Tesla Model 3 Hack: Web-based attack crashes Tesla driver interface

  • SUPPORT THE SITE AND ENJOY A PREMIUM EXPERIENCE!
    Welcome to Tesla Owners Online, five years young! For a low subscription fee, you will receive access to more features on the site. We now offer yearly memberships too! For more information visit this page:
    https://teslaownersonline.com/account/upgrades

    SUBSCRIBE TO OUR YOUTUBE CHANNEL!
    Did you know we have a YouTube channel that's all about Tesla? Lots of Tesla information, fun, vlogs, product reviews, and a weekly Tesla Owners Online Podcast as well!

help_balance_thegrid_with_evdotenergy

nullze

New Member
Joined
Apr 14, 2020
Messages
4
Location
USA
Country
Country
Tesla Owner
Model 3
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
 
  • Like
Reactions: 1 person

garsh

Dis Member
Moderator
TOO Supporting Member
Joined
Apr 4, 2016
Messages
14,930
Location
Pittsburgh PA
Country
Country
Tesla Owner
Model 3
Welcome nullze! :)

It's nice to see an article with correct titles instead of sensationalized titles.

Summary: nullze used a vulnerability found in Chromium that caused the browser to crash when accessing a specially-crafted web page. The browser process ends up using too many cpu cycles, causing the interface to become non-responsive. The MCU then reboots shortly after that.
 
Last edited:
  • Like
Reactions: 2 people

Frully

Top-Contributor
Joined
Aug 30, 2018
Messages
1,061
Location
Calgary, AB. Canada
Country
Country
Tesla Owner
Model 3
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
Thank you for white-hatting the hell out of it! Welcome


Edit:
" which allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen. "
It can disable blinker notifications, but from my experience of many many infotainment crashes - the turn signals still operate...just silently and without visual indication inside the car. I did have a strange mode where *something* made a blinker click sound while the infotainment was fully crashed/rebooting/off (while driving). It wasn't the usual sound and seemed to be some sort of backup system in case of computer failure.
 
Last edited:
  • Like
Reactions: 2 people

nullze

New Member
Joined
Apr 14, 2020
Messages
4
Location
USA
Country
Country
Tesla Owner
Model 3
Thanks! Appreciate your kind words.

I believe you are right. The blinkers definitely do still work, but the notifications were disabled. As far as the vulnerability goes, I just wanted to make sure that there was no type of malicious advertising or some other way to sneak that code onto a page and just wreak havoc to Tesla owners on the road.

I am still doing more research on the car, so if anyone has any questions, I'll be happy to answer! I am also looking at the internal network of the car, so if anyone has made any progress there, I would love to chat with them.
 

bwilson4web

Top-Contributor
TOO Supporting Member
Joined
Mar 4, 2019
Messages
998
Location
Huntsville, AL
Country
Country
Tesla Owner
Model 3
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

From the article:
. . .
The security flaw in the driving interface of Tesla Model 3 vehicles is resolved in versions 2020.4.10 and above of the software.
. . .

I don't remember "2020.4.10" as a version.

Bob Wilson
 
Last edited:

iChris93

Moderator
Moderator
TOO Supporting Member
Joined
Feb 3, 2017
Messages
3,315
Location
Albuquerque, NM
Country
Country
Tesla Owner
Model 3
  • Like
Reactions: 1 person

About us

  • Tesla Owners Online © 2015-2021. All rights reserved.
    Tesla Owners Online (TOO) is an enthusiast forum and is not affiliated with Tesla Motors or Official Tesla Owners Clubs.
    All Tesla logos are trademarks or registered trademarks of Tesla Motors.