Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Tesla. Show all posts
Vulnerabilities and Exploits
AI technology phishing Social Engineering Tesla Vulnerabilities and Exploits

Thinking of Stealing a Tesla? Just Use Flipper Zero

Thinking of Stealing a Tesla? Just Use Flipper Zero

Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.

Experts find an easy way to steal a Tesla

As Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off. 

This means that with a leaked email and a password, the owner could lose their Tesla car. The rise of AI technologies has increased phishing and social engineering attacks. As a responsible company, you must factor in such threats in your threat models. 

And it's not just Tesla. You'll be surprised to know cybersecurity experts have always cautioned about the use of keyless entry in the car industry, which often leaves modern cars at risk of being hacked.

Hash Tag Foolery

The problem isn't hacking- like breaking into software, it's a social engineering attack that tricks a car owner into handing over their information. Using a Flipper, the experts create a WiFi network called "Tesla Guest," the same name Tesla uses for its guest networks at service centers. After this, Mysk created a fake website resembling Tesla's login page. 

After this, it's a cakewalk. In this case, hackers broadcast networks around a charging station, where a bored driver might be looking to connect over WiFi. The owner (here, the victim) connects to the WiFi and fills in their username and password on the fake Tesla website. 

The hacker uses the provided login credentials and gains access to the real Tesla app, which prompts a two-factor authentication code. The victim puts the code into the fake site, and hackers get access to their account. 

Once you've trespassed into the Tesla app, you can create a "phone key" to unlock and control the car via Bluetooth using a smartphone. Congratulations, the car is yours!

Mysk has demonstrated the attack in a YouTube video

Tesla can fix the flaw easily but chooses not to

Mysk says that Tesla doesn't alert the owner if a new key is created, so the victim doesn't know they've been breached. And the bad guy doesn't have to steal the car right away, because the app shows the location of the car. 

The Tesla owner can charge the car and take it somewhere else, the thief just has to trace the location and steal it, without needing a physical card. Yes, it's that easy. 

Mysk tested the design flaw on his own Tesla and discovered he could easily create new phone keys without having access to the original key card. But Tesla has mentioned that's not possible in its owner manual

Tesla evades allegation

When Mysk informed Tesla about his findings, the company said it was all by design and "intended behaviour," underplaying the flaw. 

Mysk doesn't agree, stressing the design to pair a phone key is only made super easy at the cost of risking security. He argues that Tesla can easily fix this vulnerability by alerting users whenever a new phone key is created. 

But without any efforts from Tesla, the car owners might as well be sitting ducks. 

A sophisticated computer/machine doesn't always mean it's secure, the extra complex layers make us more vulnerable. Two decades back, all you needed to steal a car was getting a driver's key or hot-wiring the vehicle. But if your car key is a bundle of ones and zeroes, you must rethink the car's safety.


Read more »
Tesla Security
Automated Machine Automation autonomous vehicles Autonomous-Car Technology Cars Cyber Security Technology Tesla Tesla Security

GM Cruise Halts Driverless Operations

General Motors' Cruise unit has suspended all driverless operations following a recent ban in California, halting their ambitious plans for a nationwide robotaxi service.

The decision comes in response to a regulatory setback in California, a state known for its stringent rules regarding autonomous vehicle testing. The California Department of Motor Vehicles revoked Cruise's permit to operate its autonomous vehicles without a human safety driver on board, citing concerns about safety protocols and reporting procedures.

This move has forced GM Cruise to halt all of its driverless operations, effectively putting a pause on its plans to launch a commercial robotaxi service. The company had previously announced its intention to deploy a fleet of autonomous vehicles for ride-hailing purposes in San Francisco and other major cities.

The suspension of operations is a significant blow to GM Cruise, as it now faces a setback in the race to deploy fully autonomous vehicles for commercial use. Other companies in the autonomous vehicle space, including Waymo and Tesla, have been making strides in the development and deployment of their autonomous technologies.

The California ban highlights the challenges and complexities surrounding the regulation of autonomous vehicles. Striking the right balance between innovation and safety is crucial, and incidents or regulatory concerns can lead to significant delays in the deployment of this technology.

While GM Cruise has expressed its commitment to working closely with regulators to address their concerns, the current situation raises questions about the timeline for the widespread adoption of autonomous vehicles. It also emphasizes the need for a unified regulatory framework that can provide clear guidelines for the testing and deployment of autonomous technologies.

In the meantime, GM Cruise will need to reassess its strategy and potentially explore other avenues for testing and deploying its autonomous vehicles. The company has invested heavily in the development of this technology, and overcoming regulatory hurdles will be a crucial step in realizing its vision of a driverless future.

