SlideShare a Scribd company logo

Tesla hacking presentation 'jaarbeurs World of Technology and Science' October 2018 utrecht

J
Jasper Nuyens

Tesla vehicles can be accessed through their internal Ethernet network which connects various computer modules. The presenter was able to access the instrument cluster and center display of his Model X and make minor modifications like changing images to add logos. No permanent changes were made. Other hackers have accessed Teslas too through leaked credentials in the past. The speaker hopes Tesla will provide official access for security researchers in a safe, controlled manner.

Automotive
1 of 50
Download to read offline
Tesla Hacking why not
https://www.slideshare.net/JasperNuyens/tesla-hacking-presentation-wots Jasper Nuyens jasper@linux.com +32478978967 Managing Director Linux Belgium http://www.linuxbe.com Very interested in EVs since Tesla. Made money with Free and OpenSource Software Training and Consultancy
Content 1. Disclaimer and the obvious questions 2. The car 3. The mission 4. Components and network layout 5. How to access 6. Hacks performed by other people 7. Hacks performed by me 8. How ‘hacker friendly’ are Tesla Service and Elon Musk? 9. Other questions 10. Q&A
1. Disclaimer and the obvious questions Disclaimer - I am a Tesla customer, not a Tesla supplier or employee. I can be considered a ‘security researcher’, ‘thinkerer’ or ‘hacker’, not a ‘cracker’. - Tesla hacking seems dangerous: it is a +2t car with electric propulsion, electronically steered and with a high voltage battery. Yet all drive controls keep on working even when 3 Linux systems are restarted during driving. - Tesla can be considered ‘Hacker Friendly’. When registering as a ‘security researcher’, Tesla guarantees car warrantee, helps when you would ‘brick your car’, absolves you from litigation and has a ‘bounty program’.
SMALL Request Slight conflict of interests between Tesla and Hackers for now: - if a new exploit is discovered by creative car owners, and Tesla finds out how, they close the entry point. GREAT! BUT NOT GREAT if it’s the only way to gain access on your car or help a friend out. We hope in the future Tesla will allow ‘security researchers’ a simple or controlled way to gain root. To prevent abuse and enable more FUN!
2. The car Model X, Enhanced Autopilot 2.0 75kWh battery, premium interior, towing package…
2. The car “Once you drive electric, there’s no going back” Range: in practice between 230 and 350km decreases range: high speed, cold weather never having to go to the petrol station start ‘full’ every morning, slow traffic doesn’t increase consumption Supercharging network for long distance: charges at 500km per hour (120kW); no waiting required (lunch, toilet,…) Ok to drive 1000km per day without waiting to charge. Autopilot: driver assist system. I discovered a huge leap forward with version 9.0: 2018.39.0.1 and 2018.39.2.1
3. The mission Tesla’s mission is: “Accelerate the world's  transition to sustainable energy.” In our case, we drove 52.000 km in 1,5 year with our Model X. We generated the electricity from our solar roof. This avoided air pollution of: 11980kg CO2 plus all the other nasty stuff we put in the atmosphere. Ecological footprint of production? About the same as with ‘old’ cars. And Tesla doesn’t use ‘dirty’ cobalt from Congo for it’s batteries. Only ‘vegan’ leather.
4. Components and network layout - Instrument Cluster (ic) behind steering wheel 192.168.90.101 - Big screen (cid) in the middle 192.168.90.100 - Gateway (gw) 192.168.90.102 - Autopilot (ape) 192.168.90.103 - lb (ape gw) 192.168.90.104
4. Components and network layout Instrument Cluster (ic) behind steering wheel 192.168.90.101 Custom version of NVidia Tegra 2 SoC cat /proc/cpuinfo Processor : ARMv7 Processor rev 0 (v7l) processor : 0 BogoMIPS : 897.84 processor : 1 BogoMIPS : 897.84 Features : swp half thumb fastmult vfp edsp vfpv3 vfpv3d16 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x1 CPU part : 0xc09 CPU revision : 0 Hardware : Tegra P852 SKU8 C01 Revision : 0000 Serial : 1f78400042408317 Boots squashfs compressed read-only filesystem, /var is writeable Steering wheel buttons are attached to the ic and the input is sent over Ethernet using the (undocumented) ‘Vehicle API’ Settings are stored in sqlite3 db
4. Components and network layout Massive multimedia 19”screen (cid) in the middle of the car 192.168.90.100 NVIDIA quad core (new cars have it replaced with Intel CPU based board, like in the Model 3) Includes a Qt based Web browser, runs Spotify and allows to control all car settings, doors, keys, sound, and so on…
4. Components and network layout root@ic:~# nmap -v -p 1-65535 -sV -O -sS -T5 192.168.90.100 Not shown: 65090 closed ports, 419 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.5p1 Debian 4ubuntu4 (Ubuntu Linux; protocol 2.0) 53/tcp open domain dnsmasq 2.78 111/tcp open rpcbind 2 (RPC #100000) 2049/tcp open nfs 2-4 (RPC #100003) 4030/tcp open unknown 4032/tcp open unknown 4037/tcp open unknown 4050/tcp open unknown 4060/tcp open unknown 4070/tcp open unknown 4090/tcp open omasgport? 4092/tcp open unknown 4094/tcp open unknown 4096/tcp open bre? 4102/tcp open unknown 4110/tcp open unknown 4160/tcp open unknown 4170/tcp open unknown 4220/tcp open vrml-multi-use? 4280/tcp open unknown 4500/tcp open sae-urn? 20564/tcp open unknown 25956/tcp open unknown 43164/tcp open nlockmgr 1-4 (RPC #100021) 43427/tcp open status 1 (RPC #100024) 43546/tcp open mountd 1-3 (RPC #100005)
4. Components and network layout Gateway 192.168.90.102 Runs FreeRTOS on Freescale MPC5668G
 592 KB embedded RAM Is attached to the 6 CAN-busses: - Trunk, doors,… - Vehicle speed, engine speed,… - Chassis - BFT - ODBII
4. Components and network layout Gateway 192.168.90.102 firmware name: gtw.hex located on the sd card of the CID In the past, it contained in clear text the (unique) pw to get acces. Was a ‘point of entry’, closed by Tesla.
5. How to access Which data paths exist? Internet: - nightmare of Elon Musk - access from the Tesla Android or IOS App - mothership.tesla.com Internal Ethernet network: - physical connection below CID for Service Centers - physical connection between IC and CID CAN busses: - typical ‘old school car modding’, will probably disappear
5. How to access
5. How to access
5. How to access
5. How to access
5. How to access Careful with the special connector which provides power and more (click mechanism)!
5. How to access Experiment with how the wiring to the Ethernet is done.
5. How to access Fakra? 4 Ethernet wires: green, orange green/white orange/white Test: steering wheel audio volume passes through Ethernet
5. How to access
5. How to access Better (version 2):
5. How to access 1st way: Ethernet (Fakra) from CID to switch Ethernet (Fakra) from IC to switch Extra ethernet cable below CID for attaching laptop Ethernet cable for Raspberry Pi for wired and/or wireless network Raspberry Pi allows to modify stuff ‘permanently’ without changing something to the rootfs Easy access at a side panel to ‘reverse’ all changes (before going back to Tesla Service)
5. How to access 2nd step: Reverse ssh tunnel directly from CID -> allows hacking in bed and on holiday :-D -> allows a chrooted ubuntu on a USB stick
6. Hacks performed by other people Tesla itself created ‘Easter Eggs’ like Model X Chrismas Tree, Mars driving map, drawing app,… 3 minute movie https://www.youtube.com/watch?v=1fmm6Hg7k1U
6. Hacks performed by other people All IC’s can be accessed using the same (leaked) ssh key for the root account (once you are on the Ethernet network between IC and CID). Might not remain so after an update? Ethernet port below CID is only enabled after mothership opens it for Tesla Service through their own cryptographically signed applications/internal network. Access from IC to CID is restricted (was a dead end).
