how would it even be possible that a single individual could compromise a company infrustructure as critical as tesla’s like just on his own? i bet they have some system in place that would prevent any of that from happening (peer reviews network access and changes, zero trust security design etc) - perhaps that could have avoidee also the recent solarwinds saga
It actually seems simpler for one person to do it than many. One person is much more difficult to notice and they would not inherit the sloppiness of everyone they would otherwise be working with. It really isn’t complicated. All they have to do is find one way in. This could be anything from throwing evil usb drives in the parking lot to mailing a free keyboard with a hardware-based keylogger. Also people that bring their phones to work could be carrying around something really old that can be compromised immediately on a WiFi network and then tries to worm anything in range of Bluetooth thereafter. Chain is only as strong as its weakest link and if a skilled motivated person is out to get you it’s a matter of time before they do.
There were some ex Tesla people posting online about how things ran in the beginning and possibly still are like that. For example Tesla rolling out updates same day that bricked cars then having to undo this via remote ssh access that they have/had to all cars.
I would hope they have good security but with all the stuff you hear from the factory floors about missing safety protocols and people getting hurt. I would not be surprised that the same kind of stuff goes on in the software department when it comes to practices and security.
It's pretty easy to hide some questionable code or a questionable new dependency in a decent size PR, and even in a small PR if you're clever. You're likely to get caught eventually since your name will be attached to the PR, but especially if you use some kind of latent trigger, it's very unlikely it will get noticed beforehand.
[+] [-] hankchinaski|5 years ago|reply
[+] [-] suifbwish|5 years ago|reply
[+] [-] sschueller|5 years ago|reply
I would hope they have good security but with all the stuff you hear from the factory floors about missing safety protocols and people getting hurt. I would not be surprised that the same kind of stuff goes on in the software department when it comes to practices and security.
[+] [-] aeternum|5 years ago|reply