The halt to GM Cruise's driverless robotaxi operations is a clear reminder of the difficulties and unknowns associated with the advancement of autonomous car technology. The safe and effective use of this ground-breaking technology will depend on companies and regulators working together as the industry develops.

Read more »
Tesla Privacy
Camera Survellience Car Spy Elon Musk Privacy Tesla Tesla Privacy

‘Elon Musk’ Book Reveals: Musk Wanted to use Tesla Cameras to Surveille on Drivers


A recently published biography of Elon Musk by Walter Isaacson has revealed some interesting facts about Tesla, a popular revelation being the company’s approach to privacy and its rather controversial idea regarding an internal monitoring camera installed in their cars. 

It has been confirmed in the biography that Twitter’s CEO once suggested Tesla record video of drivers' on-wheel behaviour using the internal monitoring camera. His asserted goal was to use the footage as proof to shield Tesla from inquiries in the event of a crash. 

The book ‘Elon Musk’ stated that Elon Musk pushed for the usage of the internal monitoring camera to record footage of Tesla drivers at first without their awareness with the intention of using the footage as proof in investigations linked to the Autopilot ADAS. 

According to an excerpt from the book, Musk was convinced that one of the main reasons for accidents was bad drivers and not bad software. "At one meeting, he suggested using data collected from the car's cameras – one of which is inside the car and focused on the driver – to prove when there was driver error," the excerpt read.

However, several privacy concerns were raised, one of them being a woman citing legal assistance from the corporation and privacy concerns about the fact that Tesla could not link the selfie streams to specific vehicles, even if they were involved in accidents.

Apparently, Musk was not happy with the answer as according to Isaacson, the "concept of 'privacy teams' did not warm his heart[…]I am the decision-maker at this company, not the privacy team. I don't even know who they are. They are so private you never know who they are," Musk said during their meeting.

Musk then recommended that a pop-up could be used instead to tell people that if they used Full Self-Driving Beta, Tesla would collect data in the event of a crash. The woman nodded, noting that "as long as we are communicating it to customers, I think we're okay with that." The exchange is quite telling of the way Elon Musk runs his companies, and also of his stance on privacy.

The pop-ups are currently a feature in Tesla vehicles, where the company will use the data from internal cameras and notifications will be provided to the users with an option to either agree or disagree with Tesla in collecting their cabin camera data. It is important to note that Tesla has not yet used inside photos of cars to defend itself in court cases or government inquiries involving the Autopilot system.

Currently, Tesla is facing a class action lawsuit in terms of video privacy, following allegations that groups of Tesla employees privately share invasive videos and images, that were the recordings of customers’ car cameras between 2019 and 2022. Another lawsuit was filed in Illinois that focused particularly on the cabin camera.  

Read more »
Tesla
Artificial Inteligence Cyber Security Electric Vehicles Malicious actor Software Tesla

Tech Enthusiasts Discover New Frontiers in the Age of EVs

Electric vehicle (EV) technology is developing quickly, and a new group of tech aficionados called EV hackers is forming. These people want to investigate the latent possibilities of electric automobiles, not steal cars or undermine security systems. These creative minds have turned the world of EVs into a playground, adjusting performance and revealing hidden features.

The popularity of EVs has increased interest among tech-savvy people, according to a recent post on Wealth of Geeks. They view electric cars not only as a means of mobility but also as a cutting-edge technological marvel with limitless personalization options. The writer contends that "EVs represent a convergence of transportation and cutting-edge technology, and this fusion inevitably attracts hackers and tech enthusiasts."

The depth of potential within this subject was shown during an intriguing presentation at the Black Hat conference. The discussion, "Jailbreaking an Electric Vehicle: Or What It Means to Hotwire Tesla's X-Based Seat Heater," covered the intricate details of hacking electric vehicles' software. The presentation demonstrated the opportunity for personalization and modification inside the EV space without endorsing any unlawful activity.

Pushing the limits of EV technology is another area of current research at IIT CNR. Their efforts are directed toward bettering the performance and functionality of electric vehicles by comprehending and altering the underlying software. This study not only adds to the body of expanding knowledge in the area, but it also provides motivation for other tech aficionados.

Dr. Maria Rossi, a lead researcher at IIT CNR, emphasized, "Electric vehicles are not just cars; they are complex computer systems on wheels. There is so much potential to optimize and enhance their capabilities, and this is what drives our research."

While the idea of hacking may carry negative connotations, in the world of EVs, it simply means exploring the uncharted territories of electric vehicle technology. These enthusiasts are driven by a passion for innovation and a desire to unlock the full potential of electric vehicles.

