Hacking Tesla Model 3-A hackers perspective


Hacker takes a deep look at the security of Tesla Model 3 components

Tristan Price is a security researcher and a machine learning aficionado. He recently bought a Tesla Model 3 and decided to hack through the Tesla components checking for loopholes. He made a blog post detailing his finding about the way Tesla has managed to keep Tesla Model 3 hackproof.

Tesla Model 3

Tesla Model 3 is the first mass-market electric vehicle from Tesla. It was rolled out in 2017 and is quite popular around the world. The Model 3 comes in two models, Standard Range Plus version delivers 250 miles (402 km) on a full charge while the premium Long Range versions deliver 322 miles (518 km).

The Tesla Model 3 prides itself on its full self-driving hardware and components. This is what Tristan wanted to check and confirm. He warns that tinkering with Tesla cars could void its warranty and suggests signing up with Tesla Security Researcher Program if you are interested in checking Tesla components.

Tristan than proceeds with his study of the security of the hardware and software components in Tesla Model 3.

Internal Layout of the Car

He found that all the interior components of Tesla Model 3 are connected through an Ethernet switch. He detailed the connections as below:

  • cid/ice – this is the computer that controls the display and all of the media systems such as sound.
  • autopilot primary and secondary computers.
    • – ap/ape
    • – ap-b/ape-b
  • Gateway – this is primarily UDP server that controls the switch, vehicle config and proxies requests between the ethernet side (cid/autopilot) and the
    • CAN BUS to the motor controllers and sensors.
  • Modem – this is the LTE modem
  • Tuner – this is for the AM/FM radio. Not present on the newer Model 3 cars including mine. Not having an AM/FM radio does seem like a safety issue so I was surprised to see it was removed.

Secure Ethernet TCAM

He found that Tesla’s internal network uses a Marvel 88EA6321 as a switch. This is an automotive gigabit switch. The connections in Tesla use 100BASE-T1 which is a 2 wire PHY for ethernet. The autopilot computers, modem, tuner, gateway, CID all use 100Base-T1. Tesla Model 3 has two standard ethernet ports. One is located on the CID motherboard and has a standard Ethernet jack while the other is located in the driver side footwell and has a custom connector that is disabled by default.

TCAM is a special type of memory that can do very fast lookups/filters in a single cycle. The diagnostic jack on the CID motherboard can only access port 8080 (Odin) and 22 (SSH) on the CID which is accessible only via Odin. Tristan says that these codes are changed daily with access only to the service guys.


Instead of using OpenVPN, the Model 3 runs a proxy service called Hermes. Hermes is a relatively simple service that can proxy unauthenticated requests on the CID to the mothership. Hermes also allows Tesla to make requests to the car itself and fetch logs from it. Presumably, this is how Tesla can enable features such as Full Self-Driving over the air without a full software update as well as do remote service.

Read more about the hacker who found Gmail, Spotify and YouTube data on used Tesla Infotainment components


Every car is issued unique client certificates for Hermes/OpenVPN and they’re periodically rotated. This makes it quite hard to do things like grabbing firmware images or inspect Tesla’s backend since you first have to get root access to a car. Tristan says it is impossible for hackers to access these certificates and fake them.


The software in Tesla Model 3 is controlled by Odin. Odin is a Python 3 and used by Tesla for various maintenance actions on the car such as calibrating the radar and the cameras. If you connect to the internal car network you can access it at

Odin contains a list of tasks and networks. The tasks can only be executed by some on in Tesla with specific permissions. The networks are very close to JSON but stored in .py files.


Tesla’s service tool is called Toolbox which has two versions.

  1. A program you can download and runs under windows: https://toolbox.teslamotors.com/
  2. And a newer web-based tool: https://toolbox.tesla.com/

The Toolbox contains auth tokens as well as the task names. Unline older Tesla cars, the Toolbox is implemented through Odin and requires signed certs from Tesla.


To SSH into the Tesla Model 3, you need an SSH certificate for that car signed by the Tesla CA or one of their recovery keys. To ensure that one leaked cert won’t be reused elsewhere the keys include a “principle” that is unique for every car.

Protocols & Ciphers

Tesla Model 3 uses versions of OpenSSH and OpenSSL from 21 April 2020 which don’t have any known vulnerabilities.


All of the firmware blobs deployed to the various controllers around the car are signed by Tesla. The updater checks the signature before updating to ensure nothing weird is going on. This means we can’t MITM the updater to install a modified firmware.

If you can bypass the seceth rules you can talk directly to the updater and manually give it an image to install but it has to be signed by Tesla.


There’s a service running on the car called Escalator. This is a service that allows specific requests, from specific processes/users to run as root. In Model 3 all authorizations are elevated and run through a single point. Tristan says this is the most vulnerable component of Tesla Model 3.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments