The author notes in the original SA thread that this is really pretty normal. Anyone here knows perfectly well what horrors lurk under the shiny surface of most things that run on computers, and that civilisation is held together by hasty gaffer tape. It was an idle SA engineer war story, not something intended to be newsworthy.
how many comments of yours do you think are policing what people post here? 10%, 20%? Before you respond with something along the lines of “eternal september” or “hacker news” just know I’ve lurked at HN for almost as long as its been around and I had a computer in the late 80s.
Legal systems generally (not the French) go with innocent until proven guilty for a reason. CEOs would not have a lot of time in the day if they had to personally prove every accusation made against them or their company.
Taking your jab at French jurisprudence seriously, what do you mean by that? Is this some recent court case?
Because France basically invented the modern Continental legal framework (well, Napoleon overhauled the ancient Roman system) which is used all over Europe (and beyond!) today.
I don’t think Tesla as a corporate entity or Musk as a private individual / CEO will dignify this source with any sort of acknowledgement. That’s a PR no-no.
However, if a personal actually trained in ferreting out the truth and presenting it in a verifiable manner (these people are usually employed as journalists) were to pull on this thread, who knows where it might lead?
The standards of evidence in most places, including science, are that you present evidence for your claims since (a) you should already have it and (b) it saves readers time. Bullshit spreads fast as both media and Facebook’s experiment show. Retractions and thorough investigations often don’t make it to same audience. So, strong evidence for source’s identity or claims should be there by default. It’s why you often see me citing people as I make controversial claims to give people something to check them with.
There’s nothing surprising about the employee’s claims. It’s like asking for evidence that Google spies on users. They admit to it, and so does Tesla. So there’s your evidence, and I think it’s sad that you’re taking these trolls here seriously.
“Every Tesla has GPS tracking that can be remotely accessed by the owner, as well as by Tesla itself. That means that people will always know where a Tesla is. This feature can be turned off, by entering the car and turning off the remote access feature. I am not sure why you would want to do this, but you can. Unfortunately, there are ways for a thief to turn off the remote access feature, and this will blind you to the specific information about the car. It will not stop Tesla from being able to track the car. They will retain that type of access no matter what, and have the authority to use it in the instances of vehicle theft.”
re taking trolls seriously. We’re calling you out about posting more unsubstantiated claims via Twitter. If your goal is getting info out, then you will always achieve it by including links like you gave me in the first place. Most people aren’t going to endlessly dig to verify stuff people say on Twitter. They shouldn’t since the BS ratio is through the roof. Also, that guy didn’t just make obvious claims like they could probably track/access the vehicle: he made many about their infrastructure and management that weren’t as obvious or verifiable. He also made them on a forum celebrated for trolling. So, yeah, links are even more helpful here.
But the point isn’t to even say that everything written here is true. The point is to share a very interesting data point that likely constitutes primary source material, and force a reaction from Tesla to stop their dangerous practices (or offer them a chance to set the record straight if any of this is untrue, which we’ve established is unlikely).
Is there any evidence your tweets or Lobsters submissions have changed security or ethical practices of a major company?
If not, then that’s either not what you’re doing here or you should be bringing that content to Tesla’s or investors’ attention via mediums they look at. It’s just noise on Lobsters.
I agree with you in general, but this specific “article” is just garbage. (As far as I’m concerned, Twitter in general should be blacklisted from lobste.rs. Anything there is either content-free or so inconvenient to read as to be inaccessible.)
I agree. I did at least learn from your link that Arnnon Geshuri, Vice President of HR at Tesla, was a senior one at Google that some reports said was involved in the price fixing and abusive retention of labor here. That’s a great hire if your an honest visionary taking care of employees who enable your world-changing vision. ;)
Maybe someone on any of these threads has a Tesla, we have some pentesters on Lobsters, and maybe they let them see if a SSH response happens. That by itself would substantiate that claim with near-zero risk of damage. Well, there might some stuff to probe and crack to get to that part depending on implementation. And hacking a Tesla might void some warranty. ;)
EDIT: The thread friendlysock linked to had this quote that indicates it should be easy if source is a knowledgeable insider:
“99% of what i’m talking about is “public” anyway. tesla isn’t encrypting their firmware and it’s really easy to glean information from the vpn with a packet cap because nothing inside the vpn (was) encrypted. dumping tegra 3 model s and x is trivial and tesla’s cars are nowhere near as secure as they’d have you believe.”