6. Hacks performed by other people Replacing an image on Instrument Cluster
7. Hacks performed by me Replacing lots of images ‘subtle’ to add the Linux Belgium logo.
7. Peeking into version 9.0 Configurable through web based API: Launch an update: socat -,icanon=0,echo=0 tcp:192.168.90.100:25956; (on the cid) or from a laptop: telnet 192.168.90.100 25956 install http://www.yourserver.com:80/some-imagefile.img Thanks to @nemSoma for the image As soon as it starts downloading, reconnect all systems. Turn on the experimental ‘Navigation on Autopilot’ in Europe (for 1 ride): curl -s “http://192.168.90.100:4035/set_data_value?name=FEATURE_dasDriveOnNavEnabled&value=true" curl -s "http://192.168.90.100:4035/set_data_value?name=FEATURE_dasNoConfirmULCEnabled&value=true" Persistence needs root. Amazing _next level_ capabilities unlocked! BUT: obviously we need to be super careful with ‘development’ features. IT MIGHT VIOLATE REGULATIONS IN CERTAIN REGIONS http://www.youtube.com/salamimovies
7. Hacks performed by me Replacing lots of images ‘subtle’ to add the Linux logo - and a ‘peace’ sign.
7. Hacks performed by me Images stored in /usr/tesla/UI/assets/night/car/modelx/ No permanent changes are made: small script to bind mount the individual files from /var/added and relaunch the Qt based IC process (beware of wife). Re-verifies every minute out of crontab. root@ic:~# crontab -l * * * * /teslascript.sh > /dev/null 2>&1
7. Hacks performed by me cat /teslascript.sh #!/bin/bash nohup ssh -i /root/id_dsa root@192.168.90.101 bash /var/added/addedtotesla.sh & ON IC: bash /var/added/mount-modfiles.sh cat mount-modfiles.sh #!/bin/bash #if an argument is provided multiple directories are allowed #first umount for bindmount in $(mount | grep bind | awk '{ print $1 }') do umount $bindmount done cd /var/added/modfiles$1 for modfile in $(find . -type f) do mount --bind $modfile /$modfile done
7. Hacks performed by me Gives: mount /dev/mmcblk3p3 on /var type ext3 (rw,noexec,nosuid,nodev,data=ordered,barrier=1,commit=20) /dev/mmcblk3p4 on /home type ext3 (rw,noexec,nosuid,nodev,data=ordered,barrier=1,commit=20) none on /var/run type tmpfs (rw) none on /var/lock type tmpfs (rw) cid:/opt/navigon on /opt/navigon type nfs (ro,noexec,nosuid,nodev,nolock,soft,fg,intr,retry=1,retrans=10,addr=192.168.90.100) /var/added/modfiles/home/tesla/.Tesla/data/QtCarClusterSettings.db on /home/tesla/.Tesla/data/QtCarClusterSettings.db type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/doors/trunk_closed_paint.png on /usr/tesla/UI/assets/night/car/ modelx/doors/trunk_closed_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/doors/trunk_open.png on /usr/tesla/UI/assets/night/car/modelx/doors/ trunk_open.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/drive/body_paint.png on /usr/tesla/UI/assets/night/car/modelx/drive/ body_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/hero/frunk_open_paint.png on /usr/tesla/UI/assets/night/car/modelx/ hero/frunk_open_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/hero/frunk_closed_paint.png on /usr/tesla/UI/assets/night/car/modelx/ hero/frunk_closed_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/top/frunk_open.png on /usr/tesla/UI/assets/night/car/modelx/top/ frunk_open.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/top/frunk_closed_paint.png on /usr/tesla/UI/assets/night/car/modelx/ top/frunk_closed_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/park/car_paint.png on /usr/tesla/UI/assets/night/car/modelx/park/ car_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/ghost/body-5.png on /usr/tesla/UI/assets/night/car/modelx/ghost/ body-5.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/about/badge_model_x.png on /usr/tesla/UI/assets/night/about/badge_model_x.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/cluster/background_noise.jpg on /usr/tesla/UI/assets/night/cluster/ background_noise.jpg type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/cluster/hi_res/badges/badge_model_x.png on /usr/tesla/UI/assets/night/cluster/ hi_res/badges/badge_model_x.png type none (rw,bind)
7. Hacks performed by me And then the script does: killall -HUP QtCarCluster The monitoring on the IC will restart the process fairly rapidly (beware of wife if you do this while driving)
7. Hacks performed by me Images stored in /usr/tesla/UI/assets/night/car/modelx/ No permanent changes are made: small script to bind mount the individual files and relaunch the Qt based IC process (beware of wife). 7. Hacks performed by me
7. Hacks performed by me Next step… - Color animation script! cat moonshine.sh #!/bin/bash export DISPLAY=:0.0 while true do for color in rgamma ggamma bgamma do for gamma in 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 do xgamma -${color} $gamma 2> /dev/null sleep 0.1 done done done https://www.youtube.com/watch?v=XfkuS-ypUTU
7. Hacks performed by me Discovered: Sound is sent over the Ethernet network :) cat gameofthrones.wav | nc 192.168.90.100 4102 Possibility for denial of service attack? (yet not practical) Special sound format needed: file park_assist_red_repeat.wav park_assist_red_repeat.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz Something like this: sox -S --norm gameofthrones-orig.wav -c 1 -r 48000 gameofthrones-good-format.wav reverse silence 1 0 0.05 reverse pad 0 0.100
7. Hacks performed by me - Every day a new ‘token’ received in: /var/etc/saccess/tesla1 - SQLite3 database containing settings /home/tesla/.Tesla/data/QtCarClusterSettings.db sqlite3 QtCarClusterSettings.db sqlite> select key, quote(value) from data; select key, quote(value) from data where key='DataValues/GUI_developerMode'; DataValues/GUI_developerMode|X’000000010000' UPDATE data SET value=X'000000010001' WHERE key='DataValues/GUI_developerMode';
7. Hacks performed by me Root on CID Obtained though a - now patched - way during an upgrade mechanism to perform commands on the CID; extracting the daily changing security token. Thanks to someone on TMC forum for helping me! CID has an Internet connection (through usb-connected ‘parrot’). -> reverse ssh tunnel for easy remote access -> extra backdoors to prevent becoming locked out as a result of an update Only /var is writeable
7. Hacks performed by me Root on CID CID has 2 USB connections in the central display -> allows to run ARM/Ubuntu in a mounted chrooted environment Big display is not rotated at kernel level; QT application is written rotated. Fixed with running X applications in a rotated Xephyr (nested X server).
7. Hacks performed by me Root on CID Sound possible with gstreamer. Possible to display messages on the CID
7. Hacks performed by me Root on CID - romance mode For the 4th anniversary of being married to my sweet wife, i put this into crontab: */15 * * * * bash /var/added/romance_mode.sh >/dev/null 2>&1 Executing: bash /var/added/speak "Kissy, kissie" /disk/usb.*/freedomev/talk "I love you, Baby!"
7. Hacks performed by me Root on CID Romance Mode https://www.youtube.com/watch?v=w-gLSPzLo6Q
7. Hacks performed by me Goals Integrate touchscreen driver and build application launcher with free software repository www.FreedomEV.com www.FreedomEV.com/wiki www.github.com/jnuyens/freedomev “Download/extract the tarball to a usb stick, add one crontab entry in the CID as root and enjoy the power of the OpenSource community”
7. Hacks performed by me Goals Integrate anbox to run Android apps like Waze on the CID Allow anybody to contribute fun stuff back easy to package and distribute. Fun, Fun, Fun!
8. How ‘hacker friendly’ are Tesla Service and Elon Musk? I am not interested in doing illegal things like: - changing the VIN number (it might help stolen car sales) - faking the mileage - abusing the (free) data usage I prefer also not to: - mess with the autopilot (I prefer to live ;) - mess with the drive motor steering
9. Other questions
9. Other questions Or use other charging networks…

Recommended

Tesla hacking presentation
Tesla hacking presentationTesla hacking presentation
Tesla hacking presentationJasper Nuyens
 
Tesla hacking presentation fri3d
Tesla hacking presentation fri3dTesla hacking presentation fri3d
Tesla hacking presentation fri3dJasper Nuyens
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
IEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside view
IEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside viewIEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside view
IEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside viewPedro Henrique Gomes
 
[O'Reilly] HTML5 Design
[O'Reilly] HTML5 Design[O'Reilly] HTML5 Design
[O'Reilly] HTML5 DesignChristopher Schmitt
 
Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Emi Morishita
 
Insights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryInsights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryRealTime-at-Work (RTaW)
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 

Recommended

Tesla hacking presentation
Tesla hacking presentationTesla hacking presentation
Tesla hacking presentationJasper Nuyens
 
Tesla hacking presentation fri3d
Tesla hacking presentation fri3dTesla hacking presentation fri3d
Tesla hacking presentation fri3dJasper Nuyens
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
IEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside view
IEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside viewIEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside view
IEEE IM 2021 Tutorial - Next-generation closed-loop automation - an inside viewPedro Henrique Gomes
 
[O'Reilly] HTML5 Design
[O'Reilly] HTML5 Design[O'Reilly] HTML5 Design
[O'Reilly] HTML5 DesignChristopher Schmitt
 
Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Emi Morishita
 
Insights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryInsights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryRealTime-at-Work (RTaW)
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Introduction to MQTT
Introduction to MQTTIntroduction to MQTT
Introduction to MQTTEMQ
 
D. Andreadis, Red Hat: Concepts and technical overview of Quarkus
D. Andreadis, Red Hat: Concepts and technical overview of QuarkusD. Andreadis, Red Hat: Concepts and technical overview of Quarkus
D. Andreadis, Red Hat: Concepts and technical overview of QuarkusUni Systems S.M.S.A.
 
