The main things are removing the cellular connection and disabling the connection back to the Tesla services. Back in the old days you could pull the SIM card, root the center and driver’s displays, setup firewall rules to block traffic to/from the Tesla servers, and disable the VPN.
This is more difficult with the newer models. You can still pull the SIM, but would need to get creative for root access since it is a continuous game of whack-a-mole between the root methods and patches.
Will certainly be a bummer if they do go under, I really appreciated their serviceability. Have several in the immediate family that have been going for over 7 years at this point though all kinds of calamities. Each time can I just pop out all the components clean/replace as necessary and get it back in service, good as new.
I set the VPN tunnel from the VPS to deny everything to the internal network by default, then put the services that need to be accessed on the allow list in the firewall. So the VPN endpoint from the VPS can only hit the very specific IPs/ports/protocols that were explicitly allowed. There is still the possibility of a compromise chain of VPS->service->container/VM->hypervisor->internal network access, but I feel comfortable with those layers.
You could also setup an IDS such as Snort to pick up on that exploit traffic between the services and internal VPN endpoint if extra security is necessary on top of fail2ban and log alerts on the VPS.
Trace Route. The *NIX equivalent command is traceroute, Windows shortened it to tracert.
Yeah, Tesla is certainly not the first ones to have this design or issues with it:
Any chance you are using a Thunderbolt device such as a network adapter or external drives? I had the issue on a NUC 10 where it would randomly drop the TB devices every few weeks and occasionally appear to be frozen. The latest firmware update finally took care of it.
This is handled by the inverter and charging modules, some use FPGA chips others use dedicated ASICs, but it doesn’t require anything wild in terms of raw compute power, mostly up to having good algorithms to handle the situations correctly. Nothing more than a modern ICE engine which needs to very precisely manage intake and exhaust cam phasing, ignition timing, intake pressure, and multiple injections per cylinder/cycle along with monitoring a multitude of sensors to keep everything in tolerance. In terms of simplicity, the first automobiles at the turn of the century were electric before the ICE caught on thanks to the advent of the electric starter and limitations in battery technology at the time.
The headline is misleading. Roku didn’t get hacked and leak accounts. There were ~15000 customers that had accounts accessed due to credential stuffing. Aka, they reused passwords on other sites that had leaks and hackers tried those credentials on their Roku accounts and got into them.
Depends what you want to do. They don’t require a network connection to operate as a vehicle. So if you don’t care about the remote app features (local ones such as lock/unlock still work over BLE), live traffic, streaming music or updates, then a network connection isn’t necessary.
If you do want any of those features, then you would need to either get root access to the gateway and infotainment systems to modify the endpoints or take over the C&C server (formerly named “mothership”) domains and certificates.