OVMS v3 v3.2.001 Over-the-Air firmware update

Today, we are pleased to release v3.2.001 to Early Access Program (EAP) participants. This is the first public v3.2 version, and introduces an entirely new scripting framework based on an embedded javascript engine. Now, custom javascript modules and functions can be written to respond to system events. In addition, a host of other UI changes enhancements have been made.

A summary of the major changes is here:

Vulnerability Announcement: Tesla Roadster vulnerable to brute-force unlock via CAN bus


The Tesla Roadster instrumentation CAN bus (running at 1MHz) supports a CAN bus message to lock/unlock the car as well as enable/disable valet mode. Authentication on this message is via simple user PIN code which is typically 4 digits (but can be up to 8 digits).

It appears that this is vulnerable to brute-force attack as there is no rate limiting on reception/interpretation of that message.


The CAN bus message is: