A hacking contest to showcase products with the worst security vulnerabilities wants you to worry about Tesla safety.
[Attacks taking less than two minutes] involved executing what is known as a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla’s Gateway energy management system. They showed how they could then — among other things — open the front trunk or door of a Tesla Model 3 while the car was in motion.
There’s something sadly ironic about so many Tesla owners tragically burned to death because the doors won’t open, yet this big exploit news is how doors can be opened too easily. Tesla has engineered the worst possible mechanism, unsafe when it works and unsafe when it doesn’t work.
And now for the scare quote:
“The biggest vulnerability demonstrated this year was definitely the Tesla exploit,” says Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative (ZDI), which organizes the annual contest. “They went from what’s essentially an external component, the Bluetooth chipset, to systems deep within the vehicle.”
Attackers used the “infotainment” bloat to compromise safety. Yet another reason that Luxury EV are all knobs and buttons, or just more evidence Tesla is below basic engineering standards? A giant TV on the dashboard is basically the white tube socks of automotive design.
…break into Tesla’s infotainment system and, from there, gain root access to other subsystems…
From external to deep root? Not good. Not even remotely safe. Pun intended, of course.
This is exactly what is never supposed to happen with a car on public roads, let alone any security engineering. Next you’ll tell me the Tesla lock design doesn’t even work…