Just wondering...now that we have a web browser in our model 3's...do we need some type of virus protection software?
Not really. The web browser is pretty limited and isolated from the other firmware.
So if we hit a webpage that is bugged we won't get infected?
Ok. I'm comforted by your reassurances. Thanks.
If it is a computer and any external connection (internet, USB port, other connectors) then it can be hacked. The best hope is that Tesla's developers minimize the risk and stay on top of patching vulnerabilities. I trust Tesla more than legacy car manufacturers, which have been hacked in recent years and vehicles remotely controlled (including brakes being disabled remotely).
I would worry more about the 3rd party Tesla apps getting hacked and vehicles hacked through that vulnerability. Hackers go for the easier routes, which is why so many companies have been hacked through their 3rd party remote access apps. It is often easier to go on through the back door.
Crap, I am really worried now. I don't want my car to have to undergo its own personal version of 'nam. Nothing a bit o' anti-virus can't cure I'm sure.
Well...all this said...I'm hoping Tesla will make some comment about the topic. I would be good to have some reassurances/guidance.
Paranoia big destroyer!
"I would worry more about the 3rd party Tesla apps getting hacked."
Tesla doesn't allow 3rd party apps, so this isn't an issue.
True that nobody should be cavalier about security, and any computer can be hacked, Actually, this does bring up valid concern and makes me think it's a bad idea having a web browser in our cars. There was a case of a Model S hack done in 2016 whereby hackers gained access to the cars control systems by way of the web browser and connecting the car to a malicious wifi network. The conditions for this for quite specific and Tesla fixed the exploit within days.
I think if you connect to safe wifi networks and websites you should be fairly safe from exploits. I honestly don't find the web browser that useful anyway.
@cornellio Given your input, I think I'm going to avoid the browser for the time being. Maybe some more definitive info will be forthcoming. Hope springs eternal.
Sorry, but I wasn't clear on the"3rd party apps". I was referring to the mobile apps that use the Tesla API and can remotely access the car. Although there is probably some risk mitigation with those apps not using owner's login credentials. If those 3rd parties are hacked, there is a risk. I haven't heard that it has happened yet, but with more Tesla owners there will be more hackers targeting Tesla and 3rd party mobile app vendors. Tesla seems pretty involved with security researchers, but I'm not sure about mobile app vendors.
So honestly, I really wouldn't lose any sleep over it. Also keep in mind that a good amount of stuff sold as antivirus or make your PC run faster is basically snake-oil - it does something but not all that it promises, and in some cases covers 95% of the problems you'll encounter but not the 5% that cause you to lose data, and in many cases doesn't do anything more than the defenses you get for free (other than draining you of some excess cash). The biggest vulnerability with browsers is usually tricking you into visiting a malicious site, which itself relies on known exploits in the browser and (usually) specific operating system. Anyone putting together an embedded Linux system can build a stripped-down Chromium browser that won't support any of the stuff that malware needs to operate, and most of the malware out there only runs on WIndows (although that's changing).
I should also add that some malware tries to trick you into visiting malicious sites via popup ads that claim your device is infected, click here to remove...
I believe a little paranoia is wise here. We have two-ton object able to quickly hurtle around while controlling some of its own piloting, all while connected to at least a mobile network, a smartphone and whatever it is connected to, some WiFi locations at stops, and on and on. Each connection is an entry portal. As has been done over and over, there seems to be little that is unhackable explaining why the high security stuff (R&D, serious security systems, and so on) is accomplished while disconnected from the outside. All you need is the time, talent, and motivation to do invasive and damaging things. How about all the ransom-ware attacks the supposedly more immune Mac computers experienced last year. I’m not advocating we change our lives here, just suggesting an overconfidence that hacking is impossible is probably unwarranted.
When someone makes a product idiot-proof, the world responds by making a better idiot. When manufacturers make something presumably unhackable, someone will hack it. And the war goes on.
What good is it going to do to encourage people to worry about having their cars hacked?
If it is just a sandboxed browser, there isn't anything to really hack.
@Magic 8 Ball, the intent is awareness, not FUD or something to worry about. Mac owners actually believed our computers were impervious to hacking given the small user base compared to Windows machines. That all changed when we were...say it with me...hacked.
Being aware doesn’t need to automatically make one fearful, nor is it encouraging overarching paranoia. What it does do is ask you to consider today’s environment and not automatically bury your head in the comfort sand. Vehicles have been hacked. Denying the possibility is not rational.
What to do? Maybe nothing today beyond the awareness that something could, however remote. Don’t worry about it but don’t revel in the delusion that it could not happen either.
Awareness, BS, you are intentionally trying to make people worry. Pure FUD.
@Magic 8 Ball, you are the worst kind of jackass. You attack people who take reasonable stands on issues. Lay off. Attack those who are perpetuating really FUD and paranoia.
Yes, let's remind people they are driving a weapon and that it can go out of control at anytime. Why don't we also remind people that at anytime an asteroid can wipe us all out or that hackers can make all smart phones halt and catch fire thereby wiping out half the planets population also.
