Spyder News
  • Home
    • Home – Layout 1
  • Review
    Cubot Quest Lite Review

    Cubot Quest Lite Review

    Xiaomi Mi 12 Pro Review

    Xiaomi Mi 12 Pro Review

    Samsung Galaxy A32 5G review: 5G on a budget

    Samsung Galaxy A32 5G review: 5G on a budget

    Fujitsu UH-X laptop review

    Fujitsu UH-X laptop review

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

  • Gaming
    Alienware M15 R7

    Alienware M15 R7

    MSI GS77 Stealth 2022

    MSI GS77 Stealth 2022

    Lenovo IdeaPad Gaming 3 Laptop

    Lenovo IdeaPad Gaming 3 Laptop

    Razer Blade 14

    Razer Blade 14

    Gta Vi

    Gta Vi

    all about gta vi

    all about gta vi

  • Gear
    • All
    • Audio
    • Camera
    • Laptop
    • Smartphone
    Xiaomi Robot Vacuum-Mop 2C

    Xiaomi Robot Vacuum-Mop 2C

    ZTE Axon 20 5G

    All About ZTE Axon 20 5G

    ASUS ROG Flow Z13

    ASUS ROG Flow Z13 : Powerful Beast !

    Chuwi HiPad

    Chuwi HiPad

    Poco F4 GT

    All About Poco F4 GT

    Galaxy S21 Plus

    Galaxy S21 Plus

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Computers
    Alienware M15 R7

    Alienware M15 R7

    MSI GS77 Stealth 2022

    MSI GS77 Stealth 2022

    Lenovo IdeaPad Gaming 3 Laptop

    Lenovo IdeaPad Gaming 3 Laptop

    Razer Blade 14

    Razer Blade 14

    Fujitsu UH-X laptop review

    Fujitsu UH-X laptop review

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

  • Applications
    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

    American operator Verizon announces sale of Yahoo and AOL for $ 5 billion

    American operator Verizon announces sale of Yahoo and AOL for $ 5 billion

    Microsoft finds 25 security holes in systems designed for ‘internet of things’ devices

    Microsoft finds 25 security holes in systems designed for ‘internet of things’ devices

    Experts use drone to hack Tesla car system vulnerable to Wi-Fi attack

    Experts use drone to hack Tesla car system vulnerable to Wi-Fi attack

    Glovo suffers a hack in Spain and the credentials of distributors and clients appear for sale on the Internet

    Glovo suffers a hack in Spain and the credentials of distributors and clients appear for sale on the Internet

    Telegram: these are the new features that will arrive very soon

    Telegram: these are the new features that will arrive very soon

  • Security
    The dangerous paradox that threatens the throne of the PlayStation 5

    The dangerous paradox that threatens the throne of the PlayStation 5

    YouTube’s invention so you don’t run out of mobile data

    YouTube’s invention so you don’t run out of mobile data

    European Union proposes rules for ‘high risk’ artificial intelligence

    European Union proposes rules for ‘high risk’ artificial intelligence

    U.S. senators question Apple and Google about dominance in app stores

    U.S. senators question Apple and Google about dominance in app stores

    Amazon opens UK hair salon with technology to predict the look

    Amazon opens UK hair salon with technology to predict the look

    CMS: what is it and how to use a Content Management System?

    CMS: what is it and how to use a Content Management System?

No Result
View All Result
  • Home
    • Home – Layout 1
  • Review
    Cubot Quest Lite Review

    Cubot Quest Lite Review

    Xiaomi Mi 12 Pro Review

    Xiaomi Mi 12 Pro Review

    Samsung Galaxy A32 5G review: 5G on a budget

    Samsung Galaxy A32 5G review: 5G on a budget

    Fujitsu UH-X laptop review

    Fujitsu UH-X laptop review

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

  • Gaming
    Alienware M15 R7

    Alienware M15 R7

    MSI GS77 Stealth 2022

    MSI GS77 Stealth 2022

    Lenovo IdeaPad Gaming 3 Laptop

    Lenovo IdeaPad Gaming 3 Laptop

    Razer Blade 14

    Razer Blade 14

    Gta Vi

    Gta Vi

    all about gta vi

    all about gta vi

  • Gear
    • All
    • Audio
    • Camera
    • Laptop
    • Smartphone
    Xiaomi Robot Vacuum-Mop 2C

    Xiaomi Robot Vacuum-Mop 2C

    ZTE Axon 20 5G

    All About ZTE Axon 20 5G

    ASUS ROG Flow Z13

    ASUS ROG Flow Z13 : Powerful Beast !

