Hacked Teslas Are Here | It's A Good Thing

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Tesla makes some of the most connected cars out there the fact their cars are so software based means that Tesla can improve things over time and make their mobile phone app really useful as a customer but it also adds in the possibility of the car being hacked of course with any technology company this is a huge focus and Tesla is constantly working on security but there have been a few times their cards have been successfully hacked today we're going to talk about six different times Teslas were hacked so let's get into it [Music] on Tesla's privacy website they say that your data belongs to you quote we're committed to protecting you anytime you get behind the wheel of a Tesla vehicle that commitment extends to your data privacy our privacy standards aim to go beyond industry standards ensuring your personal data is never sold tracked or shared without your permission or knowledge they're very clear that they never sell or rent out our data to third-party companies and they detail specifically what kind of data they collect there is quite a bit of data that is shared with Tesla if you opt into it and that's shared automatically but not associated with your account so it's totally Anonymous but they do have your data one of those areas is cabin camera data as well as autopilot camera recordings if opted in through data sharing then for cabin camera data test the will associated with your account if the FSD beta is enabled and safety critical event occurs or for autopilot camera recordings they'll collect it with your Associated account in the occurrence of a safety critical event only so those are their data privacy standards but then there's Security on the other side of things first step today is a hack you may have heard of recently a Tesla Model 3 was hacked demonstrating a hole in Tesla's security measures but it's not exactly what you may think since EVS have so much integrated software security is becoming increasingly critical quote in the worst case scenario a hacker could not only gain access to a car but could leak user data or even take control of the vehicle just recently Tesla set themselves up to be hacked in the name of security they returned to the pone to own hacking competition with a model 3 functioning as both the Target and the prize for anyone who successfully hacks it last year two hackers at this event found vulnerability in the model 3's browser which won them the vehicle and over 350 000 in prize money Richard zoo and amatcom were a team at this competition and within a few minutes they demonstrated the flaw they had found in Tesla's internet browser quote the pair used a git bug in the renderer to display their message and won the prize which included the car itself in the most simple terms a git or or just in time bug bypasses memory randomization data that normally would keep secrets protected shortly after this event Tesla said there are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser while protecting all other vehicle functionality in the coming days we will release a software update that addresses This research since then Tesla has of course patched this and that's the entire point of Tesla entering that competition they want the best hackers in the world to find holes for them to patch before anything bad happens it's another reason why they returned to that competition again this year this time a group called synactive used an exploit to gain access to the model 3. as a result they won a Tesla Model 3 100 000 and of course Tesla is now able to patch this security hole it's a great test of security to have in a controlled environment hackers trying their best to hack a Tesla so that Tesla is able to take that and improve their security as for the details of this particular hack quote thanks to the nature of the hacking competition the details of how the hack was performed have not been made entirely public to avoid a security risk for Tesla owners what we do know is that it was a talk to exploit or time of check to time of use exploit and they were able to compromise the Gateway of the vehicle through that bug what's particularly notable about Tesla's participation in this event is how much it demonstrates Tesla's focus on security no other automaker was at this event and Tesla is actively putting their cars out there confidently knowing they are difficult to hack then when someone succeeds it's a win long term for their vehicle safety and this is again the purpose here of course we do occasionally see headlines that make it seem like hordes of computer hackers are successfully breaking their way into Tesla vehicles and driving off of them that's not the case at all but there have been instances of people managing to unlock the car thankfully though they usually aren't malicious a common potential security issue concerns the use of a key card to open the vehicle unlike a physical key a key card uses short-range radio frequency identification or RFID to communicate with the vehicle since around 2017 drivers who used their Tesla NFC C or near