Last year, hackers competed to exploit the connected parts of a Tesla Model S to win $10,000. Researchers from Chinese security, search and app store giant Qihoo 360 won. But that competition was not exactly Tesla-approved.
Later this year, however, at the Defcon convention in Las Vegas, Tesla plans to open one of Elon Musk’s sleek electric cars to the hacker attendees, allowing them to tinker with the connected parts of the vehicle, according to sources close to Tesla's security team, who wished to remain anonymous. The benefits for Tesla will be twofold: they will be made aware of any bugs in the vehicle and of any hackers who are worth hiring. At Defcon last year, Tesla scouts were on the prowl, finding plenty of talent whilst meandering the halls of the Rio Hotel & Casino.
After publication, having first said it had no comment, Tesla claimed it was not going to have a Model S open for testing, going against the claims of the sources, who are very close to the firm's security operations. "We do plan to have a presence at the conference (and Model S will be on display) as part of our recruiting efforts. Members of Tesla's security look forward to attending to talk about the security of our cars the work the team does," a Tesla spokesperson said. There will be a "car hacking village" at Defcon, FORBES understands, and Tesla will have a booth there, even though it's claiming there won't be any kit ready for people to test. (N.B. I am 100 per cent confident in the validity of my sources' comments).
There will be a good deal of focus on digital security in cars at Defcon and BlackHat 2015, another conference that takes place days earlier in Las Vegas. Perennial automotive mischief-makers (and helpful hackers) Chris Valasek and Charlie Miller have promised to show off a car hack, which will remotely exploit the Control Area Network (CAN) of an automobile - something that’s only been done a handful of times in recent memory.
The blurb for their talk reads: “Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle.
“Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.”
Though Valasek declined to offer more on what was going to be revealed at the talk, the following tweets hint at what vehicle will be targeted and just what the pair will achieve through their attacks:
No wires. No mods. Straight of the showroom floor. @0xcharlie and I will show you how to hack a car for remote control @_defcon_!
— Chris Valasek (@nudehaberdasher) April 18, 2015
I'm pretty psyched to be accepted to speak with @nudehaberdasher about remote car exploitation this year at @_defcon_ #HackTheJeep
— Charlie Miller (@0xcharlie) April 18, 2015
With a range of open source car hacking tools, from CANard to CANCat, hitting the web in recent months, and scores of researchers trying to expose flaws in vehicles, the security of modern cars is under intense scrutiny. That’s why groups like I Am The Cavalry have emerged, pressuring lawmakers and manufacturers to spur on the betterment of cars’ protections from malicious hackers before something cataclysmic happens.
Some on Capitol Hill are listening, including Senator Markey, who, after requesting more information from manufacturers on their security efforts, claimed many were failing to protect drivers adequately and were leaking private data too.
A handful of car makers have responded too. The likes of Tesla, BMW and GM, which is currently on a recruiting drive, with jobs such as vehicle cybersecurity testing engineer on offer, have set up initiatives to push for better security. But many continue to ignore the problem, hence hacker calls for safer practices.
Article updated to add Tesla comment and note that sources did not suggest all bits of the car will be open to hackers, just the connected parts.
