Unisciti allacomunità

Virus protection

Now that the first "third-party apps" have started to appear such as the larger clock, how do we protect our cars from viruses? How do we insure that downloading these apps won't cause problems? I think Tesla should come up with a certification process whereby outside application developers can submit their apps for certification by Tesla. Once Tesla has tested the app and given it its seal of approval, then we Tesla owners could be assured that downloading it would be safe. Also, what about surfing the web. What if any virus and malware protection is installed in our cars?

All true, but the clock is not an app. It is a web page, and does not otherwise interface with the car.

Don't browse porn on your Model S 17" screen!

The Model S doesn't use Windows, so there's not really a problem with malware.

The web part of the car is more similar to the system in a Google tablet / iPad system, than an actual computer with a windows operating system. I don't think it's system that can be attacked by your typical pop-up spam, malware, etc. It also doesn't have flash, so no videos.

Hasn't history shown us anything connected to the outside world is vulnerable? You can bet there is some evil genius in Shanghai working on a hack right now.

@stevenmaifert. That's what I'm concerned about. I understand the system used by Tesla may be more similar to the iPad system; however, iPads can get viruses. Once you connect a device to the Internet, my understanding is you can get viruses. Am I the only one that thinks that any third party apps should be vetted by Tesla before we install them on the car's operating system?

Trojans are more than likely eventually. Remote-installed without user intervention malwares not so likely (any semi-good firewall is enough to prevent those).

People here constantly say that windows is vulnerable. That's not true, not anymore. It's just that there are a lot more windows computers out there than there are anything else. Get any OS with reasonable standardization common enough and you start to get malwares in them. Linux has them, but mostly only for Apache web server, and that is precisely because that is quite common system and worth attacking.

@Peter, I'm with you about the vetting. Only software certified by Tesla should go into car. That's about the only way to be reasonably sure that things don't go wrong at some point.

I agree about Tesla certifying software as well. I think it would be great if there was a means to ensure that nothing is dowloaded or installed without going through a Tesla gateway for verification or getting a Tesla key.

Another option is to keep software on a separate device just use Tesla's screen as a montior and the sound system for audio. (If that is not already a capability)

Not only is there some factions out there that really don't like the thought of Tesla suceeding, some of them are organized.
There is privacy matters to consider. (i.e. GPS info and driving habits.)

It's gets spooky once one becomes aware of some of the devices and components that quietly harbor malware and spyware or have that capability.

(Donning tin foil hat.)

Things get even scarier out there. Watched a TV special recently discussing security of everyday devices now that so many have incorporated some sort of computer controls. They demonstrated how they could hack into a car through it's wireless phone connection, unlock the doors and start the engine all remotely so an on-scene accomplice could get right in and drive it away. In another demonstration they remotely hacked a car and caused it to slam on the brakes while it was being driven. Gonna need a Faraday cage built into our cars someday to keep them safe.

Reminds me of the computer skeleton key I saw on one of the security seminars. If you have firewire connector in your computer that device could give you free access to it. Apparently firewire devices grant you full access to computer memory so entering any password at password screen that device told the computer that that password was a correct one.

This in turn makes it pretty impossible to secure your data as long as person has access to physical device.

I and my friend once counted how many devices we could physically break from the computer using software (90s, current count might be quite different). It was quite frightening mental exercise, nearly all components were vulnerable. To give example you can tell HD that it has SCSI connector. After that it no longer recognizes any other bus including the one you used to give the command, so you would need to physically remove the circuit and replace it with clean one to fix it.

I wonder if it is possible to make such skeleton key to Model S cars as it was for computers using the known vulnerabilities in RFID protocols. I don't know how smart the keyfob really is.


In another demonstration they remotely hacked a car and caused it to slam on the brakes while it was being driven.

Show me a car where the brakes can be actuated via software, either locally or remotely. Until then I label that demonstration a fake.


This in turn makes it pretty impossible to secure your data as long as person has access to physical device.

How is that different than any other hardware? If someone has physical access to it, you're pretty well screwed at that point no matter what other safeguards you tried to put in place. They could steal it, vandalize it, put a bomb in it or whatever. Hacking is the last thing you should be worried about if bad guys have physical access to your Model S.

IMO, most of the people who get viruses/malware do so through their own stupidity. That is most especially true if you are running Linux or MacOS (which runs on the Linux kernel anyway).

Don't expect the Model S to be idiot-proof. If it is, it will be another "first of its kind" accomplishment for Elon. But I think that is an impossible task even for him.

Even a brand new USB drive can have malaware or viruses. Components in a device can have things hidden in it.
Scan everything.

