The Road Slightly More Traveled: Hacking The Tesla Model S
It was only a matter of time before a Tesla Model S was hacked, and what the hackers found and can do might surprise you.
Back in May of this year, a Tesla Motors Club forum user with the handle of nlc modified an ethernet cable, and was able to connect to the Model S’ computer system. Inside the network, nlc revealed a set of 3 peripherals broadcasting IP addresses in the 192.168.90.100 to 192.168.90.102 range and running a modified Linux backend; Center Console(100), Dashboard/NAV(101), and Unknown Device(102).
As one user explains “the unknown 3rd device is likely the gateway that controls access to the drivetrain components.” Another user claims that a local tech had mentioned previously that “the Ethernet port is the Model S’s diagnostic port like OBDII for other cars.” Should the latter be true, this could open up a number of Tesla diagnostic scanner and tuning aftermarkets.
As nlc found out though, Tesla seems to have a deep monitoring system in place. Almost three weeks after connecting the 4-pin cable, the user received a phone call from Tesla’s service center:
This evening I got a call from service center. They told me Tesla USA engineers seen a tentative of hacking on my car… I explained it was me because I tried to connect the diagnosis port to get some useful data (speed, power, etc…). They told me it can be related to industrial espionage and advised me to stop investigation, to not void the warranty.
Threats of voided warranty are no new occurrence in the hardware industry and users will ignore these threats in the search of customization and upgrades. By changing files, backgrounds can be changed and new themes can be installed over the Model S’ interface. In the weeks following the discovering, a user with the handle disharmony has managed to display a sideways Firefox browser running from his laptop using X11, an open-source windowing system.
Tesla has good reason for monitoring these systems. Modifications to the system could prove to be costly if hackers are able to find a way to unlock the 40kwh versions to hold a 60kwh charge (which are physically identical batteries limited by software). While these methods are only available with access to the cabin, if coupled with the security issues surrounding their login system, they could present a serious problem for consumers and Tesla’s reputation.
Custom backgrounds, service-level monitoring, third party apps and beyond will be the inevitable result of these discoveries but there are trade-offs. The service and support you receive under warranty can be invaluable when dealing with a highly advanced piece of equipment, such as the Model S. With access comes control and soon enough, true Tesla Model S customization will follow. Tesla is taking these matters seriously, as is evident by nlc’s warning and the recent hiring of Kristin Paget, the self-proclaimed “Princess Hacker” of former Apple and Microsoft fame.
Luckily for Tesla, the methods outline in this topic are not easily followed by the average scott jones(Tesla Motors Club user):
Anyone else read the entire thread, or most of it just to see if you’d start to understand it? Or maybe you were hoping some of the “smart” would rub off on you? Well I can say, I’m just as stupid as before! I think that 3rd pin or port thingy provides access to the Flux capacitor. If you all find it, let me know so I can go “back in time” to get back the hour I just lost.
Sources | Pictures: Tesla Motors Club