PSA: If your wall connector loses wifi, it'll just throw your charging schedules out the window and turn on/off sporadically. This is especially noteworthy if you have Time of Use billing :| SET THE TIMER ON THE CAR DIRECTLY!
It also fits the broader theme here: too much important behavior seems to live in the "application layer" of the charger, while the more durable source of truth is elsewhere.
I spent an hour yesterday getting the wall connector back on my wifi. Apparently last October when I added wifi 7 access points my network started working in WPA2/WPA3 mode and the wall connector wasn’t compatible with that. Ended up having to create a second SSID with WPA2 only support to get it back online.
Supposedly the newest update fixes that, but I haven’t taken the time to test that out.
But WiFi is shocking my fragile on these wall connectors, I’ve had a lot of trouble keeping it connected to my home network over the years.
Does the tesla wall connector offer Ethernet? Honestly I feel like most devices that are not expected to move around should at least offer it as an option (exceptions being for things where it’s not feasible like smart bulbs, smart locks, etc). If anything it’ll remove congestion for things that can’t realistically be wired.
It creates a wifi access point in your garage that you cannot turn off:
TeslaWallConnector_<unique-id>
some people were able to downgrade their firmware to a version that didn't do that, but i guess this article shows telsa got rid of that ability.
I would love to be able to hack any firmware to disable that.
I also read that a connected tesla car can force an over-the-air firmware update maybe through the charging cable or wifi, but I haven't verified that.
The SSID stops broadcasting after the unit is commissioned, unless you're using power sharing between multiple units. In that case the SSID is used for the units to communicate.
Can I ask why don't you want a Tesla charger talking to Tesla? Seems a bit odd if you already own a Tesla vehicle that is just piping the data to Tesla all the time.
One thing I'm really scared of is EV charger software being modified by users, hackers or bugs to pull max power at times that don't suit the grid.
In the UK, for example 10 million EVs all pulling 7kw would overwhelm the roughly 70GW potential of the grid. Even a million EVs charging at an inconvenient time could add a 7GW draw which is enough cause a problem.
Incoming voltage monitoring is a requirement for EV chargers in the UK. The sudden huge demand would result in a voltage drop, the chargers would then detect the under-voltage condition and they'd stop charging.
It will first damage the batteries very fast, second, most users don't want to mess with that, they want to plug and play. So, on both counts your fears are misplaced.
In the event of an internet outage, wall box chargers are legally required to default on. In practice most chargers interpret this as taking the full 7kw - whether this is a bug or misreading of the intent of the law doesn't really matter from the perspective of the grid.
Large ISP outages that affect millions of people are not uncommon on a decade by decade basis, and I suspect an uncomfortable number of UK EV chargers are in some way linked to eu-west-2.
It sounds like a genuine attack vector to me. If someone hacked say teslas firmware supply chain and made all chargers pull max power at the same time, it could be a national infrastructure crippling attack.
Why use Tesla wall connector in a first place and not just the standard nema/dryer outlet with the Tesla cord/charger? It seems like people are overpaying for nothing.
You don't want to use a standard outlet, since it's not designed to handle full current(?) for hours. There are special outlets for EV charging, and they work outdoors. Just be very sure to have a GFCI breaker behind it.
There are a lot of different mobile chargers, if you don't like the specs on the Tesla charger buy a different one. Though do beware that cheap 50A receptacles cannot handle 50 amps continuous. They are for stoves (max 40A), or welders (low duty cycle since you spend more time in setup then welding - assembly lines use better receptacles)
I can confirm this. Our Model 3 doesn't charge as fast using a NEMA 14-50 plug connected via the Tesla-provided mobile charger.
When we moved to a new house, we bought a Tesla wall charger, and it indeed charges at higher amps, but I don't know if the extra speed has necessarily been worth it since we primarily charge the car overnight.
It clearly seems people have different meanings to the word, then.
For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack. To me, it doesn't matter why or who is doing the steps.
In fact, I believe I have never before heard someone combine the meaning of the word to be related to the ownership of the device being hacked.
I suspect the number of people understanding the word in your way is a minority. Redefining terms doesn't help build mutual understanding: here we are taking a word some think has negative connotations and then remove the thing they think should be cool and ok, and then suggest that this is actually the real meaning of the word. Personally I don't think this is how words should be wielded.
