PSA: If your wall connector loses wifi, it'll just throw your charging schedules out the window and turn on/off sporadically. This is especially noteworthy if you have Time of Use billing :| SET THE TIMER ON THE CAR DIRECTLY!
It also fits the broader theme here: too much important behavior seems to live in the "application layer" of the charger, while the more durable source of truth is elsewhere.
I spent an hour yesterday getting the wall connector back on my wifi. Apparently last October when I added wifi 7 access points my network started working in WPA2/WPA3 mode and the wall connector wasn’t compatible with that. Ended up having to create a second SSID with WPA2 only support to get it back online.
Supposedly the newest update fixes that, but I haven’t taken the time to test that out.
But WiFi is shocking my fragile on these wall connectors, I’ve had a lot of trouble keeping it connected to my home network over the years.
One thing I'm really scared of is EV charger software being modified by users, hackers or bugs to pull max power at times that don't suit the grid.
In the UK, for example 10 million EVs all pulling 7kw would overwhelm the roughly 70GW potential of the grid. Even a million EVs charging at an inconvenient time could add a 7GW draw which is enough cause a problem.
It will first damage the batteries very fast, second, most users don't want to mess with that, they want to plug and play. So, on both counts your fears are misplaced.
It creates a wifi access point in your garage that you cannot turn off:
TeslaWallConnector_<unique-id>
some people were able to downgrade their firmware to a version that didn't do that, but i guess this article shows telsa got rid of that ability.
I would love to be able to hack any firmware to disable that.
I also read that a connected tesla car can force an over-the-air firmware update maybe through the charging cable or wifi, but I haven't verified that.
The SSID stops broadcasting after the unit is commissioned, unless you're using power sharing between multiple units. In that case the SSID is used for the units to communicate.
Why use Tesla wall connector in a first place and not just the standard nema/dryer outlet with the Tesla cord/charger? It seems like people are overpaying for nothing.
It clearly seems people have different meanings to the word, then.
For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack. To me, it doesn't matter why or who is doing the steps.
In fact, I believe I have never before heard someone combine the meaning of the word to be related to the ownership of the device being hacked.
I suspect the number of people understanding the word in your way is a minority. Redefining terms doesn't help build mutual understanding: here we are taking a word some think has negative connotations and then remove the thing they think should be cool and ok, and then suggest that this is actually the real meaning of the word. Personally I don't think this is how words should be wielded.
> For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack.
This exploit is delivered through the charging cable to the wall box. These wall boxes are sometimes intentionally located in public spaces with the intent of allowing public charging, and Tesla has features specifically for that use case, so that cable is absolutely expected to be plugged in to untrusted vehicles.
Eh, that’s a bad generalization. defense in depth is a thing and there are many cases where you’d want to protect against attackers with physical access
This isn't designed to stop attackers with physical access. This is designed to stop casual tinkerers and shade tree mechanics.
You know what isn't vulnerable? A "dumb" offline charger. You know what doesn't make any money or turn the consumer into another product? A "dumb" offline charger.
If it were about physical security, the suggested fix would be to remove the communication from the port entirely.
Companies shouldn't get to make something simple and secure into something inherently insecure and then iterate security into it. Like drive by wire steering, or brakes. Nobody asked for these things and if you ask ANYONE who works on, builds, or actually enjoys cars the consensus is NOBODY wants it.
But there are enough sophomoric, pedestrian car owners out there who gawk at the senseless overdeployment of technology and think "this is so convinient" and don't see it as 1) regulatory barrier building and gatekeeping 2) enabling vendor lock in 3) overcoming right to repair legislation. So the knowledgeable and enthusiastic voices of reason who care about cars get drowned out by the hoard of pedestrian geeks who couldn't imagine operating a car without at least a 16 inch touchscreen.
In security, the best defense is not introducing a vulnerability at all. There is value in having less code. For example, if your PaaS doesn't collect user SSNs... then it can't lose SSNs in a breach.
The question here should not be "why is this not secure." The question should be "why does this even need to be secure in the first place?" We have a very simple task to do and we've complicated it so much we've introduced vulnerability that didn't exist previously.