What a bunch of crap!
@M8B, but that's why we have Asteroids on the car, so we can blast them before they get us!
How did you fare during the Y2K "crisis" and end of Mayan calendar?
I would be so happy to get a functioning fob that allows entry to trunk/ frunk and driver/ passenger doors. Then I wouldn't be tempted to try 3rd party apps. If it doesn't work as good as a key, it's not an improvement IMO.
Don't lose sleep over this, really. It's plenty secure. Moving on.
...it has to allow 'Start' too.
I don't know what a virus would actually do if it got into the computer anyway, it's not going to find credit cards... and cryptolocking would be like, "lol reflash it anyway." Could troll users and brick the car I'm sure, but that seems not lucrative... and the 'awareness' salisbury is speaking just doesn't happen outside of a state sponsored attack. That being said, modern coding techniques should protect you. Don't autorun from a thumbstick, keep the browser sandboxed, don't allow users to run executables.
For those who don't know what I'm talking about... you're fine, you can't hurt the car even if you tried.
dalesmith1962: The point is that this is not a 'reasonable' concern at all. This has been brought up for years. All supposed 'concerns' are at the very least overblown. The ONLY hackers that have managed to access or gain control of any function on a Tesla car were those given both physical access and the owner's login details. Even then, about all they could do was open the sunroof or honk the horn. And that was during a hacking convention where extremely skilled individuals were doing their damndest to win a $50,000 prize.
It is not unreasonable to expect such 'concerns' be grounded in actual fact instead of supposition, rumor, innuendo, and yes... FUD.
"Fear is the mind-killer." -- Frank Herbert
I'm sorry I brought this subject up. It was not intended to elicit fear or anything else...I only wondered if we needed virus protection. A simple answer of no and why would have satisfied me. My apologies for all the hackles that were apparently raised.
silverslim, I thought yours was a very reasonable question and glad you asked it. I saw your post before there had been any replies, and even though my background is IT refrained from responding BECAUSE it is easy to take either side of the question (and thus the back and forth).
I wanted to see first how others would respond, and indeed as expected quite a lot of expertise in this area among Tesla owners. Some wise counsel for sure, especially form SalisburySam, henry.groover, and ModernTriDad (and others).
It's funny, my own point of view is bifurcated. I have never run anti-virus on my own Windows machines, and as it happens have never gotten a virus. On the other hand I've always thought that Admiral Adama of Battlestar Galactica had it about right; he prohibited the computers on his ship from being connected to each other. ;>
Still, I will have little concern about my Tesla being hacked (once I get ownership). Certainly no interest in anti-virus for my car. Where I do think there are potential risks is with larger targets such as someone trying to take over the Tesla Network (on demand car/ride service) once it arrives. And after watching a recent video of a Tesla theft from someone's carport I'll probably educate myself on how to mitigate that eventuality.
Whoa. ReD trumped my ancient Battlestar Galactica reference with a more ancient Dune reference!
@dmitryromanooov, why are you trying to get TESLA users to open your links and download these apps? This thread was about virus protetion software.
dmitryromanooov's comment is spam that should be flagged by those who can flag spam.
Regarding worries about viruses affecting the Tesla web browser...
I believe it is known that the computing infrastructure in Tesla vehicles run on Linux and make use of virtual machines like QEMU (https://www.qemu.org/) and BusyBox (https://en.wikipedia.org/wiki/BusyBox) to create temporary environments in which the user applications run, such as the web browser, Slacker Radio, Teslatari, etc.
For those not familiar with virtual machine technology and "sandboxing", it is a modern operating system technique that is analogous to creating a complete, fully operational "computer" running as a program on another computer, and the computer memory outside of the virtual machine is physically not accessible to the programs running on the virtual machine. This containment is enforced by the actual CPU hardware. In fact, this is exactly how security researchers safely experiment with live computer viruses without compromising their research systems.
On top of all that, I suspect that the Tesla web browser is probably locked down in various ways such as no Java support, no file downloads, no persistent cookies, etc.
The bottom line is that any security breach is contained to the specific application, and it would not be persistent the next time the application is restarted and/or the Tesla computer interface is rebooted.
None of this is to say that security holes are never found in virtual machines and/or sandboxed software (and sometimes in the VM features of the CPUs). But the beauty of Tesla using open-source software such as Linux and BusyBox is that security holes will almost certainly be discovered by the broader software community on some other platform and patched long before anyone attempts to attack a Tesla infotainment computer.
TLDR; No, Tesla vehicles do not need anti-virus software.
Well they just submitted the Tesla to PWN2OWN, so lets see what people come up with!https://twitter.com/Tesla/status/1108409944963870720
I think it's great that Tesla is sponsoring bug bounties via PWN2OWN, but my money is on someone hacking in via Bluetooth, WiFi or NFC, not the sandboxed / VM hosted apps.
Should clarify... My money is on someone gaining drive control access via Bluetooth/WiFi/NFC. Bugs such as sandbox escapes in the infotainment system may be found but won't affect vehicle drive control (hopefully).