Depends what you want to do. They don’t require a network connection to operate as a vehicle. So if you don’t care about the remote app features (local ones such as lock/unlock still work over BLE), live traffic, streaming music or updates, then a network connection isn’t necessary.

If you do want any of those features, then you would need to either get root access to the gateway and infotainment systems to modify the endpoints or take over the C&C server (formerly named “mothership”) domains and certificates.

Will certainly be a bummer if they do go under, I really appreciated their serviceability. Have several in the immediate family that have been going for over 7 years at this point though all kinds of calamities. Each time can I just pop out all the components clean/replace as necessary and get it back in service, good as new.

I set the VPN tunnel from the VPS to deny everything to the internal network by default, then put the services that need to be accessed on the allow list in the firewall. So the VPN endpoint from the VPS can only hit the very specific IPs/ports/protocols that were explicitly allowed. There is still the possibility of a compromise chain of VPS->service->container/VM->hypervisor->internal network access, but I feel comfortable with those layers.

You could also setup an IDS such as Snort to pick up on that exploit traffic between the services and internal VPN endpoint if extra security is necessary on top of fail2ban and log alerts on the VPS.

Trace Route. The *NIX equivalent command is traceroute, Windows shortened it to tracert.

Most likely with an impact that severe, the passengers were either killed or incapacitated on impact, especially giving the fact none of the others were noticed trying to escape when the bystander broke out a window.

The front doors do have easily accessible manual releases on all of the models.

That being said, for the ones ‘equipped’ with the emergency feature for the rear, it is a manual release cable buried under the speaker grill, which is something very few passengers would know about in the first place, much less have the presence of mind or physical capability to remove the speaker grill and find/pull the cable.

Seems someone doesn’t understand how OAuth works. It does not automatically give full access to your social media accounts, location history, and device cameras as the video says.

Using the Google button for instance will tell you exactly what permissions are being requested every time you login. Generally, it will be name, email, language, and sometimes profile picture. Aside from the profile picture you would give all the same information anyway to create an account. At least with OAuth there is no worry about passwords, especially for people who don’t have good password practices and reuse passwords between different sites.

Pretty crazy that just a few years ago the world’s largest battery was the Hornsdale Power Reserve at 129MWh. Now this battery at the Giga Texas factory is going in with 262MWh.

This seems to stem from a report where they found if one specific pin on one IC in the inverter dropped below 2V it could cause the pedal position to be read as high during that time. The claim is that the 12V rail for the vehicle could drop to 2V and trigger the issue. I don’t see how this could happen without basically the entire car either shutting down, the brief power dropout being recorded in one of many modules that log voltage, or at the very worse case the erroneous input only lasting the duration of the voltage drop. None of which would cause the claimed unintended acceleration.

The article links to a Twitter thread on this which goes into more details of those points. It is certainly good to be looking for any possible cause but this seems quite contrived. A proof of concept demonstration on an actual vehicle would be much more telling.