going be attractive to a broad range of actors: hardware and software tinkerers, pranksters,
nation-states, and groups that engage in terrorism.
The Tesla Model S is a great car and a fantastic product of innovation. But owners of
Teslas and other connected cars are increasingly relying on information security to protect the
physical safety of their loved ones and their belongings. Given the serious nature of this topic,
we know we can’t attempt to secure our vehicles the way we have attempted to secure our
workstations at home in the past, by relying on static passwords and trusted networks. The
implications to physical security and privacy in this context have raised the stakes to the next
level.
Tesla has demonstrated fantastic leaps in innovation that are bound to inspire other car
manufacturers. It is hoped that this chapter will encourage car owners to think deeply about
doing their part, as well as encourage companies like Tesla to have an open dialog with their
customers about what they are doing to take security seriously.
Conclusion
For many of us, our reliance on cars for our livelihood is unquestionable. But besides being in
control of our own vehicles, we also rely on the faculties of other drivers on the road and the
safety features of the cars they are driving. In this chapter, we’ve explored the security mecha-
nisms designed into cars that use and depend on wireless communication to support privacy
and security features that are important to passengers.
In the case of the TPMS analysis, it is evident that fundamental security design principles
were not baked into the design of the architecture. That it is possible to send rogue tire pres-
sure alerts to nearby cars and to abuse the design of this system to potentially track particular
vehicles—thereby invading the privacy of citizens who are likely not even aware that their cars
are using insecure mechanisms to transmit tire pressure data—is quite startling.
The ability to remotely take over a vehicle’s telematics ECU is also quite phenomenal.
We’ve seen that the CAN bus architecture explicitly trusts every ECU in the network, so a sim-
ple successful cellular attack can be lethal (given the spectrum of possibilities for a malicious
actor who is able to take control of the car). It is unnerving to uncover that most of the vulner-
abilities researchers have found were a result of basic software mistakes such as buffer over-
flows, the reliance on obscurity, and improper implementation of cryptography.
The Tesla Model S is indeed a computer on wheels, fully electric and always connected to
the Internet. At 691 horsepower, this is probably one of the most powerful consumer-grade
IoT devices available for purchase. Owners should be concerned that this luxury vehicle—
despite being a pleasure to drive and lauded as one of the most innovative cars ever
produced—provides remote unlock and start functionality that is protected by a single-factor
password system, which the security community has long known to be easily susceptible to
social engineering, phishing, and malware attacks. This can lead to a situation in which cars
such as the Model S may be exploited by a myriad of malicious actors, such as pranksters or
CONCLUSION 187