Ochwepheshe ababili bezokuphepha kwecala baveze lokhu muva nje okwazile ukuvula iminyango yeTesla ukude, usebenzisa i-drone efakwe i-Wi-Fi dongle. Abaphenyi bethule ubuhlakani babo engqungqutheleni yeCanSecWest ngokuqaphela ukuthi abadingi ukuxhumana nanoma ngubani osemotweni.
Lokho okubizwa ngokuthi ukuxhaphaza kwe- I- "Zero-Click" isetshenziswa ngaphandle kokuxhumana nomsebenzisi. Uma sekufakiwe, ungarekhoda imisindo ye-ambient nezingxoxo zefoni, uthathe izithombe, futhi ufinyelele iziqinisekiso zomsebenzisi, phakathi kwezinye izinto.
Izimbungulu ezethulwe ngabaphenyi be-cybersecurity uRalf-Philipp Weinmann, isikhulu esiphezulu seKunnamon, kanye noBenedikt Schmotzle, weComsecuris, empeleni zingumphumela wophenyo olwenziwe ngonyaka odlule. Ucwaningo lwenziwa ekuqaleni njengengxenye yomncintiswano I-Pwn2Own 2020 hack, inikela ngemoto neminye imiklomelo ephezulu yokugenca iTesla.
Lokho kusho, imiphumela idluliselwe ngqo kuTesla ngohlelo lwayo lwemivuzo yamaphutha ngemuva kokuthi abagqugquzeli bePwn2Own benqume ukususa isigaba sezimoto okwesikhashana ngenxa yobhadane lwe-coronavirus.
Ukuhlaselwa, kubizwe ngegama I-TBONE, isho ukuxhashazwa kwezinkinga ezimbili kuthinta iConnMan, umphathi woxhumano lwe-inthanethi wamadivayisi ashumekiwe. Ukuba sengozini okubili kuConnMan kwavumela uWeinmann noSchmotzle ukuthi benze imiyalo kuhlelo lukaTesla lwe-infotainment.
Eposini le-blog, UWeinmann noSchmotzle bachaze ukuthi umhlaseli angasebenzisa lezi zikhala ukuze alawule ngokuphelele uhlelo lwe-infotainment. kusuka kuTesla ngaphandle kokuxhumana komsebenzisi. Umhlaseli osebenzisa ukuba sengozini angenza noma yimuphi umsebenzi onokwenziwa ngumsebenzisi ojwayelekile kusuka ohlelweni lwe-infotainment.
Lokhu kufaka phakathi ukuvula iminyango, ukushintsha indawo yokuhlala, ukudlala umculo, ukulawula i-air conditioning, nokushintsha izindlela zokuqondisa nezimpintsha.
Nokho, abaphenyi baqaphele ukuthi ukuhlaselwa kwehlulekile ukulawula imoto. Bathe ukuxhashazwa kwakusebenza kumamodeli kaTesla S, 3, X, kanye no-Y. Kodwa-ke, kokuthunyelwe kwabo, bakubeke kwacaca ukuthi bebengenza okubi kakhulu ngokubhala ikhodi kubuchwepheshe be-infotainment kaTesla. UWeinmann uxwayise ngokuthi ukuxhaphaza kungenzeka kuphenduke isibungu. Lokhu kungenzeka ngokufaka i-feat ebizovumela ukuthi bakhe i-firmware ye-Wi-Fi ngokuphelele kuTesla, "okwenza kube yindawo yokufinyelela engasetshenziswa ukusebenzisa ezinye izimoto zakwaTesla eziseduze."
Nokho, abaphenyi bakhethe ukungakuhlaseli lokho.
"Ukwengeza ukuphakama kwelungelo lokusebenzisa njenge-CVE-2021-3347 ku-TBONE kungasivumela ukuthi silayishe i-firmware entsha ye-Wi-Fi emotweni yeTesla, okuyenze indawo yokungena engasetshenziswa ukuqhuba ezinye izimoto zakwaTesla ezisondele kakhulu imoto yesisulu. Kodwa-ke besingafuni ukushintsha lokhu kuxhashazwa kube yisibungu sekhompyutha, ”kusho uWeinmann. UTesla ulungise ukuba sengozini ngesibuyekezo esikhishwe ngo-Okthoba 2020 futhi kubikwa ukuthi uyekile ukusebenzisa iConnMan.
Abakwa-Intel nabo bazisiwe, njengoba inkampani bekungumqambi wokuqala weConnMan, kepha abacwaningi bathi umenzi walezi zinhlelo wabona ukuthi akusona isibopho sakhe ukulungisa amaphutha.
Abaphenyi bathole ukuthi ingxenye yeConnMan isetshenziswa kakhulu embonini yezimoto, okungasho ukuthi ukuhlaselwa okufanayo nakho kungaqaliswa kwezinye izimoto. UWeinmann noSchmotzle bagcine sebephendukela kuThimba Likazwelonke Lokuphendula Eziphuthumayo laseJalimane (i-CERT) ukuze lisize ukufundisa abahlinzeki abangahle bathinteke.
Akukaziwa ukuthi abanye abakhiqizi bathathe izinyathelo ngokuphendula. ekutholeni kwabaphenyi. Abaphenyi bachaze abakutholile engqungqutheleni yeCanSecWest ekuqaleni konyaka. Eminyakeni yamuva nje, abacwaningi be-cybersecurity abavela ezinkampanini ezahlukahlukene bakhombisile ukuthi iTesla ingagencwa, ezimweni eziningi ukude.
Ku-2020, ochwepheshe bezokuphepha bakwaMcAfee bakhombise iziphiwo ezikwaziyo ukuphoqa umsebenzi kaTesla wokushayela ozimele ukwandisa ijubane lemoto. Kwalungiswa izimbungulu ngo-Okthoba wangonyaka odlule, okusho ukuthi ukugqekeza akufanele kwenzeke namuhla.
Umthombo: https://kunnamon.io