Not sure if there is one, though, I have a feeling there is. I've done nothing to make the car be upset, though. My X session is running on tty1 while the car's UI is running on tty2. As long as the car's normal UI system is running everything is happy. If you shut that down, say, starting fluxbox on that X session (this may or may not have happened), the gateway freaks out because it lost contact and forcibly resets the CID. Also, the touchscreen's input doesn't come through X, the QT apps read it directly. Every now and then I have to just tap the corner of my screen while I'm working, even when I'm in my own environment, because when you are parked and sitting there the touchscreen will turn off after 30 minutes. I'll figure out a way around this eventually.

I recall a post somewhere where someone claimed that attempts to hack his Tesla resulted in a message about unauthorized access being detected with the threat of his mobile connection being severed if it recurred. My guess that there is a IDS was based on that.

17 for me, and this is exactly how it is for me. Gentoo taught me Linux, and I have enjoyed it ever since. I use other distros as well, but Gentoo will always hold a special place in my heart.

This is exactly how I think of it. No one questions people doing mechanical work on their car, but touch the software and you get crucified.

People still don' (want to) understand software.

Yes, it has a gateway between the high level stuff and the low level stuff. It's fairly secure too. You can't just make calls to the can bus all willy-nilly either.

> You can't just make calls to the can bus all willy-nilly either.

What do you mean by that? I would think that once you get UID=0 nothing can stop you from doing whatever you want to that device.

It's a completely different computer—compare it to your typical web browser/web server model. The media computer can request display the battery information (the browser can get a list of products) but it cannot hit the accelerator (the browser cannot read other users' personal information). Even if you have root on the media center (your laptop), that doesn't make it so you can run any and all commands on the computer that regulates steering and acceleration (the web server).

there is a gateway between the media center canbus and the critical canbus. the gateway buffers all the data from the critical canbus and rate limits any requests for data which isn't broadcast regularly on the critical canbus.

You would have to get UID=0 on the canbus gateway to make requests 'willy nilly' on the critical canbus. Having UID=0 on the media centre would only help in making willy nilly requests to the gateway.

edit: clarity

though wasn't the chrysler attack through one of these gateways?

The chrysler was a completely different system, but it was indeed infecting the car from the radio / entertainment system. The tesla is completely different from that. They have one entire computer system that runs the "entertainment console". You can even reboot it while you are driving and nothing happens (this is by design of course). The driving controls are totally separated. The only thing you notice when you reboot that console if that the radio goes off, the display goes black during the reboot (10 seconds). Then it comes back and all is well. Press both turning cylinder controls on the steering wheel for a few seconds to start the reboot. They designed it very well. That doesn't mean it is perfect, but they have approached security correctly as far as I can tell from outside. They pay for exploits too - see https://bugcrowd.com/tesla. They have hired security researchers to work on their system and attack it.

As a tesla owner, I do wish they would hurry up and publish their app platform. They do have apps that they wrote themselves, that come with the car.

And I really wish they'd update their web browser, and even more wish they supported linux. Maybe the chromebook os support will be secure enough for android apps that even tesla could use it.

I link to it at the bottom of the post. The image captions are quotes that were inspired by very real quotes from that website.

It's incredibly complicated, but pretty secure. The CAN bus is isolated from the network. I have root access on the CID and the IC (both separate tegra systems). You can even reboot the CID while you're driving and you only lose media and air conditioning and such. Accessing the CAN bus requires going through a pretty secure gateway system, so you can only basically make requests. Even then, I haven't even really looked into that area much.

I have never driven while running any of my stuff. Also, this is the CID, it doesn't control those things. You can even reboot the CID while you're driving.

I was INCREDIBLY excited to be able to literally become the stereotype!

If you look at the bottom of my blog you'll see that the captions and jokes are referencing http://funroll-loops.info/

I even took some of my favorites from there and modified them to reference Tesla, and that's what the captions are.

Now you can feel doubly awesome since you successfully trolled me at the same time as you hacked your Tesla!

Thanks :) This has been a really fun hobby :D

Really inspiring work. I have always loved working on cars, and the potential to marry that with my profession is exciting.

I'm really looking forward a future where I have ownership and control over my cars operating system to the same degree that I own the engine in my camaro.

Also, I apologize for automatically defaulting to you being a he-dude and not a she-dude.

Which is exactly equal in impressiveness.

Yeah I absolutely love it. It's eating up all my freetime. I had to make sure last week to actually go out and socialize...

Dude is genderless! I'm just as much a dude as you are. Also, it doesn't really bother me :)