Linux burps again, Researchers hack Tesla Model S with remote attack

" Both dashboard and center screen runs on a modified version of
Linux on NVIDA. "

- - - - DUM DA DUM DUM.

Tesla Motors is considered one of the most cybersecurity-
conscious car manufacturers in the world—among other things, it
has a bug bounty program. But that doesn’t mean the software in
its cars is free of security flaws.

Researchers from Chinese technology company Tencent found a
series of vulnerabilities that, when combined, allowed them to
remotely take over a Tesla Model S car and control its sunroof,
central display, door locks and even the braking system. The
attack allowed the researchers to access the car’s controller
area network (CAN) bus, which lets the vehicle’s specialized
computers communicate with each other.

“As far as we know, this is the first case of remote attack
which compromises CAN Bus to achieve remote controls on Tesla
cars,” the researchers from Tencent’s Keen Security Lab said in
a blog post Monday. “We have verified the attack vector on
multiple varieties of Tesla Model S. It is reasonable to assume
that other Tesla models are affected.”

The blog post is accompanied by a demonstration video in which
the researchers show what they can achieve through their attack,
which works either while the car is parked or being driven.

First, while the car was parked, the researchers used a laptop
to remotely open its sunroof, activate the steering light,
reposition the driver’s seat, take over the dashboard and
central display and unlock the car.

In a second demonstration, they turned on the windshield wipers
while the car was being driven at low speed in a parking lot for
demonstration purposes. They also showed that they can open the
trunk and fold the side-view mirror when the driver is trying to
change lanes. While these operations can be distracting to the
driver in certain situations, causing a safety risk, the most
dangerous thing they were able to do was to engage the car’s
braking from 12 miles away.

Such an attack, performed against a car being driven at high
speed on a highway, could result in a serious rear-end collision.

The researchers reported all of the vulnerabilities through
Tesla’s bug bounty program, and the company is working on
patches.

Fortunately, Tesla cars can receive firmware updates remotely
and Tesla car owners are advised to make sure that their
vehicles are always running the latest software version.

Car hacking has become a hot topic in recent years among
security researchers, regulators and car manufacturers
themselves. As cars become more interconnected, the ways in
which they can be remotely hacked will only increase, so it’s
important that the computers handling critical safety features
are isolated and protected.

Tesla did not immediately respond to a request for comment.

http://www.pcworld.com/article/31219...y/researchers-
demonstrate-remote-attack-against-tesla-model-s.html

In article
ers.net
Anonymous wrote:

" Both dashboard and center screen runs on a modified version of
Linux on NVIDA. "

- - - - DUM DA DUM DUM.

Tesla Motors is considered one of the most cybersecurity-
conscious car manufacturers in the world—among other things, it
has a bug bounty program. But that doesn’t mean the software in
its cars is free of security flaws.

Researchers from Chinese technology company Tencent found a
series of vulnerabilities that, when combined, allowed them to
remotely take over a Tesla Model S car

I'm waiting for the headline that a Tesla on auto-pilot runs
over and kills a bunch of democrats outside a gay bar in San
Francisco.

In article
ers.net
Anonymous wrote:


" Both dashboard and center screen runs on a modified version of
Linux on NVIDA. "

- - - - DUM DA DUM DUM.

Tesla Motors is considered one of the most cybersecurity-
conscious car manufacturers in the world—among other things, it
has a bug bounty program. But that doesn’t mean the software in
its cars is free of security flaws.

Researchers from Chinese technology company Tencent found a
series of vulnerabilities that, when combined, allowed them to
remotely take over a Tesla Model S car

I'm waiting for the headline that a Tesla on auto-pilot runs
over and kills a bunch of democrats outside a gay bar in San
Francisco.

That will be in Hayward, CA. Hayward is full of queers. It
is the queer capitol of the world. It is directly on top of
the Hayward Fault, a geologic fault zone capable of generating
significantly destructive earthquakes. Some day it is going to
grind all those perverts into a bowl of rocks. So be it!
I can already hear them screaming like a bunch of panicked women
while crying and hugging each other.

In article
ers.net
Anonymous wrote:

" Both dashboard and center screen runs on a modified version of
Linux on NVIDA. "

- - - - DUM DA DUM DUM.

Tesla Motors is considered one of the most cybersecurity-
conscious car manufacturers in the world—among other things, it
has a bug bounty program. But that doesn’t mean the software in
its cars is free of security flaws.

Researchers from Chinese technology company Tencent found a
series of vulnerabilities that, when combined, allowed them to
remotely take over a Tesla Model S car

I'm waiting for the headline that a Tesla on auto-pilot runs
over and kills a bunch of democrats outside a gay bar in San
Francisco.

On 09/21/16 22:26, Anonymous so wittily quipped:
" Both dashboard and center screen runs on a modified version of
Linux on NVIDA. "

I doubt that Linux was the cause of any insecurity. most likely it was
poorly configured, and/or had customized software running that _CAUSED_
the problem.
yes - if you allow ssh or telnet logins with the 'root' user and use a
stupid password like "god", you'll get your system cracked.

similarly, windows' stupid habit of attempting to make every user
'administrator' is an even BIGGER security hole than anything I've ever
seen on Linux...

In article
Big Bad Bob wrote:

On 09/21/16 22:26, Anonymous so wittily quipped:
" Both dashboard and center screen runs on a modified version of
Linux on NVIDA. "

I doubt that Linux was the cause of any insecurity. most likely it was
poorly configured, and/or had customized software running that _CAUSED_
the problem.

What does modified version of Linux mean to you?

yes - if you allow ssh or telnet logins with the 'root' user and use a
stupid password like "god", you'll get your system cracked.

So don't do that.

similarly, windows' stupid habit of attempting to make every user
'administrator' is an even BIGGER security hole than anything I've ever
seen on Linux...

If there is only one user, it has to be granted administrator
privs. It's not a security hole if there is a password assigned.

Maybe you should research the security holes in Hadoop and
Google Cloud. Somebody did it to Yahoo.