Electric vehicles are developing into more than just a means of mobility; they are becoming a technological blank canvas for enthusiasts and hackers. The field of electric vehicles (EVs) is positioned for exciting breakthroughs in the years to come thanks to a growing community of researchers and enthusiasts.
Read more »
Tesla
CEO CyberCrime Cybersecurity Data Breach Data Privacy Concerns Elon Musk Tesla

Tesla Data Breach: 75,000 Users Affected Due to Insider Wrongdoing

 


There has been an investigation into a data breach that affected the car manufacturer Tesla earlier this year, which has ended up being the result of "insider wrongdoing", a data breach notification filed by Tesla has revealed.  

A notice filed with Maine’s Attorney General’s Office on Friday shed more light on Tesla’s May data breach, revealing that there was a massive theft of employee records and the company blamed “insider wrongdoing.” 

The affected individuals were notified by Tesla in a letter dated August 18 that laid out details about the problem. There was a letter from the company saying that the information that was leaked included the names and contact information of both current and former employees. Even though social security numbers were revealed, the letter did not mention them. 

In a large data breach that affected employees of more than 75,000 companies, Tesla has claimed that insider wrongdoing was responsible for the breach. It was confirmed by President Elon Musk, the owner of the electric car maker Tesla, that in a data breach notice that was filed with Maine's attorney general, two former employees had leaked more than 75,000 individuals' personal information to a foreign media outlet after a thorough investigation had been conducted. 

There were over 23,000 files within the data archive, and the data contained sensitive data that belonged not only to current but also to former employees of Telsa. There was data about employees' phone numbers, personal email addresses, and salaries, as well as bank information for their customers and confidential information about Tesla's production. As well as social security numbers, it also included some of Elon Musk, Tesla's CEO, who used social security numbers to operate the company.  

A further 2,400 complaints were also leaked from Tesla customers about their vehicles, which is part of the data revealed. On August 18, Tesla of America filed a data breach notice with the Maine Attorney General's office announcing a 75,735 employee data breach, which had been caused by a breach of security caused by “insider wrongdoing .” 

In its announcement, Tesla said that its investigation into the breach had revealed that two former Tesla employees tried to misappropriate the information by violating IT security policies and protecting the data as required by Tesla to gain entry to the report. Handelsplatt was allegedly the recipient of the data that had been shared by the former employees. 

Investigations and Lawsuits Following a Leak 


According to Tesla, two former employees are being sued for releasing the data and a court order has been issued that prevents them from using, accessing, or disseminating the data in the future. In its notice, Tesla said that it cooperated with law enforcement and external forensics experts to handle the investigation and would continue to take appropriate steps as needed in the future. 

A top German news organization, Handelsblatt, has confirmed that it received more than 100 GB of data from former Tesla employees over the last few weeks. This information was used as a basis for slamming Tesla for failing to adequately protect the personal information collected from customers, employees, and business partners, according to the news site. As reported by Handelsblatt newspaper, Musk's social security number was also included in the leak, which was made public by Bloomberg. 

A Tesla spokesperson confirmed that the data was shared with German newspaper Handelsblatt by two former employees. It says that it is "legally prohibited from inappropriately using the information" and says that it will not publish the information. 

There was a report in Handelsblatt in May that Tesla was affected by a "massive" data breach that revealed all sorts of information about Tesla employees, as well as complaints made by customers about their vehicles. 

There were approximately 23,000 files, including 100 gigabytes of confidential data, obtained by the publication dubbed the Tesla Files, which contained more than 23,000 internal Tesla documents. Among the personal information stolen were the details of Tesla employees, payment information from customers, production secrets, as well as complaints from customers about the features of Tesla's Full Self-Driving (FSD) car. 

Tesla's Data Privacy Concerns Continue to Mount 


In addition to the May incident, Tesla has had several privacy issues in the past. A letter sent in April by senators Edward J. Markey and Richard Blumenthal raised questions about Musk's handling of reports that employees had been sharing sensitive images captured by cameras in customers' vehicles between 2019 and 2022 and how the company handled them. Due to the content of the report, Tesla is now the subject of a class action lawsuit. 

Tesla workers were reported by Reuters in April to have shared sensitive images recorded by customer cars, but the details of this incident were kept under wraps. The reports stated that between 2019 and 2022, employees of the company shared images and videos that were captured by the cameras in their cars.
Read more »
X
CCDH CEO Cyberattacks CyberCrime Cybersecurity Facebook Socisl Media Technology Tesla Twitter X

Elon Musk's X Steps Up: Pledges Legal Funds for Workers Dealing with Unfair Bosses

 


In a recent interview, Elon Musk said that his company X social media platform, formerly known as Twitter, would cover members' legal bills and sue those whose jobs are unfairly treated by their employers for posting or liking something on the platform.  

There have been no further details shared by Musk about how "unfair treatment" by employers is viewed by him or how he will vet users seeking legal counsel. 

In a follow-up, he stated that the company would fund the legal fees regardless of how much they charge. However, there has not been any response from the company regarding who qualifies for legal support and how users will be screened for eligibility for legal support. 

Throughout the years, Facebook users, as well as celebrities and many other public figures, have faced controversy with their employers in the form of posts, likes, or reposts they have made while using the platform. 

As Musk announced earlier in the day, a fight between him and Matrix's CEO Mark Zuckerberg would also be streamed live on the microblogging platform, which is largely operated by Facebook. Two of the top tech titans had faced off against one another in a cage fight last month after both had accepted a challenge from the other. 

Musk has made a statement to the effect that the Zuck v Musk fight will be live-streamed on X and all proceeds will go to a charity for veterans. In late October, the tech billionaire shared a graph showing the latest count, and a statement that he had reached a new record for monthly users of X. 

X had reached 540 million users at the end of October, he added. It was reported in January by the Daily Wire that Kara Lynne, a streamer at a gaming company, was fired from her job for following the controversial X account "Libs of TikTok".

In the wake of organizational changes at the company and in an attempt to boost falling advertising revenue, the figures have come out and the company is going through restructuring. The Twitter logo was familiar for 17 years, but in July, Musk launched a new logo accompanied by a new name, renaming the social media platform to X and committing to building an "all-in-one app" rather than the existing blue bird logo.  

A few weeks ago, Musk stated that the platform has a negative cash flow because advertising revenues have dropped nearly 50 percent and the platform has a large amount of debt. Even though advertising revenues rose in June more than expected, the good news did not play out as expected. 

Many previously banned users have been allowed to rejoin since he has taken control of the company—including former President Donald Trump, for example. In addition, he has weakened the content moderation policies and fired a majority of the team responsible for overseeing hate speech/other forms of potentially harmful content on the site, as well as loosened up the rules regarding moderation. 

As Musk's commitment to free speech has been demonstrated, it has not been without consequences for those who exercise that right, as several journalists who wrote about Musk's organization were temporarily suspended by Musk, and an account that tracked his private jet's flight path using publicly available data was banned as well. 

Several reports indicate Musk also publicly fired an employee who criticized him on his platform and laid off colleagues who criticized him in private, but both actions were reportedly taken in response to criticism. There is an apparent presence of a "woke mind virus" in the minds of people that Musk campaigns against some social causes such as transgender rights since he launched his initial bid to acquire Twitter early last year and has shared several posts on social media. 

The CEO of Tesla, Elon Musk, also tweeted that "cis" and "cisgender" would now be considered slurs on the app, a change he announced back in June. There has been a rise in the number of employee terminations after employees post or publicly endorse offensive content on social media platforms, and this is not just for controversial activities that relate to social issues, but also for a wide range of other major reasons. 

The Californian tech worker Michelle Serna, who posted a video on TikTok while a meeting was taking place in the background, was fired from her company in May after posting the video online. Inadequate moderation of hate speech during recent months, the tycoon who purchased Twitter for $44 billion last October has seen the company's advertising business collapse, in part because the company did not moderate hate speech as it should have, and previously banned accounts have returned to the platform. 

According to Musk, his desire for free expression motivates his changes, and he has often lashed out at what he views as a threat posed to free expression caused by the shifting cultural sensibilities influencing technological advancement. CCDH, the non-profit organization focused on countering the spread of hate speech on the Internet, feels that the platform has flourished under the influence of hate speech.  This finding of the CCDH is disputed by X and he is suing the agency for its findings. 

Trump's Twitter account was reinstated by Musk in December, but it appears the former US president is yet to resume his use of Twitter. Several supporters of the ex-president tried unsuccessfully to overturn the results of the 2020 election by attacking the Capitol Building on January 6 of the following year, but he was banned from Twitter in early 2021 as a result of his role in the attack. A US media outlet reports that social media platform X recently reinstated Kanye West's account after he was suspended eight months ago when it was found that he posted an antisemitic comment.
Read more »
US safety officials
Elon Musk Fully Self-Driving function NHTSA Safety concerns Technology Tesla US safety officials

Tesla Recalls 363,000 Cars with 'Full Self-Driving' Function Following Safety Concerns


Reportedly, Tesla is updating its self-driving software in response to the US safety officials who raised concerns that it would ultimately enable drivers to exceed speed limits or cross past intersections dangerously. 

