Researcher Sets Up Tesla Model 3 Computer Hardware on Desk for Security Testing
By
driesdep
If you only eat one bagel today, this is the bagel.
Summary
A researcher describes their project to acquire Tesla Model 3 computer hardware from crashed vehicles on eBay in order to participate in Tesla's bug bounty program. The article details the process of obtaining the Media Control Unit (MCU) and autopilot computer, setting up the hardware on a desk, booting Tesla's operating system, and conducting security research. The piece explains the technical challenges, hardware components, and the researcher's motivations for studying Tesla's vehicle security systems outside of an actual car.
Key quotes
· 4 pulledTesla runs a bug bounty program that invites researchers to find security vulnerabilities in their vehicles. To participate, I needed the actual hardware, so I started looking for Tesla Model 3 parts on eBay.
The car computer consists of two parts - the MCU (Media Control Unit) and the autopilot computer (AP) layered on top of each other.
My goal was to get a Tesla car computer and touchscreen running on my desk, booting the car's operating system.
In the car, the computer is located in front of the passenger seat, roughly behind the glovebox. The part itself is the size of an iPad.
You might also wanna read
Hardware Security Analysis: Dumping Firmware and Bruteforcing ECC on Potensic Atom 2 Drone
Security researchers from Neodyme conducted hardware security research on the Potensic Atom 2 drone, documenting their process of desolderin
neodyme.io·4mo ago
Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws
Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode
anthropic.com·11h agoProject Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws
Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode
anthropic.com·11h ago
North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers
A cybersecurity threat report detailing how the threat actor group "Famous Chollima" (linked to North Korea) targeted PHP developers by comp
hendryadrian.com·12h ago
North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur
socket.dev·23h ago
Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware
Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta