Forums

Join The Community
RegisterLogin

Tesla Safety Concerns - Hacking & Lack of Privacy due to Internet Connectivity - Open Letters

Open Letter to Tesla Motors. 8/25/2013

We are planning on purchasing a Tesla vehicle in the next two years.

We are very enthusiastic about the opportunity to own a piece of alternative energy technology that will help make the change from fossil fuels to clean electric that can be generated via solar, wind and through other renewable means.

We do have some concerns about your product though. Our concerns revolve around your vehicles' heavy reliance on computers, software / firmware, and wireless communications.

We have both safety concerns and privacy concerns with any device that incorporates the physical electronic hardware that would under some circumstance allow that device to communicate to other electronic devices and through the internet, with or without the knowledge of the device's users.

History has shown that any device that has any capability whatsoever of communicating over the internet can be compromised with malicious intent and be made to operate in a manner that is undesirable and even dangerous to its rightful user.

Additionally, it is a well known fact that our cell phones and wireless computing devices have become De facto tracking devices that constantly transmit our whereabouts to any number of government agencies.

In this day and age: anonymity is truly a luxury. You offer your vehicles for sale as luxury cars, does that luxury include anonymity and the ability to drive your your cars without connecting to the internet or cellular phone network?

We would only purchase your vehicle if it had no built in hardware capable of either transmitting or receiving any type of wireless or radio signal including Bluetooth. We would not mind if you added USB ports and Ethernet ports so that we could attach our own network enabled devices if we so desired. Just so long as we are not stuck diving a vehicle with the capability of being hacked, or being made to serve as tracking device to report our whereabouts to to “big brother”.

We too would love to see the decline of “Big Oil” through the use of viable alternative energy technology but we don't want to contribute to the growth of an even bigger menace: “Big Brother” via the superfluous use of wireless communications devices now being built into every appliance from refrigerators to automobiles.
Note: this user account is administered by corporation (Heck! Today Corporations have more freedom of speech than individuals do.)
Please read our corporate Social Media Disclaimer.

http://www.ahh.biz/utility_pages/social_media_disclaimer.htm

------------------------------------------------------------

Open Letter to Senator Ted Cruz 8/27/13
Dear Senator Cruz,

Thank You for your response to our concerns about NSA's Surveillance programs.

We have another concern about the proliferation of wireless internet devices being built into many electronic products today.

What particularly worries us is: automobile manufacturers starting to "jump on the band wagon" of superfluous electronic functionality and building cars that are more and more dependent on computers, and then, on top of that vulnerability; building integral wireless internet transceiver devices into these vehicles.

Not only does adding a built in internet connection make the vehicle susceptible to NSA surveillance, it also makes it so that the vehicles' computer's Operating System will eventually be compromised by malicious computer hackers over the internet and made to operate in an unsafe and potentially deadly manner.

It is one thing to hack a computer sitting on your desktop with your financial information on it. It is quite another thing to hack the operating system of a 3,000 lb. vehicle traveling 65 miles an hour on a crowded interstate highway.

We need federal legislation that will prevent automobile manufacturers from building integral wireless internet capable or phone capable devices into automobiles that can not be physically disconnected from the automobile and whereby their absence would not impede its normal and safe operation as a tradition automobile.
--------------------------------------

http://www.dailykos.com/story/2013/08/27/1234150/-Open-Letters-to-Tesla-...

May I suggest a bicycle and a tin-foil hat? :-o

Perhaps it would be best to study encryption for a few years and develop a solid understanding of Internet security before yelling and screaming about "NSA's Surveillance Programs" and "malicious computer hackers".

While I cannot speak for Tesla Motors directly, I would have to assume that the co-creator of PayPal (Mr Musk) quite possibly has a substantial grounding and an awareness of such computer-network-security-type things.

I am interested to learn more about how Tesla secures its communication between the cars and their headoffice so if there's anyone from Tesla who can provide insight I would love to here about it.

Network communications (including over Public Internet) is a fact of life in this day and age - and also one of the very things that is most appealing about this car and it's company. The very heart of this product is its ability to get better over time as the engineers figure out how to optimize all the components by refining the cars programming.