I had the foolish idea of installing a Tesla charger at home to charge my Bolt. I’ve been unable to ever use it.
The wall charger works fine with Teslas.
My car and adapter charge fine at Tesla superchargers.
But the home Tesla charger refuses to charge my Bolt.
(Yes I disabled vehicle restrictions and tried all sorts of combinations of settings for weeks before giving up. Tesla support was useless of course)
Publicly accessible piece of equipment that could have a pseudo-trusted connection to an internal network (since they're connected to the Tesla Cloud(tm)).
Picturing someone rolling up to a charger outside of a large office building, 'plugging in', exploiting the charger via the communications, then using the charger to pivot inwards.
PSA: If your wall connector loses wifi, it'll just throw your charging schedules out the window and turn on/off sporadically. This is especially noteworthy if you have Time of Use billing :| SET THE TIMER ON THE CAR DIRECTLY!
It also fits the broader theme here: too much important behavior seems to live in the "application layer" of the charger, while the more durable source of truth is elsewhere.
I spent an hour yesterday getting the wall connector back on my wifi. Apparently last October when I added wifi 7 access points my network started working in WPA2/WPA3 mode and the wall connector wasn’t compatible with that. Ended up having to create a second SSID with WPA2 only support to get it back online.
Supposedly the newest update fixes that, but I haven’t taken the time to test that out.
But WiFi is shocking my fragile on these wall connectors, I’ve had a lot of trouble keeping it connected to my home network over the years.
or, use Home Assistant to handle your charging schedules.
or even better, use EVCC https://github.com/evcc-io/evcc
One thing I'm really scared of is EV charger software being modified by users, hackers or bugs to pull max power at times that don't suit the grid.
In the UK, for example 10 million EVs all pulling 7kw would overwhelm the roughly 70GW potential of the grid. Even a million EVs charging at an inconvenient time could add a 7GW draw which is enough cause a problem.
It will first damage the batteries very fast, second, most users don't want to mess with that, they want to plug and play. So, on both counts your fears are misplaced.
I hate the gen 3 wall connector.
It creates a wifi access point in your garage that you cannot turn off:
some people were able to downgrade their firmware to a version that didn't do that, but i guess this article shows telsa got rid of that ability.I would love to be able to hack any firmware to disable that.
I also read that a connected tesla car can force an over-the-air firmware update maybe through the charging cable or wifi, but I haven't verified that.
The SSID stops broadcasting after the unit is commissioned, unless you're using power sharing between multiple units. In that case the SSID is used for the units to communicate.
by commissioned you mean "connect it to your home wifi and let it talk to tesla"? (i won't do that)
because it hasn't gone away after configuring the setup stuff (amps, etc)
Yes, obviously. If you didn't want that, you should have bought another charger, maybe Bluetooth only, and add your home-grown layer on top of it.
Mine did
And make sure the firmware is up to date. Mine is at 26.2.2.
Thank you. This information is not listed anywhere and I am currently getting quotes for solar panel build.
Why use Tesla wall connector in a first place and not just the standard nema/dryer outlet with the Tesla cord/charger? It seems like people are overpaying for nothing.
I can do 48A @ 240V with my wall connector. It's also very convenient.
Repeat after me:
An owner voluntarily downgrading firmware to gain control of your hardware IS NOT A HACK.
And if an adversary is doing this, then they have already breached yoir physical security.
It clearly seems people have different meanings to the word, then.
For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack. To me, it doesn't matter why or who is doing the steps.
In fact, I believe I have never before heard someone combine the meaning of the word to be related to the ownership of the device being hacked.
I suspect the number of people understanding the word in your way is a minority. Redefining terms doesn't help build mutual understanding: here we are taking a word some think has negative connotations and then remove the thing they think should be cool and ok, and then suggest that this is actually the real meaning of the word. Personally I don't think this is how words should be wielded.
> For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack.
Yep. The owner of the device can sue you.
