# Tesla Model 3 Hack: Web-based attack crashes Tesla driver interface



## nullze (Apr 14, 2020)

Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.


----------



## garsh (Apr 4, 2016)

Welcome nullze! 

It's nice to see an article with correct titles instead of sensationalized titles.

Summary: nullze used a vulnerability found in Chromium that caused the browser to crash when accessing a specially-crafted web page. The browser process ends up using too many cpu cycles, causing the interface to become non-responsive. The MCU then reboots shortly after that.


----------



## Frully (Aug 30, 2018)

nullze said:


> Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.
> 
> Web-based attack crashes Tesla driver interface
> 
> ...


Thank you for white-hatting the hell out of it! Welcome

Edit: 
" which allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen. "
It can disable blinker notifications, but from my experience of many many infotainment crashes - the turn signals still operate...just silently and without visual indication inside the car. I did have a strange mode where *something* made a blinker click sound while the infotainment was fully crashed/rebooting/off (while driving). It wasn't the usual sound and seemed to be some sort of backup system in case of computer failure.


----------



## nullze (Apr 14, 2020)

Thanks! Appreciate your kind words. 

I believe you are right. The blinkers definitely do still work, but the notifications were disabled. As far as the vulnerability goes, I just wanted to make sure that there was no type of malicious advertising or some other way to sneak that code onto a page and just wreak havoc to Tesla owners on the road. 

I am still doing more research on the car, so if anyone has any questions, I'll be happy to answer! I am also looking at the internal network of the car, so if anyone has made any progress there, I would love to chat with them.


----------



## garsh (Apr 4, 2016)

nullze said:


> I am also looking at the internal network of the car, so if anyone has made any progress there, I would love to chat with them.


Have you read through this thread yet?

https://teslaownersonline.com/threads/diagnostic-port-and-data-access.7502/


----------



## bwilson4web (Mar 4, 2019)

nullze said:


> Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.
> 
> Web-based attack crashes Tesla driver interface


From the article:
​_. . ._​_The security flaw in the driving interface of Tesla Model 3 vehicles is resolved in versions 2020.4.10 and above of the software._​_. . ._​
I don't remember "2020.4.10" as a version.

Bob Wilson


----------



## iChris93 (Feb 3, 2017)

bwilson4web said:


> From the article:
> ​_. . ._​_The security flaw in the driving interface of Tesla Model 3 vehicles is resolved in versions 2020.4.10 and above of the software._​_. . ._​
> I don't remember "2020.4.10" as a version.
> 
> Bob Wilson


It existed

https://teslaownersonline.com/threads/software-build-v10-2-2020-4-10-e7c122b43d2b-2020-02-14.15538/


----------