    Chuwi HiPad

    Chuwi HiPad

    Poco F4 GT

    All About Poco F4 GT

    Galaxy S21 Plus

    Galaxy S21 Plus

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Computers
    Alienware M15 R7

    Alienware M15 R7

    MSI GS77 Stealth 2022

    MSI GS77 Stealth 2022

    Lenovo IdeaPad Gaming 3 Laptop

    Lenovo IdeaPad Gaming 3 Laptop

    Razer Blade 14

    Razer Blade 14

    Fujitsu UH-X laptop review

    Fujitsu UH-X laptop review

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

    Company finds fraud and viruses in 92% of illegal football broadcasts on the web

  • Applications
    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

    Google accidentally anticipates Mother’s Day tribute and removes Doodle from the air

    American operator Verizon announces sale of Yahoo and AOL for $ 5 billion

    American operator Verizon announces sale of Yahoo and AOL for $ 5 billion

    Microsoft finds 25 security holes in systems designed for ‘internet of things’ devices

    Microsoft finds 25 security holes in systems designed for ‘internet of things’ devices

    Experts use drone to hack Tesla car system vulnerable to Wi-Fi attack

    Experts use drone to hack Tesla car system vulnerable to Wi-Fi attack

    Glovo suffers a hack in Spain and the credentials of distributors and clients appear for sale on the Internet

    Glovo suffers a hack in Spain and the credentials of distributors and clients appear for sale on the Internet

    Telegram: these are the new features that will arrive very soon

    Telegram: these are the new features that will arrive very soon

  • Security
    The dangerous paradox that threatens the throne of the PlayStation 5

    The dangerous paradox that threatens the throne of the PlayStation 5

    YouTube’s invention so you don’t run out of mobile data

    YouTube’s invention so you don’t run out of mobile data

    European Union proposes rules for ‘high risk’ artificial intelligence

    European Union proposes rules for ‘high risk’ artificial intelligence

    U.S. senators question Apple and Google about dominance in app stores

    U.S. senators question Apple and Google about dominance in app stores

    Amazon opens UK hair salon with technology to predict the look

    Amazon opens UK hair salon with technology to predict the look

    CMS: what is it and how to use a Content Management System?

    CMS: what is it and how to use a Content Management System?

No Result
View All Result
Spyder News
No Result
View All Result
Home Apple

Experts use drone to hack Tesla car system vulnerable to Wi-Fi attack

spydernews by spydernews
May 5, 2021
in Apple, Applications, Audio, Gear, Microsoft, Uncategorized
0
Experts use drone to hack Tesla car system vulnerable to Wi-Fi attack
470
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

Equipment flew over the car replicating the network configured for dealerships and opened the vehicle’s doors after exploiting the vulnerability.

Two security researchers demonstrated an attack capable of taking control of Tesla’s on-board entertainment system to control vehicle functions, including air conditioning, music, doors and acceleration modes.

The demonstration featured a drone that, flying over a Tesla Model X, created a special Wi-Fi network to exploit a vulnerability and open the car doors. Although it was possible to carry out the same attack with a notebook, the simulated scenario with a drone warns of the possibility of more discrete attacks.

The problem was identified by experts Ralf-Philipp Weinmann, from Kunnamon, and Benedikt Schmotzle, from Comsecuris. The work was initially carried out for the Pwn2Own competition, which would reward researchers with a car if they encountered such an attack.

Because of the covid pandemic, this category of Pwn2Own has been canceled. The competition started to be held by videoconference and focused on other portable devices of the ‘internet of things’, such as speakers and televisions.

However, experts maintained the research and identified the loophole, which was communicated directly to Tesla. In addition to the Model X, experts say the S, 3 and Y models were also vulnerable.