So will we be able to install anti-virus software or does the car come with one already installed? Another question I have, which I will also post as a separate thread, is whether there is a rollback option for the software. Inevitably, an updated version comes along that makes things worse rather than better. Does anyone know if there is a procedure for rolling back to the prior version?

tesla.mrspaghet +1

This is weird. We can't install ANY programs on the car yet: no apps, no antivirus programs, and no malware that anyone has reported. I requested an API in the software enhancement thread, and I suppose if we had an API, we might need to worry (although I don't know who would bother to write code that could infect at most a couple of thousand devices). Maybe if we were using the car to enrich uranium . . .

Do we even know whether java or java script will run on this browser? How about Flash, ActiveX, etc.?

The only plausible software intrusions with the current system would be a rogue Tesla employee who could access the car remotely.

We know that there is no flash, I expect that there will not be java either. Javascript yes, but that is just a script language and can't actually do much. ActiveX no, it is not IE. Silverlight possibly but I doubt that. HTML5 -capable browser should not really need any of those extra gizmos, unfortunately there are a lot of more or less badly made websites out there that utilize one or two of the techs, mostly because whoever has designed them thinks that it is cool (and doesn't know any other way).

@tesla.mrspaghetti, what is important in computers is the data they contain, not the hardware. Hardware is disposable, someones research data, family pictures etc. are not. It was scary to see someone getting into crypted HD just like if there were no security systems at all. It's like if you have two locks in your door and alarm systems and then someone walks in and opens the door and disarms the alarm with one single key.

@tesla.mrspaghet. "Show me a car where the brakes can be actuated via software, either locally or remotely. Until then I label that demonstration a fake."

I saw a commercial for the car stopping itself when a small child on a trike crossed behind a car backing up. That must be software controlled.

That said. I do not believe viruses to be a real threat here. The software responsible for the core functions of the car is completely isolated from the software on the main screen or dash. The car will run just fine without the main screen.
Also, I don't see a complete parallel between software controlling the display in a car and my home or work computer. I don't have precious data stored primarily in my cars computer. I think the car's data as semi-volatile. I can easily reload what I need. A virus infection represents a much smaller risk in the car than at home.

Viruses rarely are threat if you somehow manage to eliminate user from the equation. The biggest threat to security is between chair and the keyboard.

mrspaghe -- if you are running Linux or MacOS (which runs on the Linux kernel anyway)

Sorry, that's not correct. OS X is a certified Unix and runs BSD Unix. It doesn't use the Linux kernel. You're point about mostly user stupidity is correct.

From what I'm reading here, it appears the browser in Model S lacks the functionality to do anything more than just display static Web pages. Yes?

I'm guessing javascript is allowed and probably also HTML5 so not just static. Just most old "fancy" badly written websites probably wont work.


No videos will be allowed because some places prohibit videos from being seen from the driver's seat.

I hope they change that so that a video can be watched while a parking brake is set. It would be nice to watch something while charging on a road trip.

@tesla.mrspaghet. "Show me a car where the brakes can be actuated via software, either locally or remotely. Until then I label that demonstration a fake."

May have been done via some sort of collision avoidance sensor (as MB3 stated above), or aren't anti-locking brakes and/or traction control computer controlled application of the brakes? Wish I could remember the show better, but it's been a few weeks and unfortunately my brain got full a couple years back, so now everything new that goes in knocks out something previous.

Maybe we can persuade a current Model S owner to try clicking random links on various websites just to see what will happen. How bad could it be? ;)

ABS, sensors etc. and what car does based on that kind of information are a grey area in transition between software and hardware. There is actually "software" inside processors in a meaning that they do something logical from the signals based on some coding, but that software is done using hardware. There is whole chain between that extremely low level coding and something like touchscreen interface.

I would put that question a bit differently: "Show me a car where the brakes can be actuated via user controlled software, either locally or remotely."

And even then it depends of how low level hacking you are willing to go (when it is done "locally").

So from what I have read, mostly on this Tesla Forum, the OS is Linux based and there will be a Java SDK for developers to create apps which will be available through Tesla's App area or "store". Much like Google does.
I don't know exactly what distribution of Lunix it is, but really no matter what distribution it is, it is likely to have vulnerabilities as does Java. So there is always a chance to get infected. I think the worst an infection could do though is open your roof (which is bad if it raining out), but can't control the car functions.

BTW I work for an Anti-Virus company. Once I take delivery, I will have one of our top virus analysts take a look at it and see what we can develop for it.


I'm not aware of any Java SDK. If you saw that, please post a link. In the "Software Enhancements" thread, I suggested an API and an App Store, but so far, that is just a wish-list item.


Telsa originally announced that there would be an SDK to create third party Apps but that it wouldn't be available for at least a year after shipments began. (I would suggest that be read as "At least a year after 'P' shipments begin").

What isn't know is how complete that SDK will be. It could be just a bunch of APIs.

X Deutschland Site Besuchen