Telsa hack alert

 Hello, I am an anonymous employee of the NSA working out of Fort Meade, Maryland. I feel it necessary to bring to the world’s attention an ongoing situation that is not being properly addressed by our government concerning vulnerabilities in software that are now under active exploit in the wild and are the subject of an extortionate scheme initiated by a Russian entity I believe you are familiar with.

You have heard about the businesses hit by the ransomware attack on Friday and their demand for $50 Million. What you have not heard is that, presumably on the basis of threats made by “Revil,” the NSA has urgently reached out to a few parties to urge them to plug security holes. One of them was Tesla’s Elon Musk, and the others were the IT departments of Samsung, LG, and Motorola, who are individually responsible for rollouts of security patches for their phones.

Here is what I believe is happening: At some point in the last two months, Samsung, LG, and Motorola were compromised and were made to send out faulty security patches that bestowed an outside entity with full control of any phone installing them. This is yet another example of a ‘trickle-down’ attack where devices that are dependent upon updates from a centralized server may be compromised En masse by breaching the security of only a few networks. As of yet, the IT departments of the companies that I’ve mentioned have not responded to our urgent messages, except to state that their security measures are adequate and that they’ll take the NSA’s alert under advisement.

Based upon snippets of conversations around the doughnut cart and water cooler that I’ve been able to hobble together, here is what I think is going on: The entity known as “Revil” has compromised virtually all Android devices in the United States and Europe. Their intention may be to hijack the Internet-connected Tesla automobiles in a way that perhaps the company was not expecting. Back in 2009, the NSA concluded that hackers were responsible for a series of incidents in which Toyota automobiles accelerated out of control due to a vulnerability that allowed an anti-theft system meant to disable cars and slowly bring them to a stop to be used by an unauthorized third party to disable the brakes and cause the car to accelerate.

In this case, the weak-point in security is Tesla’s infotainment system, which can be interfaced with using Bluetooth. The Revil attack seems to be based upon using drivers’ phones to take control of Teslas through the Bluetooth functionality of the phones. The malicious code now loaded into all Android devices receiving security updates from one of the aforementioned companies enables Revil to turn on Bluetooth functionality on the phone without the owner’s knowledge and run an automated brute force attack to form a connection with any Tesla automobile within range. Once this connection is established, a separate chunk of malicious code designed to work with the latest Tesla software configuration, is uploaded into the car through the infotainment system, where it takes root in the primary computer responsible for all of the functions of the car, including acceleration, braking, gear-shifting, and steering.

By breaching servers at Samsung, LG, and Motorola, Revil may well be able to ultimately affect tens of thousands of simultaneous high-speed automobile accidents that could involve not only Tesla drivers, but others on the road as well. It is alarming to me that we have not heard back from any of these companies with a plan for purging Android devices of the malicious code and that consumers are not receiving a direct alert.

We were assured a number of weeks ago that this criminal gang was dealt with after breach of the Colonial Pipeline but clearly this was not the case. The American people have the right to know about this danger, a philosophy that my superiors do not seem to share.


**

This is the only whistleblowing on a chan I've seen that seems believable. But I still have a few questions:

Why haven't android updaters rolled out any patches for this? It seems like something that they'd want to fix.

What makes you think that the goal of this would be to cause car accidents?

Do you know anything about where in the software distributed the connections are made? I might do some searching if I can get an idea of where to look.



****


It is not a known vulnerability, but it piggybacked in on a patch between a month ago and two months ago, if it exists.

We only found out about it because of logged communications recovered from servers we breached in the process of looking for those responsible for the Colonial hack. The logged emails alluded to an upcoming event in substantial enough detail to take it seriously, and enough to at least know how they intended to pull this off. I do not know which module of the uncompiled security update was affected, but I know it's a timeframe of less than 60 days. Somewhere in that period, they must have made a subtle change to files "to be compiled" on the LG/Samsung/Moto servers, something that wouldn't be noticed necessarily.

Causing car accidents is the least damage someone could do with this approach. They may also be able to turn automobiles 'on' on a timer wherever they happen to be and engage a rapid discharge of the battery, particularly from a overcharged state (which could be permitted if safety limits on charging are disengaged by the virus.)

They may intend to cause structure fires (homes) by igniting the batteries of garaged Teslas in addition to sending the ones on the road speeding out of control.

All the NSA can do in a situation like this is warn companies of specific and hypothetical threats, although in this case, it exists in the realm halfway between hypothetical and specific. Sure, they might have left those snippets of emails for us to find just to "troll" us, but I sincerely doubt that.