> For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack.
This exploit is delivered through the charging cable to the wall box. These wall boxes are sometimes intentionally located in public spaces with the intent of allowing public charging, and Tesla has features specifically for that use case, so that cable is absolutely expected to be plugged in to untrusted vehicles.
Eh, that’s a bad generalization. defense in depth is a thing and there are many cases where you’d want to protect against attackers with physical access
This isn't designed to stop attackers with physical access. This is designed to stop casual tinkerers and shade tree mechanics.
You know what isn't vulnerable? A "dumb" offline charger. You know what doesn't make any money or turn the consumer into another product? A "dumb" offline charger.
If it were about physical security, the suggested fix would be to remove the communication from the port entirely.
Companies shouldn't get to make something simple and secure into something inherently insecure and then iterate security into it. Like drive by wire steering, or brakes. Nobody asked for these things and if you ask ANYONE who works on, builds, or actually enjoys cars the consensus is NOBODY wants it.
But there are enough sophomoric, pedestrian car owners out there who gawk at the senseless overdeployment of technology and think "this is so convinient" and don't see it as 1) regulatory barrier building and gatekeeping 2) enabling vendor lock in 3) overcoming right to repair legislation. So the knowledgeable and enthusiastic voices of reason who care about cars get drowned out by the hoard of pedestrian geeks who couldn't imagine operating a car without at least a 16 inch touchscreen.
In security, the best defense is not introducing a vulnerability at all. There is value in having less code. For example, if your PaaS doesn't collect user SSNs... then it can't lose SSNs in a breach.
The question here should not be "why is this not secure." The question should be "why does this even need to be secure in the first place?" We have a very simple task to do and we've complicated it so much we've introduced vulnerability that didn't exist previously.
I was commenting on the hasty generalization, not this specific case.
> If it were about physical security, the suggested fix would be to remove the communication from the port entirely.
You can’t charge without negotiating charging rates. Communication is a requirement. Every EV does this. Heck, every cell phone does this.
> Like drive by wire steering, or brakes. Nobody asked for these things and if you ask ANYONE who works on, builds, or actually enjoys cars the consensus is NOBODY wants it.
Every hybrid and EV for the past 20 years has brake by wire. That’s how regenerative braking works.
I had the foolish idea of installing a Tesla charger at home to charge my Bolt. I’ve been unable to ever use it.
The wall charger works fine with Teslas.
My car and adapter charge fine at Tesla superchargers.
But the home Tesla charger refuses to charge my Bolt.
(Yes I disabled vehicle restrictions and tried all sorts of combinations of settings for weeks before giving up. Tesla support was useless of course)
> I thought tesla even made a j1772 native wall connector.
At least a few years ago, they would openly recommend it for non-Teslas.
I thought NACS brought some changes to Level 1 and 2 that aren't backwards compatible with J1772? I know there's an oddball voltage in there so you can put a NACS charger on a lamppost where J1772 would require a transformer; but I didn't think there were protocol issues too.
J1772 is 120V or 208-240V. Those are by far the most common voltages in the US. (208 is what you get when you take a US 3 phase system and connect to two phases - this is somewhat common and most people don't know or care that their apartment is wired like that). I have seen other voltages at industrial sites, but I wouldn't expect that in a lamppost.
Publicly accessible piece of equipment that could have a pseudo-trusted connection to an internal network (since they're connected to the Tesla Cloud(tm)).
Picturing someone rolling up to a charger outside of a large office building, 'plugging in', exploiting the charger via the communications, then using the charger to pivot inwards.
Supposedly the newest update fixes that, but I haven’t taken the time to test that out.
But WiFi is shocking my fragile on these wall connectors, I’ve had a lot of trouble keeping it connected to my home network over the years.
It creates a wifi access point in your garage that you cannot turn off:
some people were able to downgrade their firmware to a version that didn't do that, but i guess this article shows telsa got rid of that ability.I would love to be able to hack any firmware to disable that.