field communication key card to unlock their cars had to place the card on their center console to begin driving you would have to tap the card to the door pillar to unlock the car and then tap it again on the center console to start it in 2021 Tesla issued an update to make the key card more convenient instead of having to tap it twice you would just have to tap it once to unlock the car and you would have 130 seconds to put the car into drive now there are three ways to unlock your Tesla you can use the key card a key fob or you can use your phone as key so essentially once a key card is registered to a Tesla it can be used to turn anyone's phone into a key for that vehicle with the permission of the vehicle owner that 132nd window though is where a vulnerability was found about a year ago a friendly hacker or security researcher in Austria discovered that the car didn't just allow owners to start driving within 130 seconds of being unlocked with the NFC card but it also put the car in a state to accept entirely new keys requiring no authentication even further there was Zero indication of this half happening on the front screen that sounds like a huge oversight but you have to consider this researcher wasn't doing this through the official Tesla app the Tesla app doesn't allow keys to be enrolled unless they're connected to the owner's account but this researcher managed to build his own app which he called Tesla key that speaks the same language that the official Tesla app uses to communicate with Tesla vehicles in this video demonstration a driver enters their car after unlocking it with an NFC card then a quote Thief begins exchanging messages between the weaponized Tesla key and the car within 130 seconds of the car being unlocked the app is able to enroll a key that's not connected to the owner's account from that point on that app can unlock start driving and re-lock the car nothing shows up on the front screen where the new car is being made this was designed by a researcher not a malicious attacker the app that he designed wasn't made public and the app that is public serves to help test the owners make sure no one has been authorized to enter their vehicle that shouldn't be a few months later though a different researcher found another way to hack the NFC system this this time with two people the way NFC works is essentially a sort of question and answer system the car poses a challenge that the NFC responds to but that signal can be intercepted with the help of a device that can be bought for under 400 and a cell phone a hacker can prompt the vehicle to open one person stands by the car to prompt the signal and the device can transmit that signal over Wi-Fi to a cell phone held by a second person standing by the Tesla owner as long as the second person can get the device within several inches of the owner's key they can gain access to the vehicle with that 130 second update we just talked about the person near the car can start driving if they step on the brake within two minutes after unlocking the car once they put the car into park they won't be able to start it again unless they somehow get near that owner's key again but it only takes one break in to steal anything inside the car or even worse drive off with it this NFC relay attack though is definitely not exclusive to Teslas any car that allows you to drive it with an NFC card is vulnerable at least Tesla offers a PIN to drive function that can prevent both of these attacks unfortunately the only way to be a 100 sure that no one steals what's in your car though is to not keep any valuables in it and that goes for any car as you can see this is a very specific type of hack and it requires a bunch of contingencies but it is possible with NFC enabled cars real quick before we get to number three I want to mention one of my favorite Tesla accessories if you're a Tesla owner 3D Max spider all-weather floor mats they are my favorite Tesla floor mats you can buy them for just the seats or you can buy a full set including custom mats for the under storage front trunk trunk bed back side of the rear seats when folding down for larger cargo and more they're Linked In the description below the third Tesla hack we've heard about is through the open source software Tesla mate according to their website Tesla mate is quote a self-hosted Data Logger and visualization tool for your Tesla it tracks things like location charging info and temperature readings and passively Records the data virtually for owner's analysis in January of last year a cyber security researcher found a security issue within the third party software that software needed to store send sensitive information in order to be able to track the car and their security was not on the same level as Tesla's the researcher David Colombo detailed how he hacked it in an interview with TechCrunch he said the car's API key which is a code used to identify and authenticate an application or user could be manipulated to send commands to some Teslas remotely once that was done a hacker would be able to unlock the car which as we pointed out before means they would be able to