Smartphone processors
Smartphone processorsSmartphone processors
Smartphone processorsMahzad Zahedi
 
Introduction to Kamailio (TADSummit 2020 Asia)
Introduction to Kamailio (TADSummit 2020 Asia)Introduction to Kamailio (TADSummit 2020 Asia)
Introduction to Kamailio (TADSummit 2020 Asia)Fred Posner
 
Tsn farkas-intro-0318-v01
Tsn farkas-intro-0318-v01Tsn farkas-intro-0318-v01
Tsn farkas-intro-0318-v01Jörgen Gade
 
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)sheriframadan18
 
Intel core i3, i5, i7 , core2 duo and atom processors
Intel core i3, i5, i7 , core2 duo and atom processorsIntel core i3, i5, i7 , core2 duo and atom processors
Intel core i3, i5, i7 , core2 duo and atom processorsFadyMorris
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokCCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokAhmed Gad
 
IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2John Staveley
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Mochamad Taufik Romdony
 
嵌入式IPMI遠端監控系統
嵌入式IPMI遠端監控系統 嵌入式IPMI遠端監控系統
嵌入式IPMI遠端監控系統 艾鍗科技
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentationSasi Reddy
 
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptxCCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptxBabarYunus1
 
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170Qt
 
MySQL DBaaS with OpenStack Trove
MySQL DBaaS with OpenStack TroveMySQL DBaaS with OpenStack Trove
MySQL DBaaS with OpenStack TroveMatt Lord
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksVuz Dở Hơi
 
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Amazon Web Services
 
Customizing the Document Library
Customizing the Document LibraryCustomizing the Document Library
Customizing the Document LibraryAlfresco Software
 
Cisco Icon Library
Cisco Icon LibraryCisco Icon Library
Cisco Icon Libraryfmarches
 
Network Design For Alliance Française de Dhaka
Network Design For Alliance Française de DhakaNetwork Design For Alliance Française de Dhaka
Network Design For Alliance Française de DhakaMD. Naimur Rahman
 
the NML project
the NML projectthe NML project
the NML projectLei Yang
 

More Related Content

What's hot

PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Introduction to MQTT
Introduction to MQTTIntroduction to MQTT
Introduction to MQTTEMQ
 
D. Andreadis, Red Hat: Concepts and technical overview of Quarkus
D. Andreadis, Red Hat: Concepts and technical overview of QuarkusD. Andreadis, Red Hat: Concepts and technical overview of Quarkus
D. Andreadis, Red Hat: Concepts and technical overview of QuarkusUni Systems S.M.S.A.
 
Smartphone processors
Smartphone processorsSmartphone processors
Smartphone processorsMahzad Zahedi
 
Introduction to Kamailio (TADSummit 2020 Asia)
Introduction to Kamailio (TADSummit 2020 Asia)Introduction to Kamailio (TADSummit 2020 Asia)
Introduction to Kamailio (TADSummit 2020 Asia)Fred Posner
 
Tsn farkas-intro-0318-v01
Tsn farkas-intro-0318-v01Tsn farkas-intro-0318-v01
Tsn farkas-intro-0318-v01Jörgen Gade
 
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)sheriframadan18
 
Intel core i3, i5, i7 , core2 duo and atom processors
Intel core i3, i5, i7 , core2 duo and atom processorsIntel core i3, i5, i7 , core2 duo and atom processors
Intel core i3, i5, i7 , core2 duo and atom processorsFadyMorris
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokCCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokAhmed Gad
 
IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2John Staveley
 
嵌入式IPMI遠端監控系統
嵌入式IPMI遠端監控系統 嵌入式IPMI遠端監控系統
嵌入式IPMI遠端監控系統 艾鍗科技
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentationSasi Reddy
 
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptxCCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptxBabarYunus1
 
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170Qt
 
MySQL DBaaS with OpenStack Trove
MySQL DBaaS with OpenStack TroveMySQL DBaaS with OpenStack Trove
MySQL DBaaS with OpenStack TroveMatt Lord
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksVuz Dở Hơi
 
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Amazon Web Services
 
Customizing the Document Library
Customizing the Document LibraryCustomizing the Document Library
Customizing the Document LibraryAlfresco Software
 
Cisco Icon Library
Cisco Icon LibraryCisco Icon Library
Cisco Icon Libraryfmarches
 

What's hot (20)

PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
 
Introduction to MQTT
Introduction to MQTTIntroduction to MQTT
Introduction to MQTT
 
D. Andreadis, Red Hat: Concepts and technical overview of Quarkus
D. Andreadis, Red Hat: Concepts and technical overview of QuarkusD. Andreadis, Red Hat: Concepts and technical overview of Quarkus
D. Andreadis, Red Hat: Concepts and technical overview of Quarkus
 
Smartphone processors
Smartphone processorsSmartphone processors
Smartphone processors
 
Introduction to Kamailio (TADSummit 2020 Asia)
Introduction to Kamailio (TADSummit 2020 Asia)Introduction to Kamailio (TADSummit 2020 Asia)
Introduction to Kamailio (TADSummit 2020 Asia)
 
Tsn farkas-intro-0318-v01
Tsn farkas-intro-0318-v01Tsn farkas-intro-0318-v01
Tsn farkas-intro-0318-v01
 
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
 
Intel core i3, i5, i7 , core2 duo and atom processors
Intel core i3, i5, i7 , core2 duo and atom processorsIntel core i3, i5, i7 , core2 duo and atom processors
Intel core i3, i5, i7 , core2 duo and atom processors
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokCCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the Netwok
 
IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
嵌入式IPMI遠端監控系統
嵌入式IPMI遠端監控系統 嵌入式IPMI遠端監控系統
嵌入式IPMI遠端監控系統
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentation
 
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptxCCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
CCNA 200-301 Chapter 3-Fundamentals of WANs and IP Routing.pptx
 
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
Driving Down Automotive Costs for Richer HMIs with Qt & i.MX RT1170
 
MySQL DBaaS with OpenStack Trove
MySQL DBaaS with OpenStack TroveMySQL DBaaS with OpenStack Trove
MySQL DBaaS with OpenStack Trove
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networks
 
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...
 