If this type of technology is too worrysome for you than I also would recommend the bike and tin-foil hat...

3 layers of heavy-duty aluminum foil may suffice.

To Ev-Fan56 and Brian H and others with the same sort of comments.

The U.S. Military has been involved in the internet almost since its very birth. It is fair to say that they (the defense department) have spend more money on internet security, encryption, and Secure IT infrastructure, than the gross domestic product of several small countries combined. Yet the Defense department's internet connected computers and devices get hacked fairly regularly; probably more than DOD would like to make public.

What makes you think that Mr Musk's relatively meager spending and expertise in network security will be sufficient protect us in our internet connected, computer operated vehicles , barreling down crowded interstates; from malicious internet based hacks?

We are not advocating that the vehicle should be non-connectable to the internet, we are advocating that it not contain the physical hardware that would allow it to connect to the internet on it's own, without the authorized user, physically connecting their I-phone or other internet connected device and routing that internet connection to the vehicle.

This is all relatively new technology for automobiles and in fact there is already precedent where an automobile manufacturer has; without the consent and knowledge of automobile owners/drivers, engaged in active surveillance of those vehicles which all contained hard wired network transceivers that the owner or driver of the vehicle could NOT physically disconnect from the operating system of the vehicle.

In fact a U.S. Senator had called for FTC hearing regarding this incident.

http://www.schumer.senate.gov/record.cfm?id=334193&

I read so many comments about Mr. Musk and his company Tesla that describe him / them almost in terms of a modern day technology messiah. It reminds me of the same hype that people drooled over when Google was the the hot tech company and their corporate slogan was “Don't be Evil”, which slowly morphed to incorporate a “Sliding Scale of Evil”.

So when will this new “Messiah” (Musk) be branded a “Demon”? After the congressional investigations that will show Tesla Motors violated people's privacy in “GM OnStar Style”? Or after X number of people are burned alive in Tesla vehicles in “Ford Pinto Style”

http://users.wfu.edu/palmitar/Law&Valuation/Papers/1999/Leggett-pinto.html

Risk is an inherit factor of life. Are you totally secure being where you are right now? Even in a log cabin, some undesired animal can pay you an unwanted visit...

You need to have protocol-level security hole to hack into Tesla car drive systems. It's not as easy as hacking into standard desktop with huge amount of open ports and two-way communication to anything and anyone that uses those ports.

Comparison to Pinto only intended for inflammatory purposes. Post flagged.

Troll squared.

A short primer on security for Tesla vehicles:

All communications with the cars (aside from someone browsing the internet in the car) are encrypted. The encryption keys belong to Tesla Motors.

Someone would either have to hack into Tesla Corporate to get these keys, or would have to somehow decrypt them (requiring supercomputers the size of buildings to do it in less than a year or two).

Even if they somehow compromised those keys, they would only have access to the API in the car, which only allows them to do stuff like honk the horn, flash the lights, lock/unlock the doors, adjust temp controls, and see where the car is located.

If by some stretch of the imagination they were able to get some sort of remote terminal connection to the car, they could still only control the on-board computer (the touch-screen interface). This would not be able to control the car in any way, since the powertrain, braking, and steering systems are independent of the computer. The only interface they have is to send status to the computer. The computer does not tell those systems what to do.

If somehow the keys did get compromised, it would be a simple matter of a firmware push to all cars, and they would all have brand new encryption keys by the next day, forcing would-be hackers to start from square-one again.

If all of the security measures are not enough to assuage your concerns, and you think Tesla or the NSA are for some reason tracking you, then you may be looking at the wrong car. Those features are meant to remain on, along with the diagnostics Tesla cars send to the service centers to alert them of needed maintenance. While you are avoiding this car, I would suggest you avoid GM cars with OnStar, Ford vehicles with Sync, Daimler/Chrysler cars with UConnect, Hyundai vehicles with Blue Link, Toyota SafetyConnect/Enform, HondaLink, etc, etc, etc...

Perhaps you should buy an Ariel Atom ?

Haeze,

We don't disagree with the car connecting to the internet. We only disagree with building the internet communications hardware into the car so that it can not be physically removed by the owner, without damaging or otherwise affecting the rest of the vehicle's system(s).

