Tesla, Elon Musk’s high-end, Mission Impossible-ready electronic vehicle, is reportedly opening the car door, as it were, to probing by hackers.
At Defcon in Las Vegas in August, attendees will be able to mount attacks on any part of the Tesla Model S vehicle they would like to try to compromise. And given its eminently connected status, there’s a lot of ground to cover. Sources in the company told Forbes that the effort is part of an effort to identify bugs as well as make known cyber-talent that the company may want to put in the driver’s seat.
Officially, such a hackathon is not gearing up. “We do plan to have a presence at the conference (and Model S will be on display) as part of our recruiting efforts,” a spokesperson told the magazine. “Members of Tesla’s security look forward to attending to talk about the security of our cars and the work the team does.”
But unofficially, unnamed sources in the firm’s security operations confirmed the hacking plans.
Connected car security is increasingly in the spotlight, with proto-hacks demonstrating everything from radio takeovers to navigation systems' hijacking. To address this growing but still somewhat little understood area of cybersecurity, a volunteer association known as "I Am the Cavalry" launched last fall, and Sen. Ed Markey (D-Mass.) has put out a disturbing report on the state of cybersecurity for automobiles.
And Tesla on offer or not, white hats Chris Valasek and Charlie Miller are planning to show off a remote exploit for the Control Area Network (CAN) of an automobile, according to the conference program.
“Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best,” the blurb said. “The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle.
“Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.”