Customizing the Document Library
Customizing the Document LibraryCustomizing the Document Library
Customizing the Document Library
 
Cisco Icon Library
Cisco Icon LibraryCisco Icon Library
Cisco Icon Library
 

Similar to Tesla hacking presentation 'jaarbeurs World of Technology and Science' October 2018 utrecht

Network Design For Alliance Française de Dhaka
Network Design For Alliance Française de DhakaNetwork Design For Alliance Française de Dhaka
Network Design For Alliance Française de DhakaMD. Naimur Rahman
 
the NML project
the NML projectthe NML project
the NML projectLei Yang
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
Esp8266 wi fi_module_quick_start_guide_v_1.0.4
Esp8266 wi fi_module_quick_start_guide_v_1.0.4Esp8266 wi fi_module_quick_start_guide_v_1.0.4
Esp8266 wi fi_module_quick_start_guide_v_1.0.4Melvin Gutiérrez Rivero
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
SIMATIC manager سيماتك منجر سيمنز
SIMATIC manager سيماتك منجر سيمنزSIMATIC manager سيماتك منجر سيمنز
SIMATIC manager سيماتك منجر سيمنزEssosElectronic
 
Building your Car Hacking Labs & Car Hacking Community from Scratch
Building your Car Hacking Labs & Car Hacking Community from ScratchBuilding your Car Hacking Labs & Car Hacking Community from Scratch
Building your Car Hacking Labs & Car Hacking Community from ScratchJay Turla
 
Programable logic controller.pdf
Programable logic controller.pdfProgramable logic controller.pdf
Programable logic controller.pdfsravan66
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...
PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...
PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...Piccoli Green Technology Piccoli
 
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...📡 Sebastien Dudek
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Julien Vermillard
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkIndonesia Network Operators Group
 
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple StepsIDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple StepsAffan Basalamah
 
Final ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxFinal ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxAKHIL969626
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkNazmul Hossain Rakib
 

Similar to Tesla hacking presentation 'jaarbeurs World of Technology and Science' October 2018 utrecht (20)

Network Design For Alliance Française de Dhaka
Network Design For Alliance Française de DhakaNetwork Design For Alliance Française de Dhaka
Network Design For Alliance Française de Dhaka
 
the NML project
the NML projectthe NML project
the NML project
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
 
Esp8266 wi fi_module_quick_start_guide_v_1.0.4
Esp8266 wi fi_module_quick_start_guide_v_1.0.4Esp8266 wi fi_module_quick_start_guide_v_1.0.4
Esp8266 wi fi_module_quick_start_guide_v_1.0.4
 
Project report,nowrin
Project report,nowrinProject report,nowrin
Project report,nowrin
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
SIMATIC manager سيماتك منجر سيمنز
SIMATIC manager سيماتك منجر سيمنزSIMATIC manager سيماتك منجر سيمنز
SIMATIC manager سيماتك منجر سيمنز
 
Building your Car Hacking Labs & Car Hacking Community from Scratch
Building your Car Hacking Labs & Car Hacking Community from ScratchBuilding your Car Hacking Labs & Car Hacking Community from Scratch
Building your Car Hacking Labs & Car Hacking Community from Scratch
 
Programable logic controller.pdf
Programable logic controller.pdfProgramable logic controller.pdf
Programable logic controller.pdf
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...
PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...
PICCOLI GREEN TECHNOLOGY , PICCOLI MOTORS , PGT GROUP, Franquia Piccoli Green...
 
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
 
Lightspeed ii-manual-2012-jan
Lightspeed ii-manual-2012-janLightspeed ii-manual-2012-jan
Lightspeed ii-manual-2012-jan
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
 
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple StepsIDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
 
Final ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxFinal ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docx
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE network
 
Franquia green sharing IOT Scooters devices
Franquia green sharing IOT Scooters devicesFranquia green sharing IOT Scooters devices
Franquia green sharing IOT Scooters devices
 

Recently uploaded

audience feedback draft 3.pptxxxxxxxxxxx
audience feedback draft 3.pptxxxxxxxxxxxaudience feedback draft 3.pptxxxxxxxxxxx
audience feedback draft 3.pptxxxxxxxxxxxMollyBrown86
 
Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!
Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!
Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!AutoScandia
 
What Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To AppearWhat Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To AppearJCL Automotive
 
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaFULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaMalviyaNagarCallGirl
 
Chapter-1.3-Four-Basic-Computer-periods.pptx
Chapter-1.3-Four-Basic-Computer-periods.pptxChapter-1.3-Four-Basic-Computer-periods.pptx
Chapter-1.3-Four-Basic-Computer-periods.pptxAnjieVillarba1
 
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdfSales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdfAggregage
 
Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...
Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...
Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...anilsa9823
 
Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...amitlee9823
 
John Deere Tractors 6130M 6140M Diagnostic Manual
John Deere Tractors 6130M 6140M Diagnostic ManualJohn Deere Tractors 6130M 6140M Diagnostic Manual
John Deere Tractors 6130M 6140M Diagnostic ManualExcavator
 
Vip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile Girls
Vip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile GirlsVip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile Girls
Vip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile Girlsshivangimorya083
 
Delhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 personDelhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 personshivangimorya083
 
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...Delhi Call girls
 
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...Hot Call Girls In Sector 58 (Noida)
 
Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...
Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...
Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...shivangimorya083
 
Call me @ 9892124323 Call Girl in Andheri East With Free Home Delivery
Call me @ 9892124323 Call Girl in Andheri East With Free Home DeliveryCall me @ 9892124323 Call Girl in Andheri East With Free Home Delivery
Call me @ 9892124323 Call Girl in Andheri East With Free Home DeliveryPooja Nehwal
 
Greenery-Palette Pitch Deck by Slidesgo.pptx
Greenery-Palette Pitch Deck by Slidesgo.pptxGreenery-Palette Pitch Deck by Slidesgo.pptx
Greenery-Palette Pitch Deck by Slidesgo.pptxzohiiimughal286
 
ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111
ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111
ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111Sapana Sha
 

Recently uploaded (20)

audience feedback draft 3.pptxxxxxxxxxxx
audience feedback draft 3.pptxxxxxxxxxxxaudience feedback draft 3.pptxxxxxxxxxxx
audience feedback draft 3.pptxxxxxxxxxxx
 
Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!
Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!
Why Won't Your Subaru Key Come Out Of The Ignition Find Out Here!
 
What Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To AppearWhat Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To Appear
 
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaFULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
 
Chapter-1.3-Four-Basic-Computer-periods.pptx
Chapter-1.3-Four-Basic-Computer-periods.pptxChapter-1.3-Four-Basic-Computer-periods.pptx
Chapter-1.3-Four-Basic-Computer-periods.pptx
 
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdfSales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
 
Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...
Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...
Lucknow 💋 (Genuine) Escort Service Lucknow | Service-oriented sexy call girls...
 
Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Mumbai Call On 9920725232 With Body to body massage wit...
 
John Deere Tractors 6130M 6140M Diagnostic Manual
John Deere Tractors 6130M 6140M Diagnostic ManualJohn Deere Tractors 6130M 6140M Diagnostic Manual
John Deere Tractors 6130M 6140M Diagnostic Manual
 
Vip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile Girls
Vip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile GirlsVip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile Girls
Vip Hot🥵 Call Girls Delhi Delhi {9711199012} Avni Thakur 🧡😘 High Profile Girls
 
Delhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 personDelhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ☎✔👌✔ Full night Service for more than 1 person
 
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
 
Call Girls In Kirti Nagar 7042364481 Escort Service 24x7 Delhi
Call Girls In Kirti Nagar 7042364481 Escort Service 24x7 DelhiCall Girls In Kirti Nagar 7042364481 Escort Service 24x7 Delhi
Call Girls In Kirti Nagar 7042364481 Escort Service 24x7 Delhi
 
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
 
Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...
Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...
Hot And Sexy 🥵 Call Girls Delhi Daryaganj {9711199171} Ira Malik High class G...
 
Call me @ 9892124323 Call Girl in Andheri East With Free Home Delivery
Call me @ 9892124323 Call Girl in Andheri East With Free Home DeliveryCall me @ 9892124323 Call Girl in Andheri East With Free Home Delivery
Call me @ 9892124323 Call Girl in Andheri East With Free Home Delivery
 
Greenery-Palette Pitch Deck by Slidesgo.pptx
Greenery-Palette Pitch Deck by Slidesgo.pptxGreenery-Palette Pitch Deck by Slidesgo.pptx
Greenery-Palette Pitch Deck by Slidesgo.pptx
 
ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111
ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111
ENJOY Call Girls In Okhla Vihar Delhi Call 9654467111
 
Call Girls in Shri Niwas Puri Delhi 💯Call Us 🔝9953056974🔝
Call Girls in Shri Niwas Puri Delhi 💯Call Us 🔝9953056974🔝Call Girls in Shri Niwas Puri Delhi 💯Call Us 🔝9953056974🔝
Call Girls in Shri Niwas Puri Delhi 💯Call Us 🔝9953056974🔝
 
Call Girls In Greater Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Greater Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Greater Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Greater Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 

Tesla hacking presentation 'jaarbeurs World of Technology and Science' October 2018 utrecht