I also read that a connected tesla car can force an over-the-air firmware update maybe through the charging cable or wifi, but I haven't verified that.
because it hasn't gone away after configuring the setup stuff (amps, etc)
In the UK, for example 10 million EVs all pulling 7kw would overwhelm the roughly 70GW potential of the grid. Even a million EVs charging at an inconvenient time could add a 7GW draw which is enough cause a problem.
Large ISP outages that affect millions of people are not uncommon on a decade by decade basis, and I suspect an uncomfortable number of UK EV chargers are in some way linked to eu-west-2.
[1] https://www.legislation.gov.uk/uksi/2021/1467/regulation/7/m...
When we moved to a new house, we bought a Tesla wall charger, and it indeed charges at higher amps, but I don't know if the extra speed has necessarily been worth it since we primarily charge the car overnight.
An owner voluntarily downgrading firmware to gain control of your hardware IS NOT A HACK.
And if an adversary is doing this, then they have already breached yoir physical security.
For example, if I am able to gain root access to a WiFi access point I own, even though the vendor has tried to prevent it, then yes, I would call it a hack. To me, it doesn't matter why or who is doing the steps.
In fact, I believe I have never before heard someone combine the meaning of the word to be related to the ownership of the device being hacked.
I suspect the number of people understanding the word in your way is a minority. Redefining terms doesn't help build mutual understanding: here we are taking a word some think has negative connotations and then remove the thing they think should be cool and ok, and then suggest that this is actually the real meaning of the word. Personally I don't think this is how words should be wielded.
Yep. The owner of the device can sue you.
You know what isn't vulnerable? A "dumb" offline charger. You know what doesn't make any money or turn the consumer into another product? A "dumb" offline charger.
If it were about physical security, the suggested fix would be to remove the communication from the port entirely.
Companies shouldn't get to make something simple and secure into something inherently insecure and then iterate security into it. Like drive by wire steering, or brakes. Nobody asked for these things and if you ask ANYONE who works on, builds, or actually enjoys cars the consensus is NOBODY wants it.
But there are enough sophomoric, pedestrian car owners out there who gawk at the senseless overdeployment of technology and think "this is so convinient" and don't see it as 1) regulatory barrier building and gatekeeping 2) enabling vendor lock in 3) overcoming right to repair legislation. So the knowledgeable and enthusiastic voices of reason who care about cars get drowned out by the hoard of pedestrian geeks who couldn't imagine operating a car without at least a 16 inch touchscreen.
In security, the best defense is not introducing a vulnerability at all. There is value in having less code. For example, if your PaaS doesn't collect user SSNs... then it can't lose SSNs in a breach.
The question here should not be "why is this not secure." The question should be "why does this even need to be secure in the first place?" We have a very simple task to do and we've complicated it so much we've introduced vulnerability that didn't exist previously.
> If it were about physical security, the suggested fix would be to remove the communication from the port entirely.
You can’t charge without negotiating charging rates. Communication is a requirement. Every EV does this. Heck, every cell phone does this.
> Like drive by wire steering, or brakes. Nobody asked for these things and if you ask ANYONE who works on, builds, or actually enjoys cars the consensus is NOBODY wants it.
Every hybrid and EV for the past 20 years has brake by wire. That’s how regenerative braking works.
Or just for the spirit of actually owning the shit you pay for.
I thought tesla even made a j1772 native wall connector.
I had the foolish idea of installing a Tesla charger at home to charge my Bolt. I’ve been unable to ever use it.
The wall charger works fine with Teslas. My car and adapter charge fine at Tesla superchargers.
But the home Tesla charger refuses to charge my Bolt. (Yes I disabled vehicle restrictions and tried all sorts of combinations of settings for weeks before giving up. Tesla support was useless of course)
Restriction or bug, same difference.
I guess I could see why you might want to restrict who can use your charger, but I really prefer the "dumb as bricks" version I currently have.
At least a few years ago, they would openly recommend it for non-Teslas.
I thought NACS brought some changes to Level 1 and 2 that aren't backwards compatible with J1772? I know there's an oddball voltage in there so you can put a NACS charger on a lamppost where J1772 would require a transformer; but I didn't think there were protocol issues too.
You also never know when there could be another update and your region becomes one of those that has these restrictions.
Picturing someone rolling up to a charger outside of a large office building, 'plugging in', exploiting the charger via the communications, then using the charger to pivot inwards.