Tesla Owners Online Forum banner
Cancel

Tesla Model 3 Hack: Web-based attack crashes Tesla driver interface

Tags
browser display bug model 3 software bug tesla tesla model 3 hack
Jump to Latest Follow
1 - 7 of 7 Posts
nullze

· Registered
Joined
·
17 Posts
Discussion Starter · #1 ·
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
 
garsh

· Super Moderator
Joined
·
17,742 Posts
#2 · (Edited)
Welcome nullze! :)

It's nice to see an article with correct titles instead of sensationalized titles.

Summary: nullze used a vulnerability found in Chromium that caused the browser to crash when accessing a specially-crafted web page. The browser process ends up using too many cpu cycles, causing the interface to become non-responsive. The MCU then reboots shortly after that.
 
Frully

· Registered
Joined
·
1,060 Posts
#3 · (Edited)
nullze said:
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface

I have been waiting to share this bug for a while. I have always been a long time lurker and I guess this is me coming out of my cave lol. I have been doing a lot of research on the Tesla Model 3 and wanted to start collaborating with some other folks here on the forums since you all are very knowledgeable on the cars and the internals.

I am sure I need to participate more in the threads, but I just wanted to introduce myself to the Tesla community. I absolutely love my Model 3, so its comforting that I can go to sleep knowing how difficult it is to hack.

I have a write-up on this Tesla Model 3 hack here, so if you want a bit more information on what I have found during this investigation, please feel free to look.

Tesla Model 3 Hack - Disable Entire Tesla Model 3 Interface

Of course I reported this to Tesla, and got a cash reward from their bug bounty.

I look forward to collaborating with you all in the future!

Thanks.
Click to expand...
Thank you for white-hatting the hell out of it! Welcome

Edit:
" which allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen. "
It can disable blinker notifications, but from my experience of many many infotainment crashes - the turn signals still operate...just silently and without visual indication inside the car. I did have a strange mode where *something* made a blinker click sound while the infotainment was fully crashed/rebooting/off (while driving). It wasn't the usual sound and seemed to be some sort of backup system in case of computer failure.
 
nullze

· Registered
Joined
·
17 Posts
Discussion Starter · #4 ·
Thanks! Appreciate your kind words.

I believe you are right. The blinkers definitely do still work, but the notifications were disabled. As far as the vulnerability goes, I just wanted to make sure that there was no type of malicious advertising or some other way to sneak that code onto a page and just wreak havoc to Tesla owners on the road.

I am still doing more research on the car, so if anyone has any questions, I'll be happy to answer! I am also looking at the internal network of the car, so if anyone has made any progress there, I would love to chat with them.
 
garsh

· Super Moderator
Joined
·
17,742 Posts
#5 ·
bwilson4web

· Premium Member
Joined
·
1,685 Posts
#6 · (Edited)
nullze said:
Hi everyone! I am new here to the forums and wanted to share one of my findings for you all here.

Web-based attack crashes Tesla driver interface
Click to expand...
From the article:
. . .
The security flaw in the driving interface of Tesla Model 3 vehicles is resolved in versions 2020.4.10 and above of the software.
. . .

I don't remember "2020.4.10" as a version.

Bob Wilson
 
Save Share
Reply Quote
iChris93

· Super Moderator
Joined
·
4,868 Posts
#7 ·
  • Like
Reactions: nullze and garsh
Save Share
Reply Quote
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
About this Discussion
6 Replies
5 Participants
Last post:
iChris93
Tesla Owners Online Forum
A forum community dedicated to Tesla owners and enthusiasts. Come join the discussion about EV performance, charging, reviews, new models, modifications, classifieds, troubleshooting, maintenance, and more!
Full Forum Listing
Explore Our Forums
Model 3: Reserving, Ordering, Production, Delivery Tesla Software and Firmware Model 3: Customizing & Modifications Model 3: Maintenance & Repair Tesla Tech Talk

Top Contributors this Month

View All
RSSFeed
garsh
E
Recommended Communities
Community avatar for TiVo Community
TiVo Community
312K+ members
Community avatar for Lucid Forum
Lucid Forum
2K+ members
Community avatar for Rivian Forum
Rivian Forum
13K+ members
Top