If the car's OS is going to generate all this info; have it go to memory cache and to an onscreen message that describes in plain language, what type of maintenance the car needs, then like the error reporting on Windows 7, ask if you wish to send that information to Tesla and to please connect your mobile device if you select "yes".

So far, you have not convinced us why this vehicle or any other manned vehicle needs integrated network communications hardware that cannot be removed by the user, and is modular / user supplied.

And Yes, we seek to avoid all cars that have integral network communications systems that can not be removed from the vehicle; it's just a bad idea, plain and simple.

Fair enough. Even Tesla Motors employees freely admit the car is not for everyone. You would be an example of one of the people the car is not made for.

I agree, that a setting to shut off communications would be welcome, for those who are concerned about privacy. Unfortunately, with this car, and car company, being so new, their biggest asset is their communication with the cars. The more info they have about their cars' performance, reliability, issues, concerns, etc. the more quickly they can fix the issue before it becomes a story on the news (which could destroy the company overnight). With the quick response, comes the fact that they need the always-on connectivity to be sure all cars are kept up-to-date with the most recent firmware, so when a problem is found, there aren't vehicles out there that haven't gotten the update. This affords them the ability to be pro-active and fix issues before they become issues. Giving the owner the ability to shut it off, opens up a level of risk that could damage their reputation for building a quality vehicle, and a great service record.

It is an acceptable concession that an owner makes when purchasing a Tesla, to ensure their car is as safe, and capable as possible, and to ensure that Tesla continues to do business. Anyone who is uncomfortable making that concession, should look elsewhere. That is simply the long and short of it.

Well I'm glad somebody finally cleared that up: All of Tesla's vehicles are; until some future date: prototypes or beta testers, only to be used at one's own risk.

I guess we should wait until they produce the final product before we consider buying one.

Take a look at this article about retro styling in household appliances now appealing to "20 somethings" (Millennials) . You would think that this generation would want more tech, more gadgets, and more futuristic styling; but GE in their wisdom (not sure if wisdom needs quotes here) has decided to offer a line of home appliances with retro styling and minimal tech.

http://retrorenovation.com/2013/06/26/retro-kitchen-appliances-ge/

Are we seeing a major cultural tide shift in this country? Are people finally getting sick of all the superfluous technology being built into things that don't really need it? We think so.

We think Tesla and the other auto manufacturers should take notice of this as well.

Retro is just a fashion trend, and fashions come and go. If it's in style this year then it will be out of style again next year. I wouldn't put too much into this.

Model S controls are not futuristic, just practical. That's not fashion or styling thing.

Not buying a car because of a fear of being hacked to me is like not buying a car because of a fear of getting in accident.

Haeze,

So are we to believe the following?:
After Tesla gathers enough usage information from the “built in network reporting system” installed in all of their "Beta Testers"; (Read: all the cars they are producing now and in the foreseeable future) to determine whether or not these vehicles are going to be a clear and present danger to the motoring public; after determining this: Tesla will someday begin to produce the first “General Availability” models.

http://en.wikipedia.org/wiki/Software_release_life_cycle

Will these future “General Availability” Models still require a built in internet connection that can not be disconnected; since safety monitoring is no longer required; as the product would be out of “Beta”?

Or is this whole rational for internet connectivity as being “strictly for safety monitoring purposes” just more BS to appease and throw off those people who have legitimate privacy and safety concerns (like us).

Even if it is the case, that the non-removable built in internet connection is really for “safety monitoring”; do you think after one of the media companies (that already pay good money for our cell phone and internet usage data) offer Mr. Musk and his company shareholders; additional revenue for the sale of that data; do you think they will resist that extra money in their pocket on moral or ethical grounds? We think not!

Additionally; if it's true that all of Tesla's vehicles sold to date are real world Beta Testers; that for some measure of safety, require their constant monitoring via a non removable wireless internet connection; don't you see ethical issues about it? We think its an outrage! Using the general public as flesh and blood “crash dummies” on open highways and residential streets! There should be congressional hearings on this issue too!

