内容简介:CVE-2020-10558 | Tesla Model 3, Tesla VulnerabilityI was able to find a denial of service vulnerability (DoS) after investigating the Tesla Model 3’s web interface. This was after being inspired from the amazing team,After some extensive trial and error, I
CVE-2020-10558 | Tesla Model 3, Tesla Vulnerability
Investigation:
I was able to find a denial of service vulnerability (DoS) after investigating the Tesla Model 3’s web interface. This was after being inspired from the amazing team, Fluoroacetate after they discovered a JIT bug in the browser.
After some extensive trial and error, I found a bug in the web browser.
Thanks to some code I was able to find on github, (thanks to CrashSafari), I was able to host a malicious web page with the code. Here is a video example.
Important Note:I stated in the video that this disables the autopilot functionality, but that is incorrect. This will only disable the notification to place pressure on the wheel. If you keep pressure on the wheel, AP will continue to function.
Summary:
The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen.
Attack Vector:
To exploit the vulnerability, a user has to go to a specially crafted web page. This web page will crash the chromium-based browser interface and inherently crash the entire Tesla Model 3 interface.
If you want to test it out on your tesla before you update, feel free to go here. Please drive responsibly as this does not inhibit your ability to manually take over. You can still drive.
Warning: This script above will still crash your browser on the system you are currently using, so be sure to save your place or use a scrap web browser for this page.
Resolution:
After reporting this vulnerability through Bug Crowd, I had the incredible pleasure of working with the Tesla team to get this issue resolved.
This issue is fixed in any release >= 2020.4.10.
Twitter: Obligatory Twitter Link
以上所述就是小编给大家介绍的《Tesla Model 3 Vulnerability – Disable Autopilot Notifications, Speedometer, etc.》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
HTML5与CSS3基础教程(第8版)
[美] Elizabeth Castro、[美] Bruce Hyslop / 望以文 / 人民邮电出版社 / 2014-5 / 69.00元
本书是风靡全球的HTML和CSS入门教程的最新版,至第6版累积销量已超过100万册,被翻译为十多种语言,长期雄踞亚马逊书店计算机图书排行榜榜首。 第8版秉承作者直观透彻、循序渐进、基础知识与案例实践紧密结合的讲授特色,采用独特的双栏图文并排方式,手把手指导读者从零开始轻松入门。相较第7版,全书2/3以上的内容进行了更新,全面反映了HTML5和CSS3的最新特色,细致阐述了响应式Web设计与移......一起来看看 《HTML5与CSS3基础教程(第8版)》 这本书的介绍吧!