put it into drive but wouldn't be able to interfere with the owner's operation of the vehicle other than to blast the music or Flash their lights from there they could maintain access to the car though with the owner being none the wiser of course as soon as Colombo discovered this he informed both Tesla and Tesla made immediately reportedly tesla-mate pushed an update within hours of receiving Colombo's email while that hack is somewhat frightening to hear it was a bug in the software that is totally unrelated to Tesla the whole insecurity here was the result of Tesla customers sharing sensitive information with a third-party app and even then it was found by someone who wasn't looking to take advantage of it and it was solved almost immediately apart from security there are ways to hack a Tesla that are a bit more fun in the case of this fourth hack you can enable more features about a year ago the official top speed of the Plaid Model S was 175 miles per hour now with the help of the carbon ceramic brake kit upgrade that top speed is 200 miles per hour back then though the CEO of nginx to managed to achieve a top speed of 216 miles per hour and he did it by hacking the system nginx is a Quebec based company that sells car parts kits and modules that help unlock software locked features in Tesla vehicles so this took a great deal of resources and years of expertise the Tesla Model S plaid they hacked was a stock production vehicle equipped with larger brakes from Mountain Pass performance and had a higher performance tires from Michelin Pilot Super Sport they made these changes mostly for safety reasons if you're going to be going over 200 miles per hour you need to be able to stop properly and most standard Brakes and Tires won't be able to do that effectively other than that the only other modification they had to make was to use their nginx module which let them bypass Tesla software restrictions this this team had tried to reach 200 miles per hour with this car before but the other locations they tried it didn't have enough space this time they ran it on a 1.8 mile Runway at an airport and they needed just about the entire track to get there and have enough time to slow down when they did though they surpassed their goal and set the record at 216 miles per hour electric posted a video of this family sedan zooming past and it's just insane it sounds like a jet engine last month though that record was beat again using a similar process but this time involving Tesla Sebastian Vettel a race car driver that has collaborated with Tesla before released a video in partnership with Tesla Belgium in the video he does a few test laps in a Tesla Model S plaid with a ceramic brake kit upgrade I mentioned earlier and no speed limiter at circuit Dupris he broke the 216 mile per hour record several times setting the new one at 217 miles per hour but this was with Tesla's help our fifth security breach today is less of a hack and more of a data leak usually when you think about a hack it conjures images of a guy in a dark room somewhere using complicated algorithms to gain access to your computer or in this case your vehicle but in some cases your information can be leaked just because you didn't check the right box when you set up your Tesla for the first time Tesla gathers your information if you let them they use the data to train their AI which they have been training for many years now in order for their self-driving systems to actually become Anonymous it needs to be able to recognize people and objects and cars and anything it'll have to navigate when you're driving around for that reason Tesla has teams of people whose job it is to label the objects that the vehicle sees so it can analyze it and recognize it next time what that means though is that the car is recording via the cameras all over it even after you park your car in your garage and those recordings have been watched by Tesla employees what's worse though is that those recordings may not have always been treated in the most professional manner when they got back to Tesla according to interviews conducted by Reuters with nine former employees quote between 2019 and 2022 groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive of videos and images recorded by customers car cameras reportedly employees were sharing videos of people's garages and private properties filmed from their vehicles and also creating memes with them some images were more mundane but either way this is completely unacceptable Tesla says that the video they collect is anonymous and can't be traced to owners and that still is the case here but they're definitely doing more with that Anonymous video than they should there's no excuse for Tesla employees to be using your recordings for their own Amusement Tesla recently detailed their data privacy practices that we talked about earlier and this Reuters report seems to claim that this Behavior ended in 2022 even so it's not a good look for these connected cars so hopefully we'll get more clarification in the future the first thing you can do to prevent this is to not opt into Tesla receiving this data in the