As a Tesla owner, I think this is great, because as an Engineer, I fully expect that Tesla was get owned (literally) here. I have no problem with that - I want people trying to break the security, and I want Tesla to pay them, and to improve it.
The reality is that a Tesla is mostly really good software, really good engine, and really good battery, surrounded by a reasonable (but not excellent) rest of the car. That's more then worth it to me, and the Tesla Stretch is real, because the car is incredibly compelling. I would argue that the value is just as much a outcome of the software, and it needs to be hardened.
I agree. It is very clear that Tesla puts more effort into the software, electric motors, and battery tech compared to the "rest of the car".
While there are some fine details (like the suspension) that others pointed out, the body panel gaps and the unusual service experience leave a lot to be desired for some people. Now whether these issues go unaddressed due to Tesla not having the proper resources or due to a conflict in priorities, either reason makes you wonder why Tesla is choosing to do it this way...
From what I've read about Tesla's software this could be a bold move.
Between the infotainment system, onboard Linux computer, autopilot, self-driving hardware, OTA updates, mobile apps, and the amount they phone home, Tesla are probably doing some of the most advanced computing in any consumer car (some deconstructions have suggested they are miles ahead here, pardon the pun).
This is great, but it all comes with additional surface area for attacks, and software engineers have spoken out about the fast paced shipping that happens at Tesla and the corners that are cut as a result.
There was a previous discussion [1] around a former Tesla employee discussing some of the "wtf" aspects of the software on Tesla vehicles. I'm willing to bet that some critical flaws will be found, as "fast development" and "secure development" are hard to get together, and it's safe to assume that Tesla ticks the "fast development" checkbox.
If the OTA updates are compromised or some other remote vulnerability is found I'd consider that a major flaw. However, some of the Tesla "hacks" I've seen show up in the past involve plugging a laptop into the inside of the car. If you've got physical access to the inside of ANY car you can do some serious damage. Doesn't take a "l33t hax0r" to cut some brake lines or undo an oil pan plug.
OTA is great but my experience with my TM3 is clouded by one issue, I want blue tooth audio support to be enhanced so I do not have to use my phone to select tracks, playlists, artists, and such. Instead what was the big update of near the holiday season, fart humor, holiday fireplace like a screen saver, and the old Atari pole position game.
Seriously? Yeah I know they also updated auto pilot, put in a new animation for setting vents, and such, but I really don't need the easter eggs when there are so many programmable features this car should already have and audio support including the mentioned blue tooth support is all easily a decade behind what other cars have. hell our energy meter is a joke, it won't break out power used to move from that to maintain the pack, doesn't want to count when I am not moving, and blends in the HVAC. Auto hi beams that are spastic and auto wipers that are just, well odd.
Sorry for the ramble but the security stunt is one thing but non essential crap like easter eggs is just more things to break or be exploited. bring the cars customer facing electronics up to date before farting around more.
love my car, have serious doubts about their priorities.
On the plus side, Tesla seems to be aware of those risks, and also has a cyber security team that is miles ahead of other automakers. For example, there are no master passwords that service personnel can use, instead they use public key cryptography which generates a rotating password. Most Tesla "hacks" have required physical access as a result (i.e. pulling out the screen and finding an Ethernet jack), although a few researchers have managed remote attacks.
They've already been through rounds of attacks and fixes. They've paid people and publically discussed the vulunerabilities that were discovered. They have separate computing systems for the ui (which must have endless attack surfaces since it's an old webkit browser, please find a lot of problems so they will update it) and the drivetrain. If you don't have a tesla it's very interesting how it works. The ui system can be rebooted while the car is on and driving, it's completely separate.
One of the interesting things I've read about Tesla's OTA updates, is that for common sense "holy shit that was not supposed to happen" type reasons, they push updates to discrete batches of cars at a time, wait to make sure that owners are not reporting weirdness at a rate any higher than the normal background noise, probably do some analysis on the self-reported telemetry, and then proceed with pushing updates to additional VIN numbers.
It's definitely not a "push to all cars" type thing.
Even beyond all that, I assume what will be missing from this contest is someone hacking Tesla's servers to send malicious updates to the cars.
I don't think something like this would be allowed in the contest, which is a shame, because it's probably what most of those who want to "hack Teslas" in the real world will attempt to do.
The infotainment system, "autopilot" (or rather, driving assistant systems), OTA ability for all software, and apps in most recent high-end cars are actually very similar in scope to what Tesla provides, just very differently constructed (with a much larger focus on security in competing cars).
The interesting part is Tesla shipping this in the 45'000$ Model 3 while competitors at the moment are only shipping this in much more expensive models.
This will be interesting. A Jeep Cherokee was hacked a couple years ago. The results are pretty bad. It cost Chrysler a lot of money in recalls to fix the issue.[1]
There is a big difference between Chrystler (or any other car manufacturer) and Tesla in terms if impact.
Tesla's are designed to receive software updates on a regular basis using a cellular connection, whereas with every other car brand you'll need to bring the car to a certified dealership to have a mechanic (!= computer engineer) install the new firmware.
So: a nasty bug in a 'regular' car means the manufacturer must consider a recall of all affected cars, where Tesla will simply push an update to all cars in the field. This also means that Tesla can run the update before the vuln is disclosed.
Musk said he regards Tesla as a software company, their software just so happens to have a car attached to it. I highly doubt other car manufacturers see it that way, they probably see the software development as an expense.
Regardless, how good/bad Tesla software will fair with the security contest, this is the best possible way to improve product security within a short amount of time, just like the cat-and-mouse game Apple play with the Jailbreaking community.
> Entries against “Key Fobs or Phone-as-Key” target must achieve code execution, arbitrary vehicle unlock, or arbitrary vehicle start using protocol-related weaknesses. Entries related to Key Fob relay or “rolljam” attacks are not allowed
Does that mean that they think that such attacks are too easy? If they use rolling codes, will they classify any attack with jamming as "rolljam"? If they don't, why specify this?
If my understanding of the pwn2own event is correct, it's not a CTF event and the exploits are typically developed in advance, and then demonstrated during the event? If there are 2 or more exploits which all work reliably, who is determined to be the "winner"?
> If more than one contestant registers for a given category, the order of the contestants will be drawn at random. Based on the contestant order, the first contestant will be given an opportunity to attempt to compromise the selected target. If unsuccessful, the next randomly drawn contestant will be given an opportunity. This will continue until a contestant successfully compromises the target. The first contestant to successfully compromise a selected target will win the prize money for that target in that category. After a target has been compromised, the contest for that category is over and no other contestants will participate in the contest for that category (unless Sponsor has offered an additional winner option, which would be announced at the conference if applicable).
This is some seriously good marketing. Tesla is in a unique position to offer their car up as a prize and target. Other manufacturers could do this but because it is hard to update their firmware they don't do it.
What prize do you get for pwning it sufficiently to make it drive off on its own? Sounds like that would be the ultimate hacking competition: you get the car if you make it drive to your own home.
Undergrads at various universities regularly pwn vehicle systems and write reports about it for academic credit. The M3 has a lot more surface area than the typical car most people are hacking. My prediction is that the M3 is gonna get chewed up and spit out. This isn't a "will it get pwned" competition it's a "who will pwn it best/fastest" competition.
edit: there is nothing stopping someone from leasing a tesla, finding an exploit and shooting it within the first 10 seconds, no? In general, how does this work at pwn2own?
> And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends
If you've successfully hacked a car and shared your method would you then get in said car and drive it away? I'd like a patch or at least a factory reset first....
Whoever pwns the Telsa probably doesn't even live in Vancouver, so no, they're not going to drive off in the target vehicle. Telsa would have to arrange to provide one where they live, and yeah, I think it's safe to say that one would already be patched!
[+] [-] InTheArena|7 years ago|reply
The reality is that a Tesla is mostly really good software, really good engine, and really good battery, surrounded by a reasonable (but not excellent) rest of the car. That's more then worth it to me, and the Tesla Stretch is real, because the car is incredibly compelling. I would argue that the value is just as much a outcome of the software, and it needs to be hardened.
[+] [-] kenward|7 years ago|reply
While there are some fine details (like the suspension) that others pointed out, the body panel gaps and the unusual service experience leave a lot to be desired for some people. Now whether these issues go unaddressed due to Tesla not having the proper resources or due to a conflict in priorities, either reason makes you wonder why Tesla is choosing to do it this way...
[+] [-] SEJeff|7 years ago|reply
Disclaimer: Model 3 owner
[+] [-] vvanders|7 years ago|reply
Much different than Fiat/Jeep when they got owned via media console a ways back.
[+] [-] rofo1|7 years ago|reply
To say that I was surprised at some things doesn't even begin to do justice.
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] thejrk_|7 years ago|reply
[+] [-] danpalmer|7 years ago|reply
Between the infotainment system, onboard Linux computer, autopilot, self-driving hardware, OTA updates, mobile apps, and the amount they phone home, Tesla are probably doing some of the most advanced computing in any consumer car (some deconstructions have suggested they are miles ahead here, pardon the pun).
This is great, but it all comes with additional surface area for attacks, and software engineers have spoken out about the fast paced shipping that happens at Tesla and the corners that are cut as a result.
[+] [-] mikejb|7 years ago|reply
[1] https://news.ycombinator.com/item?id=17835760
[+] [-] cmiller1|7 years ago|reply
[+] [-] Shivetya|7 years ago|reply
OTA is great but my experience with my TM3 is clouded by one issue, I want blue tooth audio support to be enhanced so I do not have to use my phone to select tracks, playlists, artists, and such. Instead what was the big update of near the holiday season, fart humor, holiday fireplace like a screen saver, and the old Atari pole position game.
Seriously? Yeah I know they also updated auto pilot, put in a new animation for setting vents, and such, but I really don't need the easter eggs when there are so many programmable features this car should already have and audio support including the mentioned blue tooth support is all easily a decade behind what other cars have. hell our energy meter is a joke, it won't break out power used to move from that to maintain the pack, doesn't want to count when I am not moving, and blends in the HVAC. Auto hi beams that are spastic and auto wipers that are just, well odd.
Sorry for the ramble but the security stunt is one thing but non essential crap like easter eggs is just more things to break or be exploited. bring the cars customer facing electronics up to date before farting around more.
love my car, have serious doubts about their priorities.
[+] [-] HALtheWise|7 years ago|reply
[+] [-] astrodust|7 years ago|reply
[+] [-] Latteland|7 years ago|reply
[+] [-] walrus01|7 years ago|reply
It's definitely not a "push to all cars" type thing.
[+] [-] mtgx|7 years ago|reply
I don't think something like this would be allowed in the contest, which is a shame, because it's probably what most of those who want to "hack Teslas" in the real world will attempt to do.
[+] [-] kuschku|7 years ago|reply
The interesting part is Tesla shipping this in the 45'000$ Model 3 while competitors at the moment are only shipping this in much more expensive models.
[+] [-] NicoJuicy|7 years ago|reply
That's what i would do in Tesla's case, just to make sure that a lot is fixed. ( if it's possible ofc.)
[+] [-] dwighttk|7 years ago|reply
[+] [-] wil421|7 years ago|reply
[1]https://www.wired.com/2016/08/jeep-hackers-return-high-speed...
[+] [-] LeonM|7 years ago|reply
Tesla's are designed to receive software updates on a regular basis using a cellular connection, whereas with every other car brand you'll need to bring the car to a certified dealership to have a mechanic (!= computer engineer) install the new firmware.
So: a nasty bug in a 'regular' car means the manufacturer must consider a recall of all affected cars, where Tesla will simply push an update to all cars in the field. This also means that Tesla can run the update before the vuln is disclosed.
Musk said he regards Tesla as a software company, their software just so happens to have a car attached to it. I highly doubt other car manufacturers see it that way, they probably see the software development as an expense.
[+] [-] joezydeco|7 years ago|reply
[+] [-] devy|7 years ago|reply
[+] [-] anonymfus|7 years ago|reply
That cat-and-mouse game discourages people from reporting vulnerabilities. Why you think that it improves security?
[+] [-] anonymfus|7 years ago|reply
Does that mean that they think that such attacks are too easy? If they use rolling codes, will they classify any attack with jamming as "rolljam"? If they don't, why specify this?
[+] [-] glitchc|7 years ago|reply
https://ches.iacr.org/2018/slides/ches2018-rump-talk14-slide...
[+] [-] auiya|7 years ago|reply
[+] [-] anotheryou|7 years ago|reply
via https://www.zerodayinitiative.com/blog/2019/1/14/pwn2own-van...
[+] [-] jaybosamiya|7 years ago|reply
> If more than one contestant registers for a given category, the order of the contestants will be drawn at random. Based on the contestant order, the first contestant will be given an opportunity to attempt to compromise the selected target. If unsuccessful, the next randomly drawn contestant will be given an opportunity. This will continue until a contestant successfully compromises the target. The first contestant to successfully compromise a selected target will win the prize money for that target in that category. After a target has been compromised, the contest for that category is over and no other contestants will participate in the contest for that category (unless Sponsor has offered an additional winner option, which would be announced at the conference if applicable).
[+] [-] tachang|7 years ago|reply
[+] [-] mcv|7 years ago|reply
[+] [-] imeron|7 years ago|reply
[+] [-] amelius|7 years ago|reply
I don't think that would be a very good premise for a contest. For example, what if it crashes into another car?
[+] [-] dsfyu404ed|7 years ago|reply
[+] [-] amelius|7 years ago|reply
[+] [-] darkhorn|7 years ago|reply
[+] [-] r00fus|7 years ago|reply
And it's relatively cheap for Tesla to pay out to get these vulnerabilities found and addressed.
[+] [-] anotheryou|7 years ago|reply
edit: there is nothing stopping someone from leasing a tesla, finding an exploit and shooting it within the first 10 seconds, no? In general, how does this work at pwn2own?
[+] [-] virtualmemory|7 years ago|reply
[+] [-] swarnie_|7 years ago|reply
If you've successfully hacked a car and shared your method would you then get in said car and drive it away? I'd like a patch or at least a factory reset first....
[+] [-] Canada|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] foothrow0987|7 years ago|reply
[deleted]
[+] [-] bunkydoo|7 years ago|reply
[deleted]
[+] [-] rhexs|7 years ago|reply
Guessing just already-successful firms / personalities that want to win Tesla pen-testing contracts in the future?
Or has Tesla released binary blobs of their firmware systems online?
[+] [-] superobserver|7 years ago|reply