Free-Fall: Hacking Tesla from Wireless to CAN Bus

Presented at Black Hat USA 2017, July 27, 2017, 12:10 p.m. (50 minutes).

In today's world of connected cars, security is of vital importance. The security of these cars is not only a technological issue, but also an issue of human safety. In our research we focused on perhaps the most famous connected car model: Tesla.

In September 2016, our team (Keen Security Lab of Tencent) successfully implemented a remote attack on the Tesla Model S in both Parking and Driving mode. This remote attack utilized a complex chain of vulnerabilities. We have proved that we can gain entrance from wireless (Wi-Fi/Cellular), compromise many in-vehicle systems like IC, CID, and Gateway, and then inject malicious CAN messages into the CAN Bus. Just 10 days after we submitted our research to Tesla, Tesla responded with an update using their OTA mechanism and introduced the code signing protection into Tesla cars.

Our presentation will be in three parts: our research, Tesla's response, and the follow-up. We will, for the first time, share the details of the whole attack chain on the Tesla, and then reveal the implementation of Tesla's OTA and Code Signing features. Furthermore, we'll explore the new mitigation on Tesla and share our thoughts on them.


Presenters:

  • Ling Liu - Researcher, KeenLab, Tencent
    Ling Liu specializes in reverse engineering, vulnerability discovery, vulnerability research and advanced exploitation techniques. He was formerly a security researcher focused on vulnerability discovery of QEMU and XEN and is a CTF player.
  • Yuefeng Du - Researcher, KeenLab, Tencent
    Yuefeng Du is an intern at KeenLab of Tencent. He is passionate about computer security, especially reverse engineering and malware analysis.
  • Sen Nie - Researcher, KeenLab, Tencent
    Sen Nie is a security researcher of Keen Lab, Tencent and also a PhD candidate in SJTU, China. Currently, his research is mainly focused on carhacking; before that he has many years' research experiences on program analysis, like symbolic execution, smart fuzzing and other vulnerability detection technologies.

Links:

Similar Presentations: