The Tesla doesn’t have a conventional OBDII port (onboard diagnostics) as such. There’s a connector, but it’s just provided with +12V/ground in order to power things like insurance telematics dongles.
Instead, there’s the Tesla diagnostics connector (X427) which is where things get a bit weird. That connector has access to all five CANbuses on the vehicle. Now, as conventional OBDII modules don’t work, the inquisitive among us will often connect an ELM327 Bluetooth module to analyse the traffic and read CAN messages. HOWEVER, all the ELM327 modules we’ve looked at have a static, unchangeable Bluetooth PIN of 1234. We fuzzed the CAN hard, essentially replicating existing messages but with random length and content. What happened?
Very quickly we got a LOT of error messages, culminating in the front, then rear motors going offline and then lost all power.
Source: Pentestpartners.com