@ahhbiz, out of curiosity, do you work for Fox News ? You seem to use a lot of their tactics with your questions. Intentionally baiting the response you want to get, and fear mongering is not a proper way to voice concerns.

I am not a part of Tesla, so I can't speak for them, but the vehicle owners are far from "Beta Testers". The car has gone through extensive testing, and is in its second model year. I think what you missed from my previous comment is that the information the cars send back to Tesla is invaluable for maintaining their pro-active stance on maintenance, visibility on performance, and long-term expectations of this vehicle.

If you are specifically targetting Tesla for some reason, your logic is flawed, since most auto manufacturers would have the ability to "track" you in the exact way you seem to think Tesla will do. Just because they don't have an "always on" connection, doesn't mean they don't cache the data and send it back when the OnStar (or equivalent) system connects.

Also, I can not imagine Tesla's Gen3 and future cars will have an always-on connection, except as an optional add-on, since that requires them to have contracts with cellular providers (Like AT&T in the US), which increases the cost of the cars. The Wi-Fi functionality that is being introduced to the Model S in Firmware v5 will most likely be the interface for future generation cars, so it will only be active while you are in your garage, and only if you connect it to your home WiFi network.

I think your fears that Tesla will freely give the government the ability to track you, is a bit paranoid, and unfounded. Elon Musk has a track record of doing things magnanimously for the good of mankind. He would fight something like that tooth and nail, as he has done with the Auto Dealers Associations who are trying to force him to use Dealerships. If it isn't in the best interests of people, he doesn't do it.

In your last paragraph you asked if I think there is some sort of "ethical issue" with the always-on connection, and I can say with full confidence, "No, there is no ethical issue with it at all." Why ? Because no one is forcing you to buy the car, and everyone who buys the car is informed of it. The only way it would be an ethical issue is if it was being done without the owner's knowledge, or if you were forced to drive the car. If you still believe it is an ethical issue, you need to go back and see what "ethics" are.

Haeze,

No, we don't work for Fox (Faux) News.

We are not specifically targeting Tesla. Our concerns are strictly in regards to an always on internet connection of any type; even more so if that internet connection can make changes to the firmware or operating system of the vehicle. The privacy concerns are important to us; but secondary in priority to safety.

It's not that difficult from an engineering standpoint to over engineer the roof support columns and other components of the frame of the vehicle to give the vehicle “The highest ever crash rating” and I'm sure that not having a bulky ICE in the front of the car helps too. I'm not an engineer; but I did pay attention in school.

The way that the crash test ratings are being touted; makes me wonder if it's a ploy to distract peoples' attentions away from other more serious safety concerns of a nature that is not traditional to the automobile industry. The non removable internet connectivity is one; and you mentioned the other: these cars need to be monitored in real time to ensure that they are operating properly.

Our biggest fear is that all the auto manufacturers will begin to put this non-removable internet connectivity into their vehicles, not because they really need it; but they see it as a relatively cheap way to put additional selling points into their products to compete with Tesla and other early adopters.

We really don't see what the big problem about making a modular internet connection setup that can be physically removed from the vehicle. Again this is all we desire.

We have no ill will in this matter; but we don't want this stuff rammed down our throats now or in the future.

Tesla does not dictate what the rest of the auto industry does (even if most of the auto industry is following Tesla's lead at this point).

As I have said a few times, and as Tesla would say, if you don't want your car to have the always-on connection... don't buy it.

If other car companies follow Tesla's lead and put it in their cars... don't buy them either.

If enough people care about this "issue" they will speak with their wallets, and buy the cars that do not have the feature... and the manufacturers will adjust to cater to the desire of their customers.

The fact that you are asking Tesla to re-think their entire design and business strategy to combat an imagined situation that could possibly one day be exploited by someone who is not legally allowed to exploit it, is frankly absurd.

Your concerns are misguided. You should be writing your "open letters" to congress to combat the fact that illegal wiretapping, illegal search and seizure of cellular records, and illegal monitoring is being done on the American Public. THAT is the issue you have, not that the Tesla has an always-on internet connection.