In order to address the issue, Tesla recalls its [approx.] 363,000 vehicles with their “Full Self-Driving” feature to monitor and fix how it behaves around intersections and adhere to posted speed limits.  

The recall was initiated as part of a larger investigation into Tesla's automated driving systems by U.S. safety regulators. Regulators had expressed doubts about how Tesla's system responded in four locations along roadways. 

According to a document published by the National Highway Traffic Safety Administration (NHTSA) on Thursday, Tesla will address the issues with an online software upgrade in the coming weeks. The document adds that although Tesla is doing the recall, it does not agree with the agency’s analysis of the issue. 

As per the NHTSA analysis, the system, being tested by around 400,000 Tesla owners on public roads, flags unsafe actions like driving straight through an intersection while in a turn-only lane, failing to stop completely at stop signs, and driving through an intersection during a yellow traffic light without taking proper precaution. 

Moreover, the document deems that the system does not satisfactorily respond to the transformation in speed limits or might not take into account the driver's adjustments to speed. "FSD beta software that allows a vehicle to exceed speed limits or travel through intersections in an unlawful or unpredictable manner increases the risk of a crash," the document says. 

A message was left Thursday urging a response from Tesla, which has shut down its media relations department. 

In addition to this, Tesla has received 18 warranty claims, supposedly caused by the software from May 2019 through September 12, 2022, pertaining to the issue. 

NHTSA said in a statement that it discovered the issue while conducting testing as part of an inquiry into "Full Self-Driving" and "Autopilot" software that performs some driving-related tasks. According to the NHTSA, "As required by law and after discussions with NHTSA, Tesla launched a recall to repair those defects." 

Despite the infamous claim by Tesla CEO Elon Musk that their “Full Self-Driving” vehicles do not require any human intervention in order to function, Tesla on its website, along with NHTSA confirms that the cars cannot drive themselves and that owners must always be prepared to intervene at all times.  

Read more »
Tesla
Cyber Security cybercriminals Cybersecurity Elon Musk Hacked Technology News Tesla

19-Year-Old Claims to Have Hacked Into More Than 25 Teslas

 

A 19-year-old hacker claims to have remotely opened the doors and windows of over 25 Tesla vehicles in 13 countries, as well as turned= on their radios, flash their headlights, and even start their engines and begin "keyless driving." David Colombo, who claims to be an IT specialist based in Germany, also claims to have been able to disable the vehicles' anti-theft systems and determine whether or not a driver is present. 

In a Monday tweet, Colombo claimed to have "complete remote control" of the Teslas, but later explained that he was never able to take over automobiles to "remotely manage steering or acceleration and braking." 

"Yes, I potentially could unlock the doors and start driving the affected Tesla’s," he tweeted. "No I cannot intervene with someone driving (other than starting music at max volume or flashing lights) and I also cannot drive these Tesla’s remotely." Colombo tweeted on Tuesday that his breach was "not a vulnerability in Tesla's system," but rather "it’s the owners faults."

Colombo stated on Twitter that he was able to disable Sentry Mode, an anti-theft feature in which a built-in camera functions as a de facto alarm system. When an alert is triggered, cameras begin filming in the area around the vehicle. The video is then streamed to the vehicle's owner via a mobile app. 

This is not the first time that a Tesla vehicle has been hacked. The Tesla Model X's Autopilot was hacked many times in 2020. In one case, Israeli researchers from Ben Gurion University deceived the car by flashing "phantom" images on a road, wall, or sign, leading it to brake suddenly or steer in the wrong way. A few months later, Wired reported that Lennert Wouters, a researcher at KU Leuven, "stole" a Tesla Model X in 90 seconds. 

Tesla CEO Elon Musk said last fall that he will cooperate with regulators to ensure that electric car drivers' personal data is safe from hackers. With the rapid rise of autonomous driving technology, data security in automobiles is causing more public worry than ever before, he said through remote hook-up at an electric vehicle conference in China. 

By 2025, an estimated 470 million automobiles will be linked to a computerized database, making them prime targets for cybercriminals. According to Tech Monitor, the automobile cybersecurity industry is predicted to be worth $4 billion by that same year.
Read more »
Tesla
Cyber Security Data Leak Full Self Driving Tesla

TESLA FSD Beta Software Leaked Days Before the Release of Version 10

 

Full Self Driving (FSD) beta software of the TESLA car has been leaked, and it is circulated in and around the network of hackers. 

This latest software upgrade of Tesla's Full Self-Driving (FSD) enables electric cars to operate virtually on both roads and streets in town. The most recent FSD version also allows for better navigation and quicker turns, roundabouts, and merges. It enables the driver to input a navigation system location. The car will try to convey the driver, who stays accountable and needs to be prepared to take control all of the time, to the place with proper monitoring.