This is the kind of situation where I can envision a lot of hand-wringing after the fact a la "No one ever could have anticipated that Bluetooth could be used in this fashion to affect such mass death" but the fact is, Bluetooth hacks of Tesla's infotainment system were demonstrated years ago by Vice Magazine and very little was done to address it. This may be where Revil got the idea.

For Tesla's part, they might try looking very closely at whether firmwares have been modded without their input and to look for any instruction pertaining to a specific date and time that a hacker might want to coordinate all of this. Tesla firmwares update frequently, but here's the complication: The Android devices, all of them in the country, collectively, would re-infect all of the compromised Teslas in this scenario, if Tesla tried to restore firmware remotely to clean the slate. If they actually cared to, they might look at what lines of code are being changed by the virus, but that would require a reverse dump of the code already in the computers of the cars, something they don't normally do unless a software crash occurs, like any other software crash. My understanding is that Tesla would likely come back and claim they only have the capability to send updates, not to "crawl" the computer systems in the cars to check and see if a third party has altered them, although I would personally distrust such a claim. Such a virus would be designed to re-infect any Tesla in the event an unexpected firmware update runs.

***

In this scenario, which I must emphasize is a hypothetical scenario, the only Teslas that would be safe would be those that are street-parked, and here is why:

Overcharging the batteries is just one part of the equation. The engineers at Tesla did not anticipate that someone would ever be driving the car and charging the battery at the same time. Have you ever played a game on a smart phone and had the phone charging a the same time? Use of the phone makes it warm, in and of itself. Charging the phone makes it warm, in and of itself. Both charging and discharging at the same time, even with a small 5000mAh battery, brings the temp to safety limits.

Most Tesla owners garage their vehicles and charge at home, or even run an extension cord to a car in the driveway. If a virus were programmed to not only overcharge to 110%, but to execute a discharge and charge at the same time (safety protocols would ordinarily prohibit this for obvious reasons) then a fire would be a near-certainty.

Should such activity take place in the middle of the night, homeowners would likely not wake up until it was too late.

All of the safety features are based upon software, and that means they can be manipulated or made to stand down at will.









Comments

Post a Comment

Popular posts from this blog

The Mystery of Rh-Negative Blood Genetic Origin Unknown

Image
  Authenticity and legitimacy are based on factual history and the power of sacred history. What Does the absence of Rhesus monkey factor mean? No solid scientific explanation exists as to how or why Rh- blood came about. It is presumed to be the result of a random mutation. Have you ever felt you were weird or different? It may be due to your DNA ... 85% of humans have the monkey gene (RH+) and 15% do not (RH-) and maybe have an alien gene instead. RH- people are characterized by higher IQs, sensitive vision, lower body temperatures, sensitivity to heat and sunlight, psychic power, ability to stop watches and electrical appliances and having extra vertebrae. This film explores the possibility that we were bred as a slave race for labor, since 97% of our genetic code is disabled, with only 3% left for us to survive. RH negative blood group is from ANNUNAKI heritage Of the human blood types, O is the most common. It is a universal blood type. Blood types are further broken
Read more

Awareness of EBE Contact

David Jacobs      I would estimate that %99.99 of all abductees are unaware of what has happened to them. Perhaps many of them know that they have had strange, out of the ordinary experiences like missing time events, Out of Body Experiences, "astral travel," seen ghosts, or even had deceased relatives visit them at the foot of their beds, but these experiences are chalked up to "normality" oftentimes.      They have an available menu of culturally determined explanations of strange occurrences and they pick and chose among them to help explain what has happened to them. Only a tiny fraction of abductees have systematically explored their experiences with me or with Budd Hopkins and are fully aware of the situation that they are involved in. I have handed out a questionnaire geared toward helping me to gauge how many people might have had abductions. I have given it to about 900 students at Temple University over the past few years. Right now my statistics a
Read more

American Airlines Flight 77 Evidence

Image
American Airlines Flight 77 Evidence The following blog contains a straight forward, easy to follow and to the point list of evidence to show that American Airlines Flight 77, and only American Airlines Flight 77, hit the Pentagon on 11 September 2001. Table of Contents Video Evidence -  Original Footage (Higher quality and clearer) Eye Witnesses - Summary of 136 eye witnesses Damage - Aircraft damage to the Pentagon structure and surroundings Flight 77's RADAR information - Final Radar Track with ATC Audio Audio Records - Air Traffic Control recordings and others The Black Box; AAL77's Flight Data Recorder - The "Maneuver"; AAL77's final turn and dive Durability of Airliners to handle High Loads & Over-speed - Real world examples of airliners surviving near crash situations at high speed Passenger DNA Recovered Inside the Pentagon - Remains of September 11 Hijackers Held Bodies Recovered Inside the Pe
Read more