The odd foxy ye old graphic message Twitter feed aside, that is unverifiable.
It’s just another, granted larger, IOT device. And you could replace Tesla with pretty much any other company and not have to change any of the details.
Don’t Buy IOT devices! China wants to track everything. (As do most governments)
to those who are considering buying a Tesla, please consider purchasing something that isn’t connected to the Internet for your safety and the safety of others.
The mod correctly removed my commentary from the story because, per the guidelines (which I missed), it should be in a separate comment. So in reference to your question I’m copying the removed comment here for context:
Some highlights:
Tesla cars run on sketchy software that’s connected to the Internet 24/7
Tesla power charging stations will blacklist you if a complicated algorithm decides you need to be blacklisted
Employees can “ssh into” all cars
China wants new cars to report their locations to government databases
I share this as a public service announcement — to those who are considering buying a Tesla, please consider purchasing something that isn’t connected to the Internet for your safety and the safety of others. If you are working for an auto manufacturer, please consider how many lives you are putting at risk by connecting a 1+ ton speeding vehicle to a centralized server where hackers, or you own employees, can command and control them.
As far as what cars you can buy, there are many cars, new and old, that don’t have an Internet connection. Shop around. I personally plan to stick to used petrol based cars until auto manufacturers are able to design an electric car that I actually like.
Really? There are many new cars that don’t have internet connections? And software quality in most automobiles is appreciably better? Care to cite a source?
Indeed. People in cars represent a lucrative, and increasingly “captive” market for advertising.
This, coupled with the obvious interest of insurance companies and local tax authorities to know exactly where cars are and how fast they’re going will drive increasing addition of connectivity to cars. Note I did not say “adoption”, as it will be increasingly difficult to opt out of such connectivity.
You can buy older cars that are in good shape. The one I drive has no tracking devices. It’s pretty good on gas. Maintenance has been a few hundred this year. (Shrugs)
You gotta look carefully, though. Even low-end stuff might have tracking they dont advertise. At least they’re not remote-controlled, death machines.
The next frontier will be active, emination attacks on the computers trying to glitch them. Police in one area had something like that mounted on a helicopter. Low-cost, RF boards combined with high-output components will make those attacks cheaper. Might need TEMPEST sheilding for car computers even on older cars if expecting targetted attack.
Also, an older, common car will be cheap to fix due to being simpler (usually), part availability, commodity parts, and technician familiarity. There’s even junkyards out here like U-Pull-It that let you get parts out of wrecked or dead cars dirt cheap. Many parts are still fine even in a totalled vehicle.
Thanks. I can’t remember if it’s same company but same effect. The story also has this point supporting my recommendation of older vehicles in other comment:
“But because the device works on electronic systems, he acknowledged that it would not work on all older vehicles. ‘Certainly if you took a 1960s Land Rover, there’s a good chance you’re not going to stop it,’”
Might need really older vehicles for this one, though. Analog and mechanical systems to the rescue. :)
Let’s go back to those old slant-6s or straight 8s - 12mpg, spewing leaded gas fumes, heavy, none of that fancy electronic safety stuff like airbags, real distributors with points that could wear down, etc. Sadly, all engineering involves tradeoffs - if we are lucky
Most stuff your mentioning can be done without electronics or minimal use of them. They’re simple enough that they might also be able to use hardened electronics. There’s just nobody building cars that way due to no demand for RF-proof cars. We might see it happen in armored car side, though, if attackers start trapping important people in their cars.
The author notes in the original SA thread that this is really pretty normal. Anyone here knows perfectly well what horrors lurk under the shiny surface of most things that run on computers, and that civilisation is held together by hasty gaffer tape. It was an idle SA engineer war story, not something intended to be newsworthy.
And how do we know this is real and not just some troll making up a story?
This is the worst possible format for sharing information.
