He even presented a weird scenario that could happen in a standalone future:
“Basically if someone could say hack all the standalone Teslas, they could say – I mean just like a prank – they could say ‘send them all to Rhode Island’ [laugh] – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.
What Musk knew the audience didn’t know was that Tesla got a taste of what was really going on a few months before his speech.
Le Big Tesla Hack
In 2017, Jason Hughes was already well known in the Tesla community under his alias WK057 on the forums.
He was an early member of the Tesla “root access” community, a group of Tesla owners who would hack their own cars to gain more control over them and even unlock new features.
At the time, Hughes was using his knowledge to tinker with salvaged Tesla vehicles and build off-grid energy storage systems and electric conversion kits.
He turned his hobby into a business selling Tesla parts from salvaged vehicles and building his own controllers to help people make cool projects out of those parts.
At the time, he was also using his experience working with Tesla vehicles and Tesla software to report vulnerabilities in the automaker’s systems.
The practice, known as whitehat hacking, was not its primary focus, but like most tech companies, Tesla has implemented a bug reporting system to reward people who find and report vulnerabilities.
He occasionally submitted bugs through this system.
After Tesla started giving customers access to more data on Supercharger stations, primarily the ability to see how many chargers were currently available in a specific charging station through its navigation app, Hughes decided to dig deep. and see if he could expose the data.
He told Electrek:
“I found a hole in the server side of this mechanism that allowed me to get data for every Supercharger in the world about once every few minutes. “
The hacker shared the data on the Tesla Motors Club forum, and the automaker was apparently not happy with it.
Someone who appeared to be working at Tesla posted anonymously about not wanting the data to be available.
Hughes replied that he would be happy to discuss it with them.
20 minutes later, he was on a conference call with the head of the Supercharger network and the head of software security at Tesla.
They kindly explained to him that they would prefer that he not share the data, which is technically accessible via vehicles. Hughes then agreed to stop scratching and sharing the Supercharger data.
After reporting his server exploit through Tesla’s bug reporting service, he received a reward of $ 5,000 for exposing the vulnerability.
With more experience now with Tesla’s servers and knowing their network wasn’t the most secure to say the least, he decided to go looking for more bug bounties.
After a few digs, he managed to find a bunch of little vulnerabilities.
The hacker told Electrek:
“I realized that some of these things could be chained together, the official term is bug chain, to have more access to other things on their network. Eventually I managed to access some sort of image repository of servers on their network, one of which was “Mothership”. “
Mothership is the name of Tesla’s home server used to communicate with its customer fleet.
Any kind of remote control or diagnostic information from the car to Tesla goes through ‘Mothership’.
After downloading and dissecting the data found in the repository, Hughes began using his car’s VPN connection to reach Mothership. It eventually landed on a developer’s network connection.
It was then that he found a bug in Mothership himself that allowed him to authenticate as if it came from any car in Tesla’s fleet.
All he needed was a vehicle’s VIN number, and he had access to all of these through Tesla’s ‘tesladex’ database through his full Mothership control, and he could get information on n ‘any car in the fleet and even send commands to those cars.
At the time, I gave Hughes the VIN number of my own Tesla Model S, and he was able to give me his exact location and any other information about my own vehicle.
It was at this point that Hughes decided to compile a bug report. Since he was already recently in contact with Tesla’s head of software security, who was Aaron Sigel at the time, he decided to email him directly with his findings.
It was a big deal.
A few minutes after receiving this email this Friday afternoon in March 2017, Sigel called Hughes.
At the time, Tesla’s autonomous capabilities were much more limited than the driver assistance features now found in Tesla’s autopilot and full autonomous driving packages.
Therefore, Hughes couldn’t really send Tesla cars around as the CEO of Tesla described it in a weird scenario a few months later, but he could “summon” them.
In 2016, Tesla released its Summon feature, which allows Tesla owners to remotely move their cars forward or backward a few tens of meters without anyone inside.
Until Tesla’s most recent ‘Smart Summon’ update, it was primarily used to get cars in and out of tight spaces and garages.
Over the phone, Hughes then asked Sigel to give him the VIN number of the Tesla vehicle closest to him. The hacker then “summoned” the car, which was in California, from its home in North Carolina.
At this point, Hughes joked that this bug report should be worth a brand new Tesla.
He didn’t end up getting a new Tesla, but the automaker did give him a special bug report reward of $ 50,000 – several times the maximum official bug reward limit:
Tesla used the information provided by Hughes to secure its network.
That Friday they ended up working overnight and managed to fix the main Mothership bug within hours.
After a few days, they fixed the entire chain of bugs that the hacker was exploiting to gain remote control of Tesla’s entire fleet.
Tesla cybersecurity today
The good news is that Tesla has since significantly increased its efforts to secure its network and overall cybersecurity.
The automaker increased its maximum payout per reported bug to $ 15,000 in 2018, and it strengthened its security team as well as its relationship with hackers by attending hacking conferences.
In recent years, Tesla has made its cars targets in the popular Pwn2Own hack competition.
David Lau, vice president of vehicle software at Tesla, recently commented on the effort:
We develop our cars with the highest safety standards in all respects, and our work with the safety research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments in partnerships with safety researchers to ensure that all Tesla owners continually benefit from the best minds. brightest in the community. We look forward to hearing about and honoring the great work of Pwn2Own so that we can continue to improve our products and our approach to designing intrinsically secure systems.
In addition, Tesla owners will soon get two-factor authentication for their Tesla account.
While this is a massive breach exposing a great vulnerability in Tesla’s network, it is also a good example of how important whitehat hackers are and for them to focus more on the auto industry as cars are becoming more and more connected.
Instances like this major breach actually put Tesla in a much better position in the industry.
The automaker’s products are fast becoming the exciting new thing that hackers can hack like the iPhone once was.
As long as the good guys like Jason do, it will help Tesla stay ahead of the bad guys and avoid the possible nightmarish scenario of autonomous vehicle attacks that Elon describes.
FTC: We use automatic income generating affiliate links. Plus.
Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.