first place when it comes to Tesla news Reuters has mixed reliability but we haven't heard anything to disprove these claims yet the last we heard they're facing a lawsuit at the very least this may encourage some owners to cover up their interior cameras as well as opt out of letting Tesla use it within settings as I I mentioned this isn't necessarily a hack but it does show Tesla employees taking our data and images and using them improperly for every security breach though there is an innocent prank that brings us to number six which took advantage of the signal created by Tesla Chargers when you charge your Tesla whether at home or at a supercharger you can easily open your charge port door with the button on the handle it uses an RF signal to tell your Tesla to open the charge port door of course someone figured out how to reproduce that signal back in 2021 and used a device that could open any charge port door on any Tesla within range the device is called a flipper zero and it's fully open source and customizable so it's not just Tesla getting hacked here for 170 dollars in free code posted online just about anyone can open your charge port door that said you can open just about any gas cap on a nice vehicle so it isn't showing us a vulnerability that's unique to Teslas Teslas also don't support v2v or v2h charging so the only real concern about the average person being able to open your charge port door is vandalism but of course that's true all the time just parking your car outside is a risk if that's all you're worried about for now this is just a harmless prank the charge port door will just close before driving again or after two minutes have passed you have to admit though it's kind of funny that it can be triggered like this overall the takeaway from all these hacks we've seen is that for the most part Teslas are very secure the few times you do hear about a Tesla legitimately getting hacked the whole insecurity gets patched pretty quickly according to the highway loss data Institute Tesla vehicles are about 90 percent less likely to be stolen than the average car and of the Teslas that have been stolen one study found that 97 percent of them have been recovered according to the California Highway Patrol the average percentage of cars that are recovered overall is 88 so Tesla is doing pretty well in that regard I imagine a big piece of why these cars get recovered is because you can see the location at any time within the Tesla app those are some of the biggest Tesla hacks we've seen some were a little concerning and others were just kind of funny which one was most surprising to you though leave a comment below to let me know your thoughts in the meantime if you want to check out my full review of the riviant r1s SUV you can check out that video linked up here or in the description below thanks so much for watching and I'll see you on the next one
Info
Channel: Ryan Shaw
Views: 94,203
Rating: undefined out of 5
Keywords: tesla, model y, elon musk, model y tesla, model y review, tesla model y review, model y 2021, 2021 model y, 2022 model y, model y 2022, model y issues, model y complaints, 2023 model y review, 2023 tesla model y, 2023 model y, new model 3, tesla model 3, 2023 tesla model 3, used tesla, used tesla price, tesla tax credit, tesla price cut, tesla discount, new 2023 tesla, investor day, tesla investor day, cybertruck, cybertruck sighting, tesla cybertruck
Id: LUMWSpyFICM
Channel Id: undefined
Length: 15min 35sec (935 seconds)
Published: Mon Apr 17 2023
Related Videos
The TRUTH About The Cheapest Tesla Model 3 | Don’t Make a Mistake
Ryan Shaw
245K
My INSANE $23,614.36 Tesla Repair | Tesla’s Expensive Repair Problem
Ryan Shaw
107K
How to Successfully Road Trip in an Ioniq 5, EV6 or Any EV
The Ioniq Guy
7.9K
I Sold My $130,000 Tesla Model S Plaid | Here’s Why
Ryan Shaw
159K
Tesla's $22,000 Battery Replacement | What You Need To Know
Ryan Shaw
364K
Dangerous Mods That WILL Void Your Tesla Warranty
Kim Java
182K
We hacked the Tesla model 3s and it's true potential is INSANE
Rich Rebuilds
1.4M
I Lost Self Driving in my Tesla for Doing This
Kim Java
243K
10 Ways To Ruin Your Tesla | DO NOT Make This Mistake
Ryan Shaw
1.4M
We Stole a Tesla with this $20 Device
Donut
3.1M
One Year with a Cheap, High Mileage, Tesla - Do I Regret It?
Griffen Sander
231K
NEW Tesla Model Y, 3 Accessories For 2023 | Here’s Our Favorite Finds
Ryan Shaw
202K
Do I REGRET Buying a Tesla?? (Model Y after 50k Miles)
Everyday Chris
339K
Tesla's Powerwall 3 & Solar | What I Wish I Knew
Ryan Shaw
146K
Tesla Model 3 Acceleration Reaction! - MUST SEE Skeptical Corvette Owner's Soul Get Snatched!
The Tesla Barbarian
303K
Tesla Model 3 - 3 Years Later | Costs, Battery Degradation, Things I Love and Hate
Oliur / UltraLinx
505K
Tesla Model Y Review After 1 Year: My Wife Gets HONEST
Andy Slye
147K
Tesla's 2024 Competition Is HERE | Best NEW EVs For 2024
Ryan Shaw
70K
21 TIME-SENSITIVE Things to do IMMEDIATELY After Ordering/Delivery of Your TESLA!
Matt Danadel
522K
Cheapest Tesla Model 3 Three Months Later - Watch Before You Buy!!
JSL Review
102K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.