This exploit is delivered through the charging cable to the wall box. These wall boxes are sometimes intentionally located in public spaces with the intent of allowing public charging, and Tesla has features specifically for that use case, so that cable is absolutely expected to be plugged in to untrusted vehicles.
It's a car the charging port is a viable physical perimeter, letting people inject code at the pump is a risk of design, not user error.
I thought the same thing. How white hat do you have to be to consider ineffective DRM a vulnerability?
Eh, that’s a bad generalization. defense in depth is a thing and there are many cases where you’d want to protect against attackers with physical access
This isn't designed to stop attackers with physical access. This is designed to stop casual tinkerers and shade tree mechanics.
You know what isn't vulnerable? A "dumb" offline charger. You know what doesn't make any money or turn the consumer into another product? A "dumb" offline charger.
If it were about physical security, the suggested fix would be to remove the communication from the port entirely.
Companies shouldn't get to make something simple and secure into something inherently insecure and then iterate security into it. Like drive by wire steering, or brakes. Nobody asked for these things and if you ask ANYONE who works on, builds, or actually enjoys cars the consensus is NOBODY wants it.
But there are enough sophomoric, pedestrian car owners out there who gawk at the senseless overdeployment of technology and think "this is so convinient" and don't see it as 1) regulatory barrier building and gatekeeping 2) enabling vendor lock in 3) overcoming right to repair legislation. So the knowledgeable and enthusiastic voices of reason who care about cars get drowned out by the hoard of pedestrian geeks who couldn't imagine operating a car without at least a 16 inch touchscreen.
In security, the best defense is not introducing a vulnerability at all. There is value in having less code. For example, if your PaaS doesn't collect user SSNs... then it can't lose SSNs in a breach.
The question here should not be "why is this not secure." The question should be "why does this even need to be secure in the first place?" We have a very simple task to do and we've complicated it so much we've introduced vulnerability that didn't exist previously.
Any system where your defense in depth involves UDS is pretty much guaranteed to be broken though.
They shouldn’t be able to do it through the charging cable though lol
Arguably it’s a crack. A good one, though.
I mean its still technically hacking, but not all hacking is bad/illegal.
Why would I want to hack the bootloader for a wall charger? Asking for a friend
You can bypass vehicle restrictions. You could potentially then use it for J1772-compatible EVs (like a Chevy Bolt or Nissan Leaf)
Or just for the spirit of actually owning the shit you pay for.
I don't think there are any restrictions. I think j1772 might just work with an adapter (adapt from the nacs plug to the j1772 plug)
I thought tesla even made a j1772 native wall connector.
There are some restrictions.
I had the foolish idea of installing a Tesla charger at home to charge my Bolt. I’ve been unable to ever use it.
The wall charger works fine with Teslas. My car and adapter charge fine at Tesla superchargers.
But the home Tesla charger refuses to charge my Bolt. (Yes I disabled vehicle restrictions and tried all sorts of combinations of settings for weeks before giving up. Tesla support was useless of course)
Restriction or bug, same difference.
Really gross. I have a gen 1 charger and it's dumb as bricks. Basically just a giant relay.
I guess I could see why you might want to restrict who can use your charger, but I really prefer the "dumb as bricks" version I currently have.
Can confirm. I've used an adapter to charge 2 different non-Tesla cars off my wall connector.
I use my Gen 1 Tesla Wall Connectors to charge my NACS-native Lucid Gravity.
What vehicle restrictions? This is for the Tesla home charger, not Superchargers.
Older models are locked to Tesla vehicles. Tesla has regional restrictions in many parts of the world.
You also never know when there could be another update and your region becomes one of those that has these restrictions.
Some don't support j1772 adapters with non Tesla vehicles
Exactly. Charge both my Tesla and my leaf with mine.
Publicly accessible piece of equipment that could have a pseudo-trusted connection to an internal network (since they're connected to the Tesla Cloud(tm)).
Picturing someone rolling up to a charger outside of a large office building, 'plugging in', exploiting the charger via the communications, then using the charger to pivot inwards.
To play doom on it?
Implement your own payment provider