CEO Elon Musk promised the US owners of Tesla that have bought the FSD package a wider release, while the release was repeatedly postponed it finally rolled out on the 12th of September with the Full Self-Driving Beta v10 software.

Elon Musk, CEO of the business termed this software upgrade "mind-blowing." Several early access fleet Tesla customers have also stated that FSD 10 beta is substantially superior to the outgoing version 9.2. 

Insiders aware of this situation told Electrek that Tesla FSD Beta binary firmware documents were leaked in the hacker community of Tesla. 

Root access is often referenced as the ability to connect into a website root account or be able to execute commands as a root, with a Linux-based system, like the working system Tesla. Certain hackers with Tesla cars have root access for viewing software upgrades from Tesla, including enabling unannounced or dormant functions. It has been acknowledged within this community that FSD Beta firmware has been running for quite a while, and one may run it in their vehicle having root access. 

They remained silent not to alert Tesla, however, a Ukrainian customer of the Tesla has shared the FSD Beta 8.2 video in his vehicle in Kiev, in which the Tesla software has still not been released. 

The software has indirectly been described as having slipped outside the internal Tesla testing program and early access. While this is an older version, Electrek was informed by insiders that the newer version of FSD Beta version 9 is also passed around. 

Electrek was further briefed by an insider that Tesla was only recently made aware of the FSD leak, even though it has been going on for a while. The very same insider claims that the root community endeavored because there is no other wrong purpose but to use it, to restrict the distribution of the firmware. There have been efforts to buy the leak too.
Read more »
Zero Click Exploit
CERT ConnMan Tesla Vulnerabilities and Exploits Zero Click Exploit

Tesla Car Hacked Remotely by Drone Via Zero-Click Exploit

 

Two researchers have shown how a Tesla and probably other cars can be remotely hacked without the involvement of the operator. 

Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris conducted research last year that led to this conclusion. The investigation was conducted for the Pwn2Own 2020 hacking competition, which offered a car and other substantial prizes for hacking a Tesla, but the results were later submitted to Tesla via its bug bounty programme after Pwn2Own organizers planned to temporarily exclude the automotive category due to the coronavirus pandemic. 

TBONE is an attack that includes exploitation of two vulnerabilities in ConnMan, an internet connection manager for embedded devices. An intruder may use these bugs to take complete control of Tesla's infotainment system without requiring any user interaction. 

A hacker who exploits the vulnerabilities may use the infotainment system to perform any normal user task. This involves things like opening doors, adjusting seat positions, playing music, regulating the air conditioning, and changing the steering and acceleration modes. 

The researchers explained, “However, this attack does not yield drive control of the car”. They presented how an intruder could use a drone to launch a Wi-Fi assault on a parked car and open its doors from up to 100 meters away (roughly 300 feet). The exploit, they said, worked on Tesla S, 3, X, and Y models. 

“Adding a privilege escalation exploit such as CVE-2021-3347 to TBONE would allow us to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car’s proximity. We did not want to weaponize this exploit into a worm, however,” Weinmann stated. 

Tesla apparently stopped using ConnMan after patching the vulnerabilities with an update released in October 2020. Intel was also notified because it was the original creator of ConnMan, but according to the researchers, the chipmaker believed it was not its responsibility. 

According to the researchers, the ConnMan component is commonly used in the automotive industry, suggesting that similar attacks may be launched against other vehicles as well. Weinmann and Schmotzle sought assistance from Germany's national CERT in informing potentially affected vendors, but it's uncertain if other manufacturers have responded to the researchers' findings. 

Earlier this year, the researchers presented their results at the CanSecWest meeting. A video of them using a drone to hack a Tesla is also included in the presentation. In recent years, several corporations' cybersecurity researchers have shown that a Tesla can be hacked, in most cases remotely.
Read more »
Verkada
Cyber Security Security Cameras Silicon Valley Tesla Verkada

A Massive Security Breach for the Silicon Valley Start-Up

 

Verkada, a Silicon Valley security start-up that gives cloud-based security camera services, has witnessed a massive security breach. Hackers accessed more than 150,000 of the organization's cameras, including cameras in Tesla processing plants and warehouses, Cloudflare offices, Equinox gyms, medical clinics, prisons, schools, police stations, and Verkada's own offices, Bloomberg reports. 

As indicated by Tillie Kottmann, one of the members of the international hacker collective that breached the system, the hack was intended to demonstrate how effectively the organization's surveillance cameras can be hacked. In addition to the live feeds, the group likewise professed to have had access to the full video archive of all of Verkada’s customers. In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what had all the earmarks of being eight hospital staff members tackling a man and pinning him to a bed. Halifax Health is highlighted on Verkada's public-facing site in a case study entitled: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.” 

In a statement to Bloomberg, a Verkada representative told: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this potential issue.” Following Bloomberg's request to Verkada, the group lost access to both the organization's live feeds and archives. 

The hack was relatively simple: the group figured out how to acquire "Super Admin"- level access to Verkada's system employing a username and password they found publicly on the internet. From that point onwards, they were able to access the entire company’s network, including root access to the cameras which, thus, permitted the group to access the internal networks of some of Verkada’s customers. 

The organization has likewise experienced harsh criticism in the past for allegations of sexism and discrimination after an incident in 2019, wherein a sales director utilized Verkada's office surveillance cameras to harass female associates by secretly photographing and posting pictures of them in a company Slack channel. Accordingly, Verkada's CEO offered individuals from the Slack channel a decision between leaving the organization or having their stock options cut.
Read more »
Tesla
Bitcoin cryptocurrency Technology Tesla

Bitcoin Surpasses $50,000 Mark For The First Time Ever

 

The cost of Bitcoin on Tuesday hopped above $50,000, carrying its year-to-date gain to 74%. Ongoing interest from Wall Street institutions has added to the momentum. Bitcoin rose by as much as 4.9%, to $50,547.70. The cryptocurrency at that point pared gains slightly, exchanging at $48,853.99 as of 9 a.m. ET. After ending last year with a fourth-quarter surge of 170% to around $29,000, Bitcoin token leaped to $40,000 seven days after the fact. It took just nearly a month and a half to breach the latest threshold, buoyed by endorsements from the likes of Paul Tudor Jones, Stan Druckenmiller, and Elon Musk. Bitcoin exchanged for a few cents for quite a long while after its introduction more than a decade ago. 

Tesla Inc's. declaration that it added $1.5 billion in Bitcoin to its balance sheet was the most noticeable recent impetus, sending the cost up 16% on Feb. 8, the greatest one-day acquire since the Covid-19 inspired financial markets volatility in March. Optimism grew after Mastercard Inc. furthermore, Bank of New York Mellon Corp. moved to make it simpler for clients to utilize cryptocurrencies, while Bloomberg reported on Saturday that Morgan Stanley may add Bitcoin to its rundown of possible bets. 

Sustained interest from organizations decidedly affects Bitcoin's value, pushing it on an upward bend. In December of 2020, it touched an all-time high crossing $24,000 in valuation. This was a 224% expansion from where it began its excursion toward the start of the year. By the start of 2021, BTC had leaped to a $40,000 valuation. In the second seven-day stretch of May 2020 Bitcoin saw its third halving occurred since its inception, in this way getting a further drop in its assessed future supply, Sumit Gupta, CEO, and Co-Founder, CoinDCX said. 

The interest from huge players has upheld the narrative that institutional investors are increasingly interested in Bitcoin. This conviction has been a critical driver of the bewildering rally in the cost of Bitcoin. It has likewise helped other cryptocurrencies, for example, ether, the coin on the Ethereum network. Its cost was roughly flat on Tuesday, at $1,793, in the wake of hitting a record high above $1,870 over the course of the weekend.
Read more »
Vulnerabilities and Exploits
Tesla Vulnerabilities and Exploits

Researchers Demonstrate Flaws In Tesla X Model By Hacking And Stealing It

 

For the third time, the Belgian research team's experts demonstrated by hacking Tesla's key fob, how anyone could easily access the car and steal it in no time. The new demonstration attack on Tesla reveals the existing vulnerabilities that Tesla still faces. It also shows security vulnerabilities in Tesla's "Keyless Entry System," one of the industry's most expensive electric vehicles. Experts at COIC (Computer Security and Industrial Cryptography) found significant security vulnerabilities in Tesla X's key fob technology. It is a small tech that allows a person to unlock a car automatically by pressing a button or just passing by. 

Ph.D. student Lennert Wouters, a member of the research team, previously demonstrated two hacks on the Tesla Model S, which also had keyless technology. The attack allowed Lennert to unlock the car and start it. Tesla is famous for selling the best 'state-of-the-art' electronic vehicles available in the market. The EVs (electronic vehicles) price range starts from $40,000 (for basic models) and goes above the $100,000 line for top model Tesla X. 

Tesla's Model X uses key fob technology with BLE (Bluetooth Low Energy) that interfaces with a smartphone application to gain keyless access into the car. It is where the flaws exist, said the researchers in a press release posted online about the attack. Besides this, BLE is becoming mainstream in key fobs to allow smartphones to interact with people. It was not the first when a Tesla model showed security flaws. In 2016, Chinese experts showed, by hacking Tesla models and breaking into the cars and controlling them. 