Can we not post scuttlebutt on twitter from a thread in the dedicated SomethingAwful technology shitposting forum?
how many comments of yours do you think are policing what people post here? 10%, 20%? Before you respond with something along the lines of “eternal september” or “hacker news” just know I’ve lurked at HN for almost as long as its been around and I had a computer in the late 80s.
It is kind of a garbage source. friendlysock is doing people a favor by pointing that out, and I wish I’d read his comment before I read the thread.
If you have any evidence that any of these claims are untrue (a rebuttal from Musk, Tesla, etc.), please share it with us.
Legal systems generally (not the French) go with innocent until proven guilty for a reason. CEOs would not have a lot of time in the day if they had to personally prove every accusation made against them or their company.
Funny, he seems to have time to respond to random twitter accounts all day.
Obviously means regular boring old CEOs, not the visionary ones aimed at Mars…
Taking your jab at French jurisprudence seriously, what do you mean by that? Is this some recent court case?
Because France basically invented the modern Continental legal framework (well, Napoleon overhauled the ancient Roman system) which is used all over Europe (and beyond!) today.
Sure, it is a well known fact that France is the European Guantanamo. 😏
I don’t think Tesla as a corporate entity or Musk as a private individual / CEO will dignify this source with any sort of acknowledgement. That’s a PR no-no.
However, if a personal actually trained in ferreting out the truth and presenting it in a verifiable manner (these people are usually employed as journalists) were to pull on this thread, who knows where it might lead?
The standards of evidence in most places, including science, are that you present evidence for your claims since (a) you should already have it and (b) it saves readers time. Bullshit spreads fast as both media and Facebook’s experiment show. Retractions and thorough investigations often don’t make it to same audience. So, strong evidence for source’s identity or claims should be there by default. It’s why you often see me citing people as I make controversial claims to give people something to check them with.
There’s nothing surprising about the employee’s claims. It’s like asking for evidence that Google spies on users. They admit to it, and so does Tesla. So there’s your evidence, and I think it’s sad that you’re taking these trolls here seriously.
Thanks for the link. Key point:
“Every Tesla has GPS tracking that can be remotely accessed by the owner, as well as by Tesla itself. That means that people will always know where a Tesla is. This feature can be turned off, by entering the car and turning off the remote access feature. I am not sure why you would want to do this, but you can. Unfortunately, there are ways for a thief to turn off the remote access feature, and this will blind you to the specific information about the car. It will not stop Tesla from being able to track the car. They will retain that type of access no matter what, and have the authority to use it in the instances of vehicle theft.”
re taking trolls seriously. We’re calling you out about posting more unsubstantiated claims via Twitter. If your goal is getting info out, then you will always achieve it by including links like you gave me in the first place. Most people aren’t going to endlessly dig to verify stuff people say on Twitter. They shouldn’t since the BS ratio is through the roof. Also, that guy didn’t just make obvious claims like they could probably track/access the vehicle: he made many about their infrastructure and management that weren’t as obvious or verifiable. He also made them on a forum celebrated for trolling. So, yeah, links are even more helpful here.
But the point isn’t to even say that everything written here is true. The point is to share a very interesting data point that likely constitutes primary source material, and force a reaction from Tesla to stop their dangerous practices (or offer them a chance to set the record straight if any of this is untrue, which we’ve established is unlikely).
“Dangerous” compared to what? Force how?
Low-effort regurgitation of screencaps is not some big act of rebellion, it is just a way of lowering quality and adding noise.
If we wanted to read fiction we could go enjoy the sister Lobster site devoted to that activity.
Being a troll is “a way of lowering quality and adding noise”.
Which is why several people are asking you to stop it.
Is there any evidence your tweets or Lobsters submissions have changed security or ethical practices of a major company?
If not, then that’s either not what you’re doing here or you should be bringing that content to Tesla’s or investors’ attention via mediums they look at. It’s just noise on Lobsters.
I agree with you in general, but this specific “article” is just garbage. (As far as I’m concerned, Twitter in general should be blacklisted from lobste.rs. Anything there is either content-free or so inconvenient to read as to be inaccessible.)
