Cyber security: how a hacker cracked his own Tesla
Jasper Nuyens is the proud owner of a Tesla Model And that worked. Nuyens will be present during the World of Technology & Science explain hacking skills.
By: Dimitri Reijerman
It is not immediately obvious to try to attack the on-board electronics of a Model X, an electric car from Elon Musk's Tesla. After all, it is a 2-ton vehicle with advanced electronics and... custom made software. Manipulation of this software is potentially dangerous, but Nuyens still decided to 'attack' the Tesla software.
It was not easy to make the hack successful, says Nuyens: “I opened the car to gain access to the internal Ethernet network that is used by means of round 'Fakra connectors' for network communication between the ARM/ Linux running 'Instrument Cluster' behind the wheel, the large central display 'Media Console Unit', the Autopilot and the 'gateway' (FreeRTOS). This gateway ensures communication with the Internet and the CAN buses.”
Security layers
Yet the part-time hacker was not quite there yet: “You would expect that that would be sufficient to gain access to the systems,” says Nuyens. “Tesla has gone further in security than that. There are a number of people who have looked more deeply at the security of that network in the past, and if it was published - for example how the gateway password was stored on the MCU's SD card, or how way to gain root access via the network – Tesla closed this route in a newer software release.”
For that reason, he does not want to reveal how Nuyens entered: “Understandable from the point of view of increasing security. But it is annoying if you want to gain access to your own expensive machine. I once sent an email to Elon Musk in the hope that he would give me root access, perhaps after signing something that places responsibility on me if something goes wrong. But he didn't respond to that; Perhaps I should have asked via Twitter?”
Nuyens has built a Raspberry Pi in the car, with its own internet uplink. The Linux expert also created a number of additional loopholes in the system software, so that he is less likely to be excluded if Tesla takes certain countermeasures.
New features
With these tweaks, Nuyens gained new possibilities for his electric car: “For example, I made something to slowly fade the color palette of the instrument cluster into different colors. And I changed the images of the Model I can also access diagnostic screens in 'Factory Mode' that are otherwise only accessible by Tesla Service Centers.”
Nuyens has plenty of ideas for new applications that will become possible thanks to his hack. For example, he would install another web-based route planner with more functionality than the current Tesla design or the ability to play children's videos for his son on the center console.
As an ethical hacker, Nuyens has a certain responsibility. For example, he refuses to release information that criminal hackers can use. Moreover, the local Tesla Service Point is aware of his curiosity. In fact, his work is tolerated, although he is responsible for any damage he might cause to his very expensive Model X.
Tesla, in turn, deliberately treats hackers the right way, says Nuyens: “I think it is important that the interests of the company and those of the hackers are the same. And that is already somewhat true. Elon Musk clearly has a 'hacker-friendly' mindset. It is to Tesla's advantage that all 'hacks' can be reported immediately. But now the few people who are also involved in it, besides me, are mainly afraid that they themselves would be left out. And that is a shame.”