According to Lennert Wouters, "using a modified Electronic Control Unit (ECU), obtained from a salvage Tesla Model X, we were able to wirelessly (up to 5m distance) force key fobs to advertise themselves as connectable BLE devices. By reverse-engineering the Tesla Model X key fob, we discovered that the BLE interface allows for remote updates of the BLE chip's software. As this update mechanism was not properly secured, we could wirelessly compromise a key fob and take full control over it. Subsequently, we could obtain valid unlock messages to unlock the car later on".
Read more »
Tesla
malware Ransomware attack Tesla

How a loyal employee saved Tesla from a Russian 1 million malware attack


As Justin Richards said, "heroes can be found in the most unlikely places. Perhaps we all have it within us to do great things...", this tale of extortion, bribing, and planned attack brings out how a loyal employee saved Tesla from a 1 million malware attack.



In early August, an employee of Tesla was offered 1 million dollars to place an inside threat- a malware in Tesla's Newada factory; a conspiracy had it been successful could have cost the company millions. 

According to the US Justice Department indictment Egor Igorevich Kriuchkov, a 27-year-old Russian came to the United States in July and started messaging an employee of the sustainable technology company whom he had met years earlier. The employee, a Russian emigrant, and Kriuchkov met at a Reno area bar, and that's where the idea for infiltrating Tesla's network was first pitched to the employee. He would get $500,000 to open a malicious email or 1 million cash or Bitcoin for the incursion of malicious files via USB. 

 The employee though reported the miscreant to the company and soon the US Federal Bureau of Investigation got involved. The Investigation department and our unnamed employee worked out undercover to discover Kriuchkov's whole scheme where an inside threat would infiltrate the whole network with ransomware and if Tesla didn't pay the ransom- their data would be publicly released on the Internet.

 The conspirator Egor Igorevich Kriuchkov was arrested on 22 August, driving from Reno to Los Angeles where he was to catch a flight to flee the country, subsequently, after the arrest, he was presented to the court on Monday. Two other suspected conspirators have been identified as Kisa and Pasha (nicknames).

 Elon Musk, tweeted Thursday night "This is a serious attack", in response to Tesla's blog post. The attacker did confess that his gang has been working on similar attacks on other companies but the plan on Tesla could have been for more than money; it could have been a plan to obtain the high-end sustainable tech, manufacturing, and chemistry. The attack has not yet been revealed to be tied to the Russian Government.
Read more »
zero Day vulnerability
Pwn2Own Tesla zero Day vulnerability

Hackers won Tesla model 3 after hacking into their infotainment system



A group of hackers won $35000 and a Tesla model 3 car after they managed to crack into security systems at a hacking event held last week.

During the hacking competition Pwn2Own 2019 organized by  Trend Micro's "Zero Day Initiative (ZDI)", two hackers Amat Cama and Richard Zhu of team Fluoroacetate exposed a vulnerability in Tesla model 3.

According to a report by  Electrek on Saturday, the hackers attacked the infotainment system of the Tesla model 3 and exploited "JIT bug in the renderer" to take control of the system.
"Since launching our bug bounty programme in 2014, we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community," said David Lau, who is vice-president of vehicle software at Tesla.

So many bounty programs have been organized by the Tesla over the last four years to expose the vulnerabilities in the Tesla cars and have given thousands of dollars to hackers who have successfully found out the tweaks in the system.

David Lau, further added “We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle– we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems”






Read more »
Vulnerability
Hackers Tesla Vulnerability

Tesla Gives Away EV-Maker Model 3 Cars Along With a Hefty Cash Prize to Hackers



Amat Cama and Richard Zhu a team of hackers, who took part in the Pwn2Own 2019 hacking competition, organized by Trend Micro's "Zero Day Initiative (ZDI)" and exposed vulnerability in the vehicle's framework and bagged themselves an Electric Vehicle (EV) - maker Tesla Model 3 cars along with a cash prize of $35,000.

The hackers focused on the infotainment framework on the Tesla Model 3 and utilized a "JIT bug in the renderer" in order to take control of the framework.

In the course of recent years as a part of Tesla's bug bounty program, the company had given away thousands of dollars in remunerations to those hackers who successfully uncovered vulnerabilities in its frameworks and the EV maker was ' fairly quick ' to fix those vulnerabilities uncovered by white hat hackers.

David Lau, Vice President of Vehicle Software at Tesla says, "Since launching our bug bounty programme in 2014, we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community,"

He further adds, “We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle– we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems,”


Read more »
Subscribe to: Posts (Atom)