Wednesday, September 21, 2016

Something is fishy about Tesla

PC World: Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world—among other things, it has a bug bounty program. But that doesn’t mean the software in its cars is free of security flaws.
Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the braking system. 
In what way did the car bot take instructions from the web?   There is only one possibility, the car owner pulled out his smart card and gave the car permission to accept a web call.  Otherwise, the web should be mechanically cut off from the bot.

So, the answer is, Musk and Tesla are deliberately ignorant about security because they have some commercial advantage to constant contact with the car.  The  Smart Bot will not initiate or accept transactions without some contract with its owner.

What is my proof?  I can sit in my 1970 Pontiac forever, listening to music on my lap top.  No one will ever make that Pontiac brake.  
Software should be able to duplicate the concept of 'not connected', after all the same geeks emulated the manila folder.  Not responding seems a bit easier. Cell phone companies have learned about not connected, they make it easy to shut off the phone.

No comments: