 This is the DC 30 car hacking village we were here once before, but now it's filled with hackers hacking away on this Tesla right here. They haven't hooked up, they're doing physical security hacks, computer hacks, and everything in between. Right now I'm going to come and grab your mic and then talk to some of them. Hey, any chance you're able to talk me through what you guys are trying right now? Yeah. We tried a lot of things. What is the end goal of what you're trying to accomplish? Well, we'd love to get in the glove box. We would love to activate the sensors. We would love to be able to make the windows go up and down. We can't do any of those things without the key. We don't have the key. We don't have it paired to a phone. Pairing it to a phone would be awesome. You'd be able to do everything from your phone. So we've tried using the diagnostic port, the RJ45. These guys have been doing all the work I'm just talking. What we were talking about was if you fuzz, if you just send shit traffic, what is this going to do in response? Is it going to do anything at all? Is it just a dumb idea? So I think that's kind of where we were at. See if we could craft some packets or use a fuzzer or just throw it at this and just see what it would do. Could we get it to hard reboot? And so that's kind of where we're at right now. So are you looking for effectively O-Days or are you, there's actually known vulnerabilities that they've introduced that they're trying to exploit? Yeah, so yeah, I guess we're just looking, you could call it looking for O-Days, but I guess I'm just, I'm trying to find a way to do those things without the key. I guess the easier way of saying this, is this a fully updated Tesla or is it an older version of firmware that has vulnerabilities baked into it? It's actually a fan. It seems to be just off the line. We also reinstalled the software. So what I'm hearing though is you are starting from ground zero when you're hacking this thing, where the first step is going to be reconnaissance, open source reconnaissance, seeing what specs are there, different ways of connecting into the vehicle, and then step by step you're trying to find vulnerabilities. Fuzzing is a big one, seeing how it reacts to that. Yeah. If there's any way of interacting. Is there different protocols that you're using? Like over, is it over Wi-Fi? Are you hooking into a bus? Yes, both. And I showed up at this car today because I've never done this before and I've got one. I don't want to avoid my warranty so I figured Defconn's the perfect place to try some shit out to not avoid my warranty. So I mean I'm coming at this with basically no knowledge. I'm looking at it as if it's a computer. Because it is a computer. Yeah. It's got what, a rise in chip in it. I mean it's, right, I mean so I'm sure there's some other controls that I don't understand right now but I'm coming at it like it's a computer until I get feedback that there's something else that I have to be doing. There's some other protocol that I'm, you know, not knowledgeable in. Is there limitations on the contest where are you able to pull the dashboard off, see if there's somewhere else, hook up a digital logic analyzer and see that some of the raw communication? Yeah. Yeah, we can do anything, any physical tampering. We cannot, the goal is to try to get, try to attack through the OS is what we're trying to do. We have access to the screen, the two USB ports in the center console and RJ45 jack, service port underneath the dashboard. Technical question, I notice on the screen right now you have an ability possibly to update the software. Have you considered maybe grabbing the firmware down, modifying it and see if you can recreate the signature so that you can upload like malicious firmware? I mean it's a fantastic question. Okay, so how's it going to connect? It's going to connect using the cellular signal or it's going to connect using Wi-Fi. It prefers Wi-Fi. It's on DEF CON open. So do we know the, does this thing have like a MAC address? So if we're on the DEF CON open, we can identify, we can sniff the traffic and see what it looks like. If it's over HTTP, that will, that tells us something, right? I mean that's totally possible. Am I knowledgeable on what to do next? Probably not, but that's I think probably the first two steps. So maybe we wait until we, maybe we wait to hit that update button until we're ready to sniff the traffic. This is, it's fascinating. Thank you by the way for like kind of sharing the process of it and understanding like you, I kind of like came up to the contest thinking that this is a contest as a CTF. There's known vulnerabilities, but legitimately this is a fully updated Tesla. It has updated software and you're looking at it from ground up. How can we break into a fully patched one? Thanks for taking the time. Thanks for walking me through the process. Thank you for watching and as always, hack on.