Vulnerabilities in the Tesla network allowed to take control of the car
Security researcher Jason Hughes (Jason Hughes) disclosed details of vulnerabilities in Tesla networks, the exploitation of which allowed completely compromising the infrastructure that interacts with consumer cars. The discovered issues allowed an attacker to gain access to a server that communicates with vehicles and sends commands through a mobile application.
The attacker was able to obtain superuser rights on the information system of any car through the Tesla infrastructure or remotely send control commands to the vehicle. The specialist could send commands to the car such as starting the engine and unlocking the doors. To gain access, only knowledge of the VIN number of the victim's car was required.
The problems were related to the toolbox being offered for download from toolbox.teslamotors.com. Tesla car users with site accounts could download all the developer modules, but the latter were weakly secured and encryption keys were provided by the same server.
The expert found in the code of the modules embedded credentials for various Tesla services on the company's internal network, which is logged in through a VPN. The code also found the user credentials of one of the hosts in the dev.teslamotors.com subdomain on the internal network.
The compromised server turned out to be a node for cluster management and was responsible for delivering applications to other servers. When authorizing to the specified host, the specialist received part of the source code for Tesla's internal services, including mothership.vn and firmware.vn, which are responsible for sending commands to customers' cars and delivering firmware. The server also found passwords and logins to access the PostgreSQL and MySQL database management systems. As it turned out, most of the components could be accessed without credentials, it was enough to send an HTTP request to the Web API from the subnet available to clients.
The researcher discovered the problems back in early 2017. He reported his findings to Tesla, but released this information only three and a half years later. Tesla immediately fixed the problems and drastically strengthened the protection of its infrastructure, and paid the researcher a remuneration of $ 50 thousand