telemetry in real time. Finally we will also be releasing several 0day vulnerabilities that will allow you to hack a Tesla Model S yourself - both locally and remotely. Note - only one of the 6 vulnerabilities we will discuss and release has been fixed. Disclaimer: With great access comes great responsibility - In other words we are not responsible for any Tesla Model S bricked by over enthusiastic attendees of this talk :)
Speaker Bios:
Marc Rogers aka Cyberjunky has been a prominent member of the hacking scene since the 80’s. Some of his most notable achievements are co-founding the notorious British hacker group, “The Agents of a Hostile Power” and his role in creating and appearing in the award winning BBC TV series “The Real Hustle”. Marc’s professional career spans more than twenty years, including a decade managing security for the UK operator Vodafone. Marc is currently the principal security researcher for web optimization and security company “CloudFlare. As well as his work in the infosec and telecoms industries, Marc has also been a CISO in South Korea and co-founder of a disruptive Bay Area start-up. Some of Marc’s notable recent hacks include Google Glass, Apple TouchID and most recently the Tesla Model S.
Kevin is an entrepreneur and technologist with a background in mobile and web technology, security, and privacy. He is the CTO of Lookout, a company dedicated making the world a safer place as it becomes more connected, starting with smartphones and tablets. He co-founded Lookout in 2007 and is responsible for driving Lookout’s technology to protect people from current and future threats while keeping the product simple and easy to use. He started building software when he was 8 years old and it has been a love affair ever since. Kevin is a frequent speaker on security, privacy, mobile, and other topics.
It's cool to see a Defcon talk about a company using pretty good security practices.
boring
not boring! I agree
the beeping sound trolled me so hard in the beginning lol
i watched this whole video and i have no idea whats happening but this is still so cool
ok they explain that sound a minute in
haha, was wondering the same thing
mrebus what is it
shit I started looking for my phone.
Very interesting I really liked it how they explained everything! Good job! :)
LOL for a minute there I thought Tesla hired Captain America (Chris Evans the actor) as their new head of security :D
Really impressed by the talk, by what Tesla's done right and got some good laughs out of this too--thanks :)
brand new defcon nerd here
Say what you will about elon musk, he's nuts for trying to build a city on mars, he's a terrible speaker etc, but the man really knows how to set up companies that get shit done.
He does know what a run-on sentence is. Can we get more commas please?
ni....hahaha, great easter egg!
awesome talk
amazing talk, wonder what could another team find now
🤔yawn, I would have been impressed if you would have made mcu1's browser work properly.
can that beep be more awsome????
Can we please not encrypt the internals.
Captain America was hired for tesla lol
Marc Rogers holds a mic like Carlos Matos from Bitcoinnect :)
Plain text "tesla1" password? Somebody is going to look for a job at Apple now ;)
+Groaznic To be clear, the password is not tesla1. That's the account name. But maybe you knew that.
27:36
I'm interested in writing a tool which scans for files of these types. Any chance someone has a more extensive list of filetypes which contain remote tracking data like those in the video?
This car is a security tank on wheels.
Anybody knows what's the website he shows at minute 14:44?
trac.webkit.org/browser/tags/Safari-534.34
Does this remind anyone of....Watch Dogs?
What's the game in the minute 3:49?
lemmings
Lemmings, the guy literally says it
Why hackers use OS X not Windows? Enlighten me.
+Apple Pro presumably because OS X is based on Unix?
Edit: I'm pretty sure theyre usin some version of linux (probably just a terminal emulator on android)
+Apple Pro they use ubuntu or something similar if im not mistaken
+christian stevens they use kali linux look it up :D
Oskar Martin they don't only use kali for this kind of stuff and ubuntu and kali are not that different at all they are both based on debian
+Apple Pro You can install almost any os on mac, but you can't install osx on windows at least easily
They will give you a model 3 if you hack it!
I hate it when stuff has to patch every other day. I hope that doesn't happen with cars.
FdtTm4OJH3KPXQF 047M7629Mk41hIE The Tesla's only get patches when connected to wifi, and typically do it at night
Tesla is really premature in many ways. Tesla conceptually has stretched beyond the market carrying capacity. Now way in the future will they all be EV. The grid cannot handle this, and they were supposed to ease into something else like Hydrogen which is more sustainable. Smart grid and auto updates create massive at scale issues with the newer versions of that story. Once very early on this could have worked but where we are now this will not work. Certain groups live to ruin plans and ideas.
I hear Tesla's drive system is decent along with build quality. Built mostly in CAD and has advanced robotic assembly. Which is good, however most of that has been trashed by the all EV model. The going to Mars is now a fricking joke. Along with many other things.
I do not expect Tesla to survive. I expect them to be taken to pieces for batteries, manufacturing, and drive system designs. I expect their software, automation, etc. to be tossed completely.
46:16
so elon isn't as smart as we all thought then.
We all know from your comment he's got you beat.
dir works in linux
"GIF" is pronounced "jif".
"Um" is not a very good way to start a sentence - let alone, *every* sentence. Still, interesting presentation.