Could all Teslas be stopped?

Could all Teslas be stopped?

I am very far from a techno-geek so this may be a stupid query!

But as our home PC is regularly full of spam and viruses and got so slow we were advised to buy a new one - as well as having been 'hacked' for our bank accounts - I am wondering what will happen over time to the Tesla on-board on-line computers?

Could a vindictive hacker (or a 'jealous' competitor!) burrow their way into the cars' pc and immobilize all Teslas? Or make them perform badly and erratically.

That would be a serious problem and poor publicity - maybe all cars going 'on-line' are at risk. Sophisticated hackers seem to be able to circumvent any security systems!

NKYTA | August 22, 2013

Check out this recent threadon how Tesla's REST API could be improved.

Do all the common-sense things you should normal do on the internet.
Create a very strong password for
Don't give it away to anybody, ever.

S4WRXTTCS | August 22, 2013

I wonder if there is anyway in the car to prevent this?

Sure I like the idea of being able to track my car and to remote kill my car. But, I'm not sure I'm willing to compromise my own security to have that.

I wouldn't be the least bit surprised to see a russian hacker disable every single Tesla on the road because of some unknown exploit if it is indeed possible to remotely disable the car.

If I was a female I definitely wouldn't like this feature. Imagine being stalked by an ex-bf who secretly knew how to get access to your car. He could not only freely stalk you, but mess with you as you were driving. Or leave you stranded somewhere (if a remote kill is indeed possible, but I don't see that listed on the API).

I love the idea of an app, but that potential for harm is frightening.

SamO | August 22, 2013

You can turn off app access at the vehicle level.

bigbit | August 22, 2013

SamoSam +1

sometimes its that simple....

the other thing would be for Tesla to use a standalone system for remote access, but that is wishfull thinking. if they get hacked i think it would be possible to stop a car, I remember a post about a car reported stolen they remotely stopped...

S4WRXTTCS | August 22, 2013

SamoSam - Thanks. I don't have the car yet, but its good to know it's easy to turn off.

cgiGuy | August 22, 2013

@bigbit: Reference on the stolen Tesla comment? Would be very interested in this, as it would help "prove" a LoJack-like capability to insurance companies. We all know the capability is there, but the willingness of Tesla to intervene is still in question.

Chuck Lusin | August 22, 2013

You could also change your Tesla password. And follow the advice of NKYTA above! | August 22, 2013

Not sure what the point of a hack would be. It wouldn't make any money and would bring all the wrong kinds of attention (i.e. police).

It would also likely need a car to analyze and reverse engineer the code to find the vulnerability if there is one. Not too many hackers are going to buy a MS for the fun of hacking.

It would also need to get the user's permission to download the hack. I don't think we'll be fooled for long with some poorly worded statement like "Upgade New! You'll lik it! Good for health and posperity"

If someone want's notoriety, I think there would be more interest in hacking onStar - as it's in millions of cars. It's been out for 10+ years, and there is likely a lot more known about that system, yet it hasn't be hacked. It doesn't mean Tesla is more or less secure, but I have a lot more trust in a Silicon Valley company that happens to build cars, than a car company that dabbles in technology.

MandL | August 22, 2013

It's not impossible that a Tesla developer could intentionally or unknowingly introduce some kind of Stuxnet type worm into a future firmware update that owners would have no knowledge of or ability to mitigate. Assuming there isn't already some sort of scheduled attack buried in the car's software, the only thing you could do to protect yourself completely would be to remove the 3G and wifi chips and never get another update.

Follow common sense safety / security protocols, enable all the cool functionality you find useful or interesting, drive the car and have fun. If Dr. Nefarious programs your car to drive off a cliff in 2017, go out with the Tesla grin smeared across your face.

wg | August 22, 2013

If you're a stock trader and could create enough of a story (panic)by disrupting the car's performance, you could make a lot of money.

jat | August 22, 2013

No, it would not be possible to stop the car remotely. In fact, you can't even do things like honk the horn while the car is moving.

