An Interest In:
Web News this Week
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
Some of Our Sources
- Simplebits
- Joshua Blankenship
- The Logo Smith
- Fuel Your Creativity
- FanExtra - PSD
- Reencoded
- Specky Boy
- Android Dissected
- Android Headlines
- The Verge
Help Webnuz
Referal links:
September 5, 2020 09:46 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/sJhCwJv7NMo/how-a-white-hat-hacker-once-gained-control-of-teslas-entire-fleet
How a White-Hat Hacker Once Gained Control of Tesla's Entire Fleet
"A few years ago, a hacker managed to exploit vulnerabilities in Tesla's servers to gain access and control over the automaker's entire fleet," remembers Electrek (in a story shared by long-time Slashdot reader AmiMoJo). Tesla enthusiast Jason Hughes had already received a $5,000 bug bounty for reporting a vulnerability, but "knowing that their network wasn't the most secure, to say the least, he decided to go hunting for more bug bounties."After some poking around, he managed to find a bunch of small vulnerabilities. The hacker told Electrek, "I realized a few of these things could be chained together, the official term is a bug chain, to gain more access to other things on their network. Eventually, I managed to access a sort of repository of server images on their network, one of which was 'Mothership'." Mothership is the name of Tesla's home server used to communicate with its customer fleet. Any kind of remote commands or diagnostic information from the car to Tesla goes through "Mothership." After downloading and dissecting the data found in the repository, Hughes started using his car's VPN connection to poke at Mothership. He eventually landed on a developer network connection. That's when he found a bug in Mothership itself that enabled him to authenticate as if it was coming from any car in Tesla's fleet. All he needed was a vehicle's VIN number, and he had access to all of those through Tesla's "tesladex" database thanks to his complete control of Mothership, and he could get information about any car in the fleet and even send commands to those cars. Last week Hughes released an annotated version of the bug report he'd submitted to Tesla. "Hughes couldn't really send Tesla cars driving around everywhere..." reports Electrek, "but he could 'Summon' them..." Telsa gave him a special $50,000 bug report reward — several times higher than their usual maximum — and "used the information provided by Hughes to secure its network." Electrek calls it "a good example of the importance of whitehat hackers."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/sJhCwJv7NMo/how-a-white-hat-hacker-once-gained-control-of-teslas-entire-fleet
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot