Tesla Owners Online Forum banner
1 - 7 of 7 Posts

· Registered
Joined
·
17 Posts
Discussion Starter · #1 ·
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
 

· Super Moderator
Joined
·
17,742 Posts
Welcome nullze! :)

It's nice to see an article with correct titles instead of sensationalized titles.

Summary: nullze used a vulnerability found in Chromium that caused the browser to crash when accessing a specially-crafted web page. The browser process ends up using too many cpu cycles, causing the interface to become non-responsive. The MCU then reboots shortly after that.
 

· Registered
Joined
·
1,060 Posts
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
Thank you for white-hatting the hell out of it! Welcome

Edit:
" which allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen. "
It can disable blinker notifications, but from my experience of many many infotainment crashes - the turn signals still operate...just silently and without visual indication inside the car. I did have a strange mode where *something* made a blinker click sound while the infotainment was fully crashed/rebooting/off (while driving). It wasn't the usual sound and seemed to be some sort of backup system in case of computer failure.
 

· Registered
Joined
·
17 Posts
Discussion Starter · #4 ·
Thanks! Appreciate your kind words.

I believe you are right. The blinkers definitely do still work, but the notifications were disabled. As far as the vulnerability goes, I just wanted to make sure that there was no type of malicious advertising or some other way to sneak that code onto a page and just wreak havoc to Tesla owners on the road.

I am still doing more research on the car, so if anyone has any questions, I'll be happy to answer! I am also looking at the internal network of the car, so if anyone has made any progress there, I would love to chat with them.
 

· Super Moderator
Joined
·
17,742 Posts

· Premium Member
Joined
·
1,685 Posts
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface
From the article:
. . .
The security flaw in the driving interface of Tesla Model 3 vehicles is resolved in versions 2020.4.10 and above of the software.
. . .

I don't remember "2020.4.10" as a version.

Bob Wilson
 

· Super Moderator
Joined
·
4,868 Posts
  • Like
Reactions: nullze and garsh
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top