“I realized a few of these things could be chained together, the official term is a bug chain, to gain more access to other things on their network. With now having more experience with Tesla’s servers and knowing that their network wasn’t the most secure, to say the least, he decided to go hunting for more bug bounties.Īfter some poking around, he managed to find a bunch of small vulnerabilities. Hughes then agreed to stop scraping and sharing the Supercharger data.Īfter reporting his server exploit through Tesla’s bug reporting service, he received a $5,000 reward for exposing the vulnerability. They kindly explained to him that they would prefer for him not to share the data, which was technically accessible through the vehicles.
HIJACK DEFCON SOFTWARE
Hughes responded that he would be happy to discuss it with them.Ģ0 minutes later, he was on a conference call with the head of the Supercharger network and the head of software security at Tesla. Someone who appeared to be working at Tesla posted anonymously about how they didn’t want the data out there.
The hacker shared the data on the Tesla Motors Club forum, and the automaker seemingly wasn’t happy about it. “I found a hole in the server-side of that mechanism that allowed me to basically get data for every Supercharger worldwide about once every few minutes.” He would occasionally submit bugs through that system.Īfter Tesla started to give customers access to more data about Supercharger stations, mainly the ability to see how many chargers were currently available at a specific charging station through its navigation app, Hughes decided to poke around and see if he could expose the data. The practice, known as whitehat hacking, wasn’t his main focus, but like most tech companies, Tesla has a bug reporting system in place to reward people who find and report vulnerabilities. He turned the hobby into a business selling Tesla parts from salvaged vehicles and building his own controllers to help people make cool projects out of those parts.Īt the time, he was also using his experience working with Tesla vehicles and Tesla software to report vulnerabilities in the automaker’s systems. He was an early member of the Tesla “root access” community, a group of Tesla owners who would hack their own cars to get more control over them and even unlock unreleased features.Īt the time, Hughes was using his knowledge to tinker with salvaged Tesla vehicles and build off-grid energy storage systems and electric conversion kits. The Big Tesla Hackīack in 2017, Jason Hughes was already well known in the Tesla community under his WK057 alias on the forums. What Musk knew that the public didn’t was that Tesla got a taste of that actually happening just a few months prior to his talk. “In principle, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.” He even presented a strange scenario that could happen in an autonomous future: In July 2017, Tesla CEO Elon Musk got on stage at the National Governors Association in Rhode Island and confirmed that a “fleet-wide hack” is one of Tesla’s biggest concerns as the automaker moves to autonomous vehicles. A few years ago, a hacker managed to exploit vulnerabilities in Tesla’s servers to gain access and control over the automaker’s entire fleet.
0 kommentar(er)
