bayanai game da a cikin shirya kariya a cikin hanyar sadarwa na Tesla, wanda ya sa ya yiwu a yi watsi da kayan aikin da ke hulɗa da motoci masu amfani. Musamman matsalolin da aka gano sun ba da damar samun damar shiga uwar garken da ke da alhakin kula da tashar sadarwa tare da motoci da aika umarni da ake yadawa ta hanyar aikace-aikacen hannu.
A sakamakon haka, maharin ya sami damar samun tushen tushen tsarin bayanai na kowace mota ta hanyar kayan aikin Tesla ko kuma aika umarnin sarrafawa zuwa motar. Daga cikin abubuwan, an nuna ikon aika umarni kamar kunna injin da buɗe kofofin motar. Don samun damar shiga, duk abin da ake buƙata shine sanin lambar VIN na motar wanda aka azabtar.
An gano raunin a farkon 2017 ta mai binciken tsaro Jason Hughes
(), wanda nan da nan ya sanar da Tesla game da matsalolin kuma ya bayyana bayanan da ya gano kawai shekaru uku da rabi bayan lamarin. An lura cewa Tesla a cikin 2017 ya gyara matsalolin cikin sa'o'i bayan samun sanarwar rashin lafiyar, bayan haka ya ƙarfafa kariyar kayan aikin sa. Domin gano raunin, an biya mai binciken tukuicin dalar Amurka dubu 50.
Binciken matsaloli tare da kayan aikin Tesla ya fara ne tare da ƙaddamar da kayan aikin da aka bayar don saukewa daga gidan yanar gizon . Masu amfani da motocin Tesla tare da asusun akan sabis na gidan yanar gizon.teslamators.com an ba su damar sauke duk kayayyaki don masu haɓakawa. An rufaffen nau'ikan kayayyaki a hanya mafi sauƙi, kuma an ba da maɓallan ɓoye ta hanyar sabar iri ɗaya.
Bayan da aka tattara abubuwan da aka samu a cikin lambar Python, mai binciken ya gano cewa lambar tana ƙunshe da takaddun shaida na sabis na Tesla daban-daban waɗanda ke kan hanyar sadarwar cikin gida na kamfanin, wanda aka samu ta hanyar VPN. Musamman, a cikin lambar mun sami damar nemo takaddun shaidar mai amfani na ɗaya daga cikin runduna a cikin yanki na "dev.teslamators.com" da ke kan hanyar sadarwa ta ciki.
Har zuwa 2019, don haɗa motoci zuwa sabis na Tesla, an yi amfani da VPN dangane da kunshin OpenVPN (daga baya an maye gurbinsu da aiwatar da tushen websocket) ta amfani da maɓallin da aka samar don kowace mota. An yi amfani da VPN don tabbatar da aiki na aikace-aikacen wayar hannu, samun jerin tashoshin cajin baturi, da sauran ayyuka iri ɗaya. Mai binciken yayi kokarin duba hanyar sadarwar da ake samu bayan ya haɗa motarsa ta hanyar VPN kuma ya gano cewa rukunin yanar gizon da ke isa ga abokan ciniki bai keɓance sosai daga cibiyar sadarwar Tesla ba. Daga cikin wasu abubuwa, ana iya isa ga mai watsa shiri a cikin reshen yanki na dev.teslamators.com, wanda aka sami takaddun shaida.
Sabar da aka daidaita ta zama kullin sarrafa tari kuma tana da alhakin isar da aikace-aikace zuwa wasu sabar. Bayan shiga cikin ƙayyadaddun rundunar, mun sami damar samun ɓangaren tushen lambar tushe don ayyukan Tesla na ciki, gami da mothership.vn da firmware.vn, waɗanda ke da alhakin watsa umarni ga motocin abokin ciniki da isar da firmware. An kuma sami kalmomin shiga da shiga don samun damar PostgreSQL da MySQL DBMS akan sabar. A kan hanyar, an nuna cewa ana iya samun damar yin amfani da yawancin abubuwan da aka gyara ba tare da takaddun shaidar da aka samo a cikin kayan aikin ba; ya zama cewa ya isa ya aika buƙatar HTTP zuwa API ɗin Yanar Gizo daga gidan yanar gizon da ke isa ga abokan ciniki.
Daga cikin wasu abubuwa, an samo wani tsari akan uwar garken, wanda a ciki akwai fayil good.dev-test.carkeys.tar tare da maɓallan VPN da aka yi amfani da su yayin aikin ci gaba. Maɓallan ƙayyadaddun sun juya suna aiki kuma sun ba mu damar haɗi zuwa VPN na ciki na kamfanin vpn.dev.teslamotors.com.
Hakanan an sami lambar sabis ɗin uwar uwa akan uwar garken, binciken wanda ya ba da damar tantance abubuwan haɗin kai zuwa yawancin ayyukan gudanarwa. An gano cewa yawancin waɗannan ayyukan gudanarwa suna samuwa akan kowace mota, idan an haɗa su ta amfani da maɓallan VPN da aka samo don masu haɓakawa. Ta hanyar sarrafa ayyukan, yana yiwuwa a fitar da maɓallan shiga da aka sabunta yau da kullun don kowace mota, da kwafi na takaddun shaidar kowane abokin ciniki.
Bayanin da aka ƙayyade ya ba da damar tantance adireshin IP na kowace mota da aka kafa haɗin tare da ita ta hanyar VPN. Tun da gidan yanar gizo na vpn.dev.teslamators.com ba a raba shi da kyau ta hanyar Tacewar zaɓi, ta hanyar sauƙi na sarrafa motsi yana yiwuwa a isa adireshin IP na abokin ciniki kuma ya haɗa da motarsa ta hanyar SSH tare da haƙƙin tushen, ta amfani da takardun shaidar abokin ciniki a baya.
Bugu da kari, sigogin da aka samu don haɗin VPN zuwa cibiyar sadarwar ciki sun ba da damar aika buƙatun zuwa kowace mota ta hanyar gidan yanar gizon API mothership.vn.teslamators.com, waɗanda aka karɓa ba tare da ƙarin tabbaci ba. Misali, a lokacin gwaje-gwajen yana yiwuwa a nuna ƙayyadaddun wurin da motar take a yanzu, buɗe kofofin kuma fara injin. Ana amfani da lambar VIN ɗin abin hawa azaman mai ganowa don zaɓar makasudin kai hari.
source: budenet.ru