Security Questions - BLE API

[alastair1616]

I just had a couple of questions related to security for the BLE API. Firstly, just want to say really appreciate the very fast workaround for the Tesla API limits.

Due to the required proximity to the car, I have had to deploy the BLE API on a separate device to my main server, and because of this I am conscious that unlike my server the Raspberry Pi I have is not encrypted at rest, and is accessible over the local network. In relation to this I wanted to understand the following.

1. What data is stored on the BLE API container itself? E.g. if someone stole this device, what would they have?
2. What is transmitted over the network to this container?
3. I can see it appears to communicate over HTTP, does this mean it's transmitting this data unencrypted or is there some underlying encryption to it?
4. Is the HTTP API authenticated in some way, or can anything send commands to it?

I'm just considering whether I should be encrypting at least the docker volumes on the device, and implementing some firewall rules around access to the HTTP API.

Really appreciate the help, and all your effort on this.

[pkuehnel]

Basically, the BLE API wraps Teslas control CLI Tesla Control CLI README

1. The private key for Teslas Control CLI is stored on the device, if you have installed the BLE container before TSC release 2.28.32 the private key is capable of everything Teslas Control CLI can do (including unlocking the car and as far as I know, also starting the car). If you created a key after the TSC release above (Note: Update date of BLE container is relevant here) the private key is only capable of commands within the charging_manager role (Support adding keys with different roles teslamotors/vehicle-command#230). This means the private key can only be used to start/stop charging and change the current. If you are not sure when you paired the car, just remove the key from your car (like you would remove a normal phone key or key card) and repair the car with the latest version of the BLE API container.
2. TSC sends the commands to the container, so simple Post Requests to start/stop charging and change the current. You can see a full documentation of the API if you go to http://<yourBleApiIP>:7210/swagger.
3. It is completely unencrypted but does not contain sensitive data, just simple Post requests to change the current or start/stop charging. Note: each call contains your VIN but a VIN is no sensitive data, as you can read it from your windshield as well.
4. No, everyone can send everything.

To wrap it all up: If you repair your car with the latest BLE API Version, the worst thing that can happen is, that someone can change your car's charging current and start/stop charging.

[alastair1616]

Thanks very much for the detailed response, really appreciate it. That does mitigate a lot of the risk if it's only a key for the charging_manager role on the device.