Really all you can do is find out where the car is and unlock it, stealing anything inside it. As has been mentioned, don't ever type your password into any app/site that isn't owned by the company you use that password with -- that goes with MyTesla, your bank account, etc. Yes, that means if you want to take advantage of the remote access right now you have to run your own apps on your hardware, but it isn't a public API.

If you worry about hacking cars, look at papers that have presented the last 4 years or so -- some cars have big vulnerabilities, where you can wirelessly send a signal which the TPMS receiver will blindly broadcast on the CAN bus. In that case, you can apply the brakes or accelerator while they are driving.

Tesla's remote access has none of that (you don't even talk directly to the car, you connect to a Rails server which then communicates with the car).

sandman | August 22, 2013

Tesla and many other cars are "hackable" as Jat notes above. This isn't a Tesla only issue. This issue for cars has been around for many years now and has been demonstrated multiple times. Most hackers don't bother because the damage/value of stealing cars one at a time does not scale. Bot-nets attacking IP or security assets do.

In addition to the password advice above, please please please make sure you don't download mal-apps on your phone or computers you access tesla forums/acct with.

SUN 2 DRV | August 22, 2013

ANY car with remote communications is potentially susceptible to hacking. This is just as true for gas powered cars as it is for electric powered ones. GM bas been selling OnStar equipped gasoline cars for a long time. There is the POTENTIAL for hacking them, but GM has been successful in keeping that from being a problem. No reason an electric car would be any different.

Brian H | August 22, 2013

Message on the touchscreen: "Your car has been hacked. I control the horizontal. I control the vertical. You have entered the Twilight Zone! Kiss your bippy good-bye."


GReese | August 22, 2013

The architectural flaw in authentication I talk about in the article does not represent any known actual security vulnerability. There's no mechanism I could imagine for an attacker to remotely gain access to shut down all Teslas.

I don't even know of a theoretical way I could target a specific Tesla for that kind of attack. Assuming someone used the authentication flaw to create a "honey pot" to capture car authentication, the worst stuff they can do is really around tracking that driver's every move.

mrose17 | August 22, 2013

i do not have any inside information, but i suspect that the API presented from the portal is only a subset of the functionality that the Tesla center has available to it. therefore, center security is probably the #1 priority.

for folks worried about someone using their account to mess with the car, as others have pointed out, just disable it:

controls > settings > safety & security > mobile > remote access: OFF

personally, i wish i could authorize multiple accounts to have either readonly or readwrite access to my vehicle, but that is another conversation...

S4WRXTTCS | August 23, 2013

I would suspect that the Tesla has TWO separate levels of access to it, and it's not as simple as disabling the remote access. Sure that would take care of the most likely attack avenue, but also the least dangerous.

But, I highly doubt you can easily disable the communication Tesla has with the car. At least not without disabling the Cell service to the car.

I'd be really surprised if Tesla didn't have the kind of control that the GM Onstar has for example, and that level of control is honestly quite frightening in this day and age of seemingly everything being hacked at will by the Chinese. Disabling cars remotely is a well advertised feature of OnStar, but their very careful in stating that they do that at the request of the police.

Now I don't really plan on disabling either one, but I do plan on KNOWING how to.

enginerd78 | July 15, 2014

Tesla does have the ability to disable your car. I was recently at an overnight corporate event with a bunch of SpaceX and Tesla staffers and execs and in a drunken after hours party the SpaceX exec (VP) asked this question about his car to a present Tesla Software engineer. Not only did he log into the car, but he was able to spy on the location of the VP's girlfriend who was using the car in his absence. He offered the exec to kill the cars power in the driveway so she couldn't use it anymore, but there was some pain in the ass battery reset issue they didn't want to deal with to get the car going again. SO...Tesla does have the ability to stop your car and I witnessed this with my own eyes.