  • 2. https://www.slideshare.net/JasperNuyens/tesla-hacking-presentation-wots Jasper Nuyens jasper@linux.com +32478978967 Managing Director Linux Belgium http://www.linuxbe.com Very interested in EVs since Tesla. Made money with Free and OpenSource Software Training and Consultancy
  • 3. Content 1. Disclaimer and the obvious questions 2. The car 3. The mission 4. Components and network layout 5. How to access 6. Hacks performed by other people 7. Hacks performed by me 8. How ‘hacker friendly’ are Tesla Service and Elon Musk? 9. Other questions 10. Q&A
  • 4. 1. Disclaimer and the obvious questions Disclaimer - I am a Tesla customer, not a Tesla supplier or employee. I can be considered a ‘security researcher’, ‘thinkerer’ or ‘hacker’, not a ‘cracker’. - Tesla hacking seems dangerous: it is a +2t car with electric propulsion, electronically steered and with a high voltage battery. Yet all drive controls keep on working even when 3 Linux systems are restarted during driving. - Tesla can be considered ‘Hacker Friendly’. When registering as a ‘security researcher’, Tesla guarantees car warrantee, helps when you would ‘brick your car’, absolves you from litigation and has a ‘bounty program’.
  • 5. SMALL Request Slight conflict of interests between Tesla and Hackers for now: - if a new exploit is discovered by creative car owners, and Tesla finds out how, they close the entry point. GREAT! BUT NOT GREAT if it’s the only way to gain access on your car or help a friend out. We hope in the future Tesla will allow ‘security researchers’ a simple or controlled way to gain root. To prevent abuse and enable more FUN!
  • 6. 2. The car Model X, Enhanced Autopilot 2.0 75kWh battery, premium interior, towing package…
  • 7. 2. The car “Once you drive electric, there’s no going back” Range: in practice between 230 and 350km decreases range: high speed, cold weather never having to go to the petrol station start ‘full’ every morning, slow traffic doesn’t increase consumption Supercharging network for long distance: charges at 500km per hour (120kW); no waiting required (lunch, toilet,…) Ok to drive 1000km per day without waiting to charge. Autopilot: driver assist system. I discovered a huge leap forward with version 9.0: 2018.39.0.1 and 2018.39.2.1
  • 8. 3. The mission Tesla’s mission is: “Accelerate the world's  transition to sustainable energy.” In our case, we drove 52.000 km in 1,5 year with our Model X. We generated the electricity from our solar roof. This avoided air pollution of: 11980kg CO2 plus all the other nasty stuff we put in the atmosphere. Ecological footprint of production? About the same as with ‘old’ cars. And Tesla doesn’t use ‘dirty’ cobalt from Congo for it’s batteries. Only ‘vegan’ leather.
  • 9. 4. Components and network layout - Instrument Cluster (ic) behind steering wheel 192.168.90.101 - Big screen (cid) in the middle 192.168.90.100 - Gateway (gw) 192.168.90.102 - Autopilot (ape) 192.168.90.103 - lb (ape gw) 192.168.90.104
  • 10. 4. Components and network layout Instrument Cluster (ic) behind steering wheel 192.168.90.101 Custom version of NVidia Tegra 2 SoC cat /proc/cpuinfo Processor : ARMv7 Processor rev 0 (v7l) processor : 0 BogoMIPS : 897.84 processor : 1 BogoMIPS : 897.84 Features : swp half thumb fastmult vfp edsp vfpv3 vfpv3d16 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x1 CPU part : 0xc09 CPU revision : 0 Hardware : Tegra P852 SKU8 C01 Revision : 0000 Serial : 1f78400042408317 Boots squashfs compressed read-only filesystem, /var is writeable Steering wheel buttons are attached to the ic and the input is sent over Ethernet using the (undocumented) ‘Vehicle API’ Settings are stored in sqlite3 db
  • 11. 4. Components and network layout Massive multimedia 19”screen (cid) in the middle of the car 192.168.90.100 NVIDIA quad core (new cars have it replaced with Intel CPU based board, like in the Model 3) Includes a Qt based Web browser, runs Spotify and allows to control all car settings, doors, keys, sound, and so on…
  • 12. 4. Components and network layout root@ic:~# nmap -v -p 1-65535 -sV -O -sS -T5 192.168.90.100 Not shown: 65090 closed ports, 419 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.5p1 Debian 4ubuntu4 (Ubuntu Linux; protocol 2.0) 53/tcp open domain dnsmasq 2.78 111/tcp open rpcbind 2 (RPC #100000) 2049/tcp open nfs 2-4 (RPC #100003) 4030/tcp open unknown 4032/tcp open unknown 4037/tcp open unknown 4050/tcp open unknown 4060/tcp open unknown 4070/tcp open unknown 4090/tcp open omasgport? 4092/tcp open unknown 4094/tcp open unknown 4096/tcp open bre? 4102/tcp open unknown 4110/tcp open unknown 4160/tcp open unknown 4170/tcp open unknown 4220/tcp open vrml-multi-use? 4280/tcp open unknown 4500/tcp open sae-urn? 20564/tcp open unknown 25956/tcp open unknown 43164/tcp open nlockmgr 1-4 (RPC #100021) 43427/tcp open status 1 (RPC #100024) 43546/tcp open mountd 1-3 (RPC #100005)
  • 13. 4. Components and network layout Gateway 192.168.90.102 Runs FreeRTOS on Freescale MPC5668G
 592 KB embedded RAM Is attached to the 6 CAN-busses: - Trunk, doors,… - Vehicle speed, engine speed,… - Chassis - BFT - ODBII
  • 14. 4. Components and network layout Gateway 192.168.90.102 firmware name: gtw.hex located on the sd card of the CID In the past, it contained in clear text the (unique) pw to get acces. Was a ‘point of entry’, closed by Tesla.
  • 15. 5. How to access Which data paths exist? Internet: - nightmare of Elon Musk - access from the Tesla Android or IOS App - mothership.tesla.com Internal Ethernet network: - physical connection below CID for Service Centers - physical connection between IC and CID CAN busses: - typical ‘old school car modding’, will probably disappear
  • 16. 5. How to access
  • 17. 5. How to access
  • 18. 5. How to access
  • 19. 5. How to access
  • 20. 5. How to access Careful with the special connector which provides power and more (click mechanism)!
  • 21. 5. How to access Experiment with how the wiring to the Ethernet is done.
  • 22. 5. How to access Fakra? 4 Ethernet wires: green, orange green/white orange/white Test: steering wheel audio volume passes through Ethernet
  • 23. 5. How to access
  • 24. 5. How to access Better (version 2):
  • 25. 5. How to access 1st way: Ethernet (Fakra) from CID to switch Ethernet (Fakra) from IC to switch Extra ethernet cable below CID for attaching laptop Ethernet cable for Raspberry Pi for wired and/or wireless network Raspberry Pi allows to modify stuff ‘permanently’ without changing something to the rootfs Easy access at a side panel to ‘reverse’ all changes (before going back to Tesla Service)
  • 26. 5. How to access 2nd step: Reverse ssh tunnel directly from CID -> allows hacking in bed and on holiday :-D -> allows a chrooted ubuntu on a USB stick
  • 27. 6. Hacks performed by other people Tesla itself created ‘Easter Eggs’ like Model X Chrismas Tree, Mars driving map, drawing app,… 3 minute movie https://www.youtube.com/watch?v=1fmm6Hg7k1U
  • 28. 6. Hacks performed by other people All IC’s can be accessed using the same (leaked) ssh key for the root account (once you are on the Ethernet network between IC and CID). Might not remain so after an update? Ethernet port below CID is only enabled after mothership opens it for Tesla Service through their own cryptographically signed applications/internal network. Access from IC to CID is restricted (was a dead end).
  • 29. 6. Hacks performed by other people Replacing an image on Instrument Cluster
  • 30. 7. Hacks performed by me Replacing lots of images ‘subtle’ to add the Linux Belgium logo.