The automaker released an update to correct the problem in October 2020. The demonstration of the attack, however, was only published last week by the CanSecWest security conference (you can watch the video, in English).

Since the attack gives access only to Tesla’s on-board entertainment system, it is not possible to “drive” the vehicle remotely through this flaw.

Even so, the researchers speculated that it may be possible to replace all the code responsible for the functioning of the car’s Wi-Fi. If this replacement were successful, attackers could create a permanent remote access channel on the vehicle.

Other brands and products may be vulnerable


The fault found by the experts is located in a software called “ConnMan” (short for “Connection Manager”, or “Connection Manager”). It is a component responsible for initiating and configuring network connections, such as Wi-Fi.

Experts pointed out that this code was developed by an employee of the processor manufacturer Intel, but the company denied that it is currently responsible – the project is now maintained by other groups. To get around the situation, Tesla would have decided to replace ConnMan with other equivalent software.

ConnMan is indicated for embedded systems – packages that provide an integration between hardware and software. For this reason, it is possible that other devices, and even other vehicles of other brands, are vulnerable.

The experts contacted Germany’s security incident response team to get other automakers to communicate and make the necessary adjustments. So far, it has not been confirmed whether other vehicles have already received or will have to receive an update.

Even if not all of the vulnerable devices have been fixed, an attack would still depend on finding a channel to exploit the error.

In the specific case of Tesla, parked vehicles scan the surroundings for a Wi-Fi network called “Tesla Service”, which should normally be used for maintenance procedures carried out by dealerships, for example.

However, it was possible to extract the settings and password for this network from the software installed in the vehicle. The drone prepared by the experts then replicated the Wi-Fi network “Tesla Service”, generating an automatic connection when approaching the car.

This connection is not sufficient to provide access to the Tesla’s on-board system. It is only the first stage of the attack, which depends on the breach found in ConnMan to be continued.

In other words, the maintenance network only frees the attacker from convincing the vehicle owner to connect to a malicious network, as it is possible to take advantage of this programmed behavior.

In addition, the possibility that the same attack could work over the cellular network has not been ruled out. In that case, the attacker would need to be able to create a fake mobile network or manipulate the service provider’s network.

Previous Post

Glovo suffers a hack in Spain and the credentials of distributors and clients appear for sale on the Internet

Next Post

Microsoft finds 25 security holes in systems designed for ‘internet of things’ devices

Next Post
Microsoft finds 25 security holes in systems designed for ‘internet of things’ devices

Microsoft finds 25 security holes in systems designed for 'internet of things' devices

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

rope access companies

Rope Access Companies

September 2, 2021
ASUS ROG Flow Z13

ASUS ROG Flow Z13 : Powerful Beast !

August 9, 2022

Trending.

promoneum

influencer marketing

September 2, 2021
promoting posts

Promoting Websites

September 2, 2021
pumpkin !

pumpkin !

October 12, 2021
US to revoke operating licenses for three Chinese telecommunications companies

US to revoke operating licenses for three Chinese telecommunications companies

April 4, 2021
Ibai’s PS5 unboxing: ‘fire’ in G2’s mansion and kiss with Barbe

Ibai’s PS5 unboxing: ‘fire’ in G2’s mansion and kiss with Barbe

March 29, 2021
Spyder News

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Gaming
  • Gear
  • Health
  • Laptop
  • Microsoft
  • Photography
  • Review
  • Security
  • Smartphone
  • Uncategorized

Tags

Alienware M15 R7 ASUS ROG Flow Z13 Chuwi HiPad Cubot Quest Lite Review Galaxy S21 Plus gaming laptop laptop Lenovo IdeaPad Gaming 3 Lenovo IdeaPad Gaming 3 Laptop MSI GS77 MSI GS77 Stealth 2022 Nubia RedMagic 6 Poco F4 GT Razer Blade Razer Blade 14 Reiview review smartphone Xiaomi Mi 12 Pro Review Xiaomi Robot Vacuum-Mop 2C ZTE Axon 20 5G
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Review
  • Apple
  • Applications
  • Computers
  • Gaming
  • Gear
    • Audio
    • Camera
    • Smartphone
  • Microsoft
  • Photography
  • Security

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.