Perhaps we should petition video camera manufacturers to give us the ability to remotely shut off traffic cameras or security cameras as we come into range so we aren't being filmed against our will. How does that idea sound ?

My point is, don't make the manufacturer responsible for limiting the government's control over your life. Hold the government responsible for their actions. It is their job to serve the people, if you haven't forgotten (like they seem to have done).

Haeze,

Thank You for your knowledgeable comments.

We will seek out a vehicle without internet connectivity for our next vehicle purchase. Apparently Tesla is not for us.

Aside from the very real safety concerns that warrant Tesla to install an "always on" internet connection for the stated purpose of monitoring the proper functionality of the vehicle; there is also the blaring privacy issue.

Getting the government to stop monitoring our internet and phone conversations is a lost cause, because they ultimately control the access to all information, and will always default to the "National Security" answer to stop all further questioning and discussion on the matter.

The best way for the people to prevent such monitoring is to limit their exposure. Tesla and others; by adding an unnecessary, "always on" internet connection to such a utilitarian machine that people must use on a daily basis; is not limiting one's exposure; its obviously increasing it.

It looks like the market for restored classic vehicles is going to get a boost from this turn of events. Or maybe it will expand the DIY modification and aftermarket parts market that will allow people to rip out all the tech they don't want in their vehicle, and replace it with simpler tech.

@Haeze, please stop feeding the troll...

@Tiebreaker, are you somehow implying through your comment (and your authoritative sounding account name: Tiebreaker) that I (we) are trolls, and that my arguments are to be discredited because you believe that I am a Troll?

So I guess, anyone who disagrees with your world view; regardless of whatever valid argument or points they make are trolls. So much for your "open marketplace of ideas" internet blog culture thing; it sounds a little fascist to me.

Yeah... Honda has a pretty good lineup of alternative energy vehicles and they do not mention anything about built in internet connectivity on their website.

I think we will visit our local Honda Dealership and get more info in person.

http://automobiles.honda.com/alternative-fuel-vehicles/

@ahhbiz, good, do that and leave these forums with all your personas.

We ended up buying a 2013 Honda CR-V from our local Honda dealer in Katy TX a few days ago. The vehicle was equipped with Bluetooth, which we believe is a privacy concern as it involves not only a wireless transceiver, but a sensitive microphone that could pick up a whisper in the passenger compartment of the whole vehicle.

We expressed our concern about this built in Bluetooth capability to the Honda dealer
they told us it wasn't a problem, and that they had removed it for other customers in the past.

The Honda Dealer removed all Bluetooth components from our newly purchased Honda for free, and they let us be there to witness the removal of all the components.

We have pictures and documents of this. See them here:

http://www.ahh.biz/digital-privacy-info/internet-devices-in-motor-vehicl...

Troll or not some good points were raised. I own a regional ISP and yes I am paranoid about the DHS and the FBI and NSA. I have dealt with the first two directly about customers I have. The third agency the NSA is a huge civil rights problem that only recently has been exposed.
Since the NSA has the ability to obtain data on everyone who uses a phone or the internet, I assume that they do. It is also reasonable to assume they concentrate on individuals who are opposed to their power and policies.
It is also reasonable to assume that the NSA and other agencies use the data accumulated to co-opt and (blackmail) control individuals deemed a threat to their power whatever their position in society including those who would be oversight committees on capitol hill. This has nothing to do with crime or terrorism and everything about control.
if you do not see this honestly your not looking and or do not understand the true nature of power. I have worked in the halls of power. These people are truly bastards. Personally I see them little better than savages. I too would love a button to cut me off from the data flow at my option.

"Perhaps we should petition video camera manufacturers to give us the ability to remotely shut off traffic cameras or security cameras as we come into range so we aren't being filmed against our will. How does that idea sound ?"

Sounds like a hell of a good idea to me!!!

Not to add to the hype, but now we see that the NSA can defeat the encryption:

http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption....

Still won't stop me from buying a Model S. :-)

Not really defeat encryption. Hacking, yes, but that really rarely involves need to defeat encryption. You'd be surprised how few big companies really understand privacy (or care, if they do). That's why we don't allow cloud services here in university. Your research data is not safe there.


X Deutschland Site Besuchen