Comment by dwa3592
1 day ago
Interesting.
> A REST-like API on :8080 which returned a history of “tasks”
I am curious to know what kind of historical tasks- since it's a media control unit; does it show what kind of media was being played in the last trip? does it reveal any other info about the driver?? There might be a privacy angle here that you could exploit and share it with Tesla.
They hit Odin. Odin is the diagnostic tool of Tesla. The tasks they've seen are like "TEST_BRAKE_X_STIFFNESS-TEST-PRESSURE-BURNISHED" and are used to test different components of the car. They're also used for example to reset FSD strikes.
In Tesla terms, the infotainment does much more than just playing music - it has full access to the rest of the car.
I remember back when Chrysler did that and researchers were able to shut a Jeep down mid-drive by attacking the internet-connnected infotainment. This doesn't sound great.
You need to be physically connected to the ethernet port and service mode must be enabled. On top of that, to run these you need service mode plus, which requires a subscription (signed JWT). Additionally, IIRC, most of these can't be run if the car is not in park.