  • 31. 7. Peeking into version 9.0 Configurable through web based API: Launch an update: socat -,icanon=0,echo=0 tcp:192.168.90.100:25956; (on the cid) or from a laptop: telnet 192.168.90.100 25956 install http://www.yourserver.com:80/some-imagefile.img Thanks to @nemSoma for the image As soon as it starts downloading, reconnect all systems. Turn on the experimental ‘Navigation on Autopilot’ in Europe (for 1 ride): curl -s “http://192.168.90.100:4035/set_data_value?name=FEATURE_dasDriveOnNavEnabled&value=true" curl -s "http://192.168.90.100:4035/set_data_value?name=FEATURE_dasNoConfirmULCEnabled&value=true" Persistence needs root. Amazing _next level_ capabilities unlocked! BUT: obviously we need to be super careful with ‘development’ features. IT MIGHT VIOLATE REGULATIONS IN CERTAIN REGIONS http://www.youtube.com/salamimovies
  • 32. 7. Hacks performed by me Replacing lots of images ‘subtle’ to add the Linux logo - and a ‘peace’ sign.
  • 33. 7. Hacks performed by me Images stored in /usr/tesla/UI/assets/night/car/modelx/ No permanent changes are made: small script to bind mount the individual files from /var/added and relaunch the Qt based IC process (beware of wife). Re-verifies every minute out of crontab. root@ic:~# crontab -l * * * * /teslascript.sh > /dev/null 2>&1
  • 34. 7. Hacks performed by me cat /teslascript.sh #!/bin/bash nohup ssh -i /root/id_dsa root@192.168.90.101 bash /var/added/addedtotesla.sh & ON IC: bash /var/added/mount-modfiles.sh cat mount-modfiles.sh #!/bin/bash #if an argument is provided multiple directories are allowed #first umount for bindmount in $(mount | grep bind | awk '{ print $1 }') do umount $bindmount done cd /var/added/modfiles$1 for modfile in $(find . -type f) do mount --bind $modfile /$modfile done
  • 35. 7. Hacks performed by me Gives: mount /dev/mmcblk3p3 on /var type ext3 (rw,noexec,nosuid,nodev,data=ordered,barrier=1,commit=20) /dev/mmcblk3p4 on /home type ext3 (rw,noexec,nosuid,nodev,data=ordered,barrier=1,commit=20) none on /var/run type tmpfs (rw) none on /var/lock type tmpfs (rw) cid:/opt/navigon on /opt/navigon type nfs (ro,noexec,nosuid,nodev,nolock,soft,fg,intr,retry=1,retrans=10,addr=192.168.90.100) /var/added/modfiles/home/tesla/.Tesla/data/QtCarClusterSettings.db on /home/tesla/.Tesla/data/QtCarClusterSettings.db type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/doors/trunk_closed_paint.png on /usr/tesla/UI/assets/night/car/ modelx/doors/trunk_closed_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/doors/trunk_open.png on /usr/tesla/UI/assets/night/car/modelx/doors/ trunk_open.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/drive/body_paint.png on /usr/tesla/UI/assets/night/car/modelx/drive/ body_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/hero/frunk_open_paint.png on /usr/tesla/UI/assets/night/car/modelx/ hero/frunk_open_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/hero/frunk_closed_paint.png on /usr/tesla/UI/assets/night/car/modelx/ hero/frunk_closed_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/top/frunk_open.png on /usr/tesla/UI/assets/night/car/modelx/top/ frunk_open.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/top/frunk_closed_paint.png on /usr/tesla/UI/assets/night/car/modelx/ top/frunk_closed_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/park/car_paint.png on /usr/tesla/UI/assets/night/car/modelx/park/ car_paint.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/car/modelx/ghost/body-5.png on /usr/tesla/UI/assets/night/car/modelx/ghost/ body-5.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/about/badge_model_x.png on /usr/tesla/UI/assets/night/about/badge_model_x.png type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/cluster/background_noise.jpg on /usr/tesla/UI/assets/night/cluster/ background_noise.jpg type none (rw,bind) /var/added/modfiles/usr/tesla/UI/assets/night/cluster/hi_res/badges/badge_model_x.png on /usr/tesla/UI/assets/night/cluster/ hi_res/badges/badge_model_x.png type none (rw,bind)
  • 36. 7. Hacks performed by me And then the script does: killall -HUP QtCarCluster The monitoring on the IC will restart the process fairly rapidly (beware of wife if you do this while driving)
  • 37. 7. Hacks performed by me Images stored in /usr/tesla/UI/assets/night/car/modelx/ No permanent changes are made: small script to bind mount the individual files and relaunch the Qt based IC process (beware of wife). 7. Hacks performed by me
  • 38. 7. Hacks performed by me Next step… - Color animation script! cat moonshine.sh #!/bin/bash export DISPLAY=:0.0 while true do for color in rgamma ggamma bgamma do for gamma in 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 do xgamma -${color} $gamma 2> /dev/null sleep 0.1 done done done https://www.youtube.com/watch?v=XfkuS-ypUTU
  • 39. 7. Hacks performed by me Discovered: Sound is sent over the Ethernet network :) cat gameofthrones.wav | nc 192.168.90.100 4102 Possibility for denial of service attack? (yet not practical) Special sound format needed: file park_assist_red_repeat.wav park_assist_red_repeat.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz Something like this: sox -S --norm gameofthrones-orig.wav -c 1 -r 48000 gameofthrones-good-format.wav reverse silence 1 0 0.05 reverse pad 0 0.100
  • 40. 7. Hacks performed by me - Every day a new ‘token’ received in: /var/etc/saccess/tesla1 - SQLite3 database containing settings /home/tesla/.Tesla/data/QtCarClusterSettings.db sqlite3 QtCarClusterSettings.db sqlite> select key, quote(value) from data; select key, quote(value) from data where key='DataValues/GUI_developerMode'; DataValues/GUI_developerMode|X’000000010000' UPDATE data SET value=X'000000010001' WHERE key='DataValues/GUI_developerMode';
  • 41. 7. Hacks performed by me Root on CID Obtained though a - now patched - way during an upgrade mechanism to perform commands on the CID; extracting the daily changing security token. Thanks to someone on TMC forum for helping me! CID has an Internet connection (through usb-connected ‘parrot’). -> reverse ssh tunnel for easy remote access -> extra backdoors to prevent becoming locked out as a result of an update Only /var is writeable
  • 42. 7. Hacks performed by me Root on CID CID has 2 USB connections in the central display -> allows to run ARM/Ubuntu in a mounted chrooted environment Big display is not rotated at kernel level; QT application is written rotated. Fixed with running X applications in a rotated Xephyr (nested X server).
  • 43. 7. Hacks performed by me Root on CID Sound possible with gstreamer. Possible to display messages on the CID
  • 44. 7. Hacks performed by me Root on CID - romance mode For the 4th anniversary of being married to my sweet wife, i put this into crontab: */15 * * * * bash /var/added/romance_mode.sh >/dev/null 2>&1 Executing: bash /var/added/speak "Kissy, kissie" /disk/usb.*/freedomev/talk "I love you, Baby!"
  • 45. 7. Hacks performed by me Root on CID Romance Mode https://www.youtube.com/watch?v=w-gLSPzLo6Q
  • 46. 7. Hacks performed by me Goals Integrate touchscreen driver and build application launcher with free software repository www.FreedomEV.com www.FreedomEV.com/wiki www.github.com/jnuyens/freedomev “Download/extract the tarball to a usb stick, add one crontab entry in the CID as root and enjoy the power of the OpenSource community”
  • 47. 7. Hacks performed by me Goals Integrate anbox to run Android apps like Waze on the CID Allow anybody to contribute fun stuff back easy to package and distribute. Fun, Fun, Fun!
  • 48. 8. How ‘hacker friendly’ are Tesla Service and Elon Musk? I am not interested in doing illegal things like: - changing the VIN number (it might help stolen car sales) - faking the mileage - abusing the (free) data usage I prefer also not to: - mess with the autopilot (I prefer to live ;) - mess with the drive motor steering
  • 50. 9. Other questions Or use other charging networks…