Tesla Model 3 Hack: Web-based attack crashes Tesla driver interface

Jeda - Top Tesla Accessories

nullze

Member
Joined
Apr 14, 2020
Messages
16
Location
USA
Country
Country
Tesla Owner
Model 3
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
 
  • Like
Reactions: 1 person

garsh

🐦🦆🦅🐧 🐓🦃🦉🦢🦜
Moderator 📌
TOO Supporting Member
Joined
Apr 4, 2016
Messages
15,543
Location
Pittsburgh PA
Country
Country
Tesla Owner
Model 3
Welcome nullze! :)

It's nice to see an article with correct titles instead of sensationalized titles.

Summary: nullze used a vulnerability found in Chromium that caused the browser to crash when accessing a specially-crafted web page. The browser process ends up using too many cpu cycles, causing the interface to become non-responsive. The MCU then reboots shortly after that.
 
Last edited:
  • Like
Reactions: 2 people

Frully

Top-Contributor 👍🏻
Joined
Aug 30, 2018
Messages
1,060
Location
Calgary, AB. Canada
Country
Country
Tesla Owner
Model 3
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
Thank you for white-hatting the hell out of it! Welcome


Edit:
" which allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen. "
It can disable blinker notifications, but from my experience of many many infotainment crashes - the turn signals still operate...just silently and without visual indication inside the car. I did have a strange mode where *something* made a blinker click sound while the infotainment was fully crashed/rebooting/off (while driving). It wasn't the usual sound and seemed to be some sort of backup system in case of computer failure.
 
Last edited:
  • Like
Reactions: 2 people

nullze

Member
Joined
Apr 14, 2020
Messages
16
Location
USA
Country
Country
Tesla Owner
Model 3
Thanks! Appreciate your kind words.

I believe you are right. The blinkers definitely do still work, but the notifications were disabled. As far as the vulnerability goes, I just wanted to make sure that there was no type of malicious advertising or some other way to sneak that code onto a page and just wreak havoc to Tesla owners on the road.

I am still doing more research on the car, so if anyone has any questions, I'll be happy to answer! I am also looking at the internal network of the car, so if anyone has made any progress there, I would love to chat with them.
 

bwilson4web

Top-Contributor 👍🏻
TOO Supporting Member
Joined
Mar 4, 2019
Messages
1,090
Location
Huntsville, AL
Country
Country
Tesla Owner
Model 3
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

From the article:
. . .
The security flaw in the driving interface of Tesla Model 3 vehicles is resolved in versions 2020.4.10 and above of the software.
. . .

I don't remember "2020.4.10" as a version.

Bob Wilson
 
Last edited:

iChris93

Moderator
Moderator 📌
TOO Supporting Member
Joined
Feb 3, 2017
Messages
3,608
Location
Albuquerque, NM
Country
Country
Tesla Owner
Model 3
  • Like
Reactions: 1 person