I agree. I did at least learn from your link that Arnnon Geshuri, Vice President of HR at Tesla, was a senior one at Google that some reports said was involved in the price fixing and abusive retention of labor here. That’s a great hire if your an honest visionary taking care of employees who enable your world-changing vision. ;)
This is not a news, it’s a raw source.
Until it’s proven, we shouldn’t consider these statements neither as news nor as fakes.
But IMHO, it’s pretty good material to verify for hackers.
Maybe someone on any of these threads has a Tesla, we have some pentesters on Lobsters, and maybe they let them see if a SSH response happens. That by itself would substantiate that claim with near-zero risk of damage. Well, there might some stuff to probe and crack to get to that part depending on implementation. And hacking a Tesla might void some warranty. ;)
EDIT: The thread friendlysock linked to had this quote that indicates it should be easy if source is a knowledgeable insider:
“99% of what i’m talking about is “public” anyway. tesla isn’t encrypting their firmware and it’s really easy to glean information from the vpn with a packet cap because nothing inside the vpn (was) encrypted. dumping tegra 3 model s and x is trivial and tesla’s cars are nowhere near as secure as they’d have you believe.”
The odd foxy ye old graphic message Twitter feed aside, that is unverifiable.
It’s just another, granted larger, IOT device. And you could replace Tesla with pretty much any other company and not have to change any of the details.
Don’t Buy IOT devices! China wants to track everything. (As do most governments)
Like what?
The mod correctly removed my commentary from the story because, per the guidelines (which I missed), it should be in a separate comment. So in reference to your question I’m copying the removed comment here for context:
As far as what cars you can buy, there are many cars, new and old, that don’t have an Internet connection. Shop around. I personally plan to stick to used petrol based cars until auto manufacturers are able to design an electric car that I actually like.
Really? There are many new cars that don’t have internet connections? And software quality in most automobiles is appreciably better? Care to cite a source?
https://www.wired.com/brandlab/2016/02/how-connectivity-is-driving-the-future-of-the-car/
Indeed. People in cars represent a lucrative, and increasingly “captive” market for advertising.
This, coupled with the obvious interest of insurance companies and local tax authorities to know exactly where cars are and how fast they’re going will drive increasing addition of connectivity to cars. Note I did not say “adoption”, as it will be increasingly difficult to opt out of such connectivity.
It’s your choice to live in a Ferengi dystopia.
Lacking off planet travel options, …
You can buy older cars that are in good shape. The one I drive has no tracking devices. It’s pretty good on gas. Maintenance has been a few hundred this year. (Shrugs)
You gotta look carefully, though. Even low-end stuff might have tracking they dont advertise. At least they’re not remote-controlled, death machines.
The next frontier will be active, emination attacks on the computers trying to glitch them. Police in one area had something like that mounted on a helicopter. Low-cost, RF boards combined with high-output components will make those attacks cheaper. Might need TEMPEST sheilding for car computers even on older cars if expecting targetted attack.
Also, an older, common car will be cheap to fix due to being simpler (usually), part availability, commodity parts, and technician familiarity. There’s even junkyards out here like U-Pull-It that let you get parts out of wrecked or dead cars dirt cheap. Many parts are still fine even in a totalled vehicle.
https://www.bbc.co.uk/news/technology-25197786
Thanks. I can’t remember if it’s same company but same effect. The story also has this point supporting my recommendation of older vehicles in other comment:
“But because the device works on electronic systems, he acknowledged that it would not work on all older vehicles. ‘Certainly if you took a 1960s Land Rover, there’s a good chance you’re not going to stop it,’”
Might need really older vehicles for this one, though. Analog and mechanical systems to the rescue. :)
Let’s go back to those old slant-6s or straight 8s - 12mpg, spewing leaded gas fumes, heavy, none of that fancy electronic safety stuff like airbags, real distributors with points that could wear down, etc. Sadly, all engineering involves tradeoffs - if we are lucky
Most stuff your mentioning can be done without electronics or minimal use of them. They’re simple enough that they might also be able to use hardened electronics. There’s just nobody building cars that way due to no demand for RF-proof cars. We might see it happen in armored car side, though, if attackers start trapping important people in their cars.