'... Anything can be hacked, it just takes time ...'
http://www.forbes.com/sites/thomasbrewster/2015/04/28/tesla-opening-car-to-hackers/ Tesla Plans To Open Car Doors To All Hackers This Summer Thomas Fox-Brewster 4/28/2015 [image http://specials-images.forbesimg.com/imageserve/470408048/640x0.jpg?fit=scale A Tesla Model S P85d car is displayed at the 16th Shanghai International Automobile Industry Exhibition in Shanghai on April 20, 2015. Photo credit to JOHANNES EISELE/AFP/Getty Images) tweets https://twitter.com/nudehaberdasher/status/589407564380643329 Chris Valasek @nudehaberdasher No wires. No mods. Straight of the showroom floor. @0xcharlie and I will show you how to hack a car for remote control @_defcon_! 5:38 AM - 18 Apr 2015 https://twitter.com/0xcharlie/status/589404759360045056 Charlie Miller @0xcharlie I'm pretty psyched to be accepted to speak with @nudehaberdasher about remote car exploitation this year at @_defcon_ #HackTheJeep 5:26 AM - 18 Apr 2015 ] Last year, hackers competed to exploit the connected parts of a Tesla Model S to win $10,000 [ http://www.forbes.com/sites/thomasbrewster/2014/07/09/10000-is-on-offer-for-anyone-who-can-hack-a-tesla-car/ ]. Researchers from Chinese security, search and app store giant Qihoo 360 won. But that competition was not exactly Tesla-approved. Later this year, however, at the Defcon convention in Las Vegas, Tesla plans to open one of Elon Musk’s sleek electric cars to the hacker attendees, allowing them to tinker with any piece of the vehicle they like, according to sources, who wished to remain anonymous. The benefits for Tesla will be twofold: they will be made aware of any bugs in the vehicle and of any hackers who are worth hiring. At Defcon last year, Tesla scouts were on the prowl, finding plenty of talent whilst meandering the halls of the Rio Hotel & Casino. Tesla said it had no comment, so it remains unknown what stage the plans were at or what model would be up for testing. There will be a good deal of focus on digital security in cars at Defcon and BlackHat 2015, another conference that takes place days earlier in Las Vegas. Perennial automotive mischief-makers (and helpful hackers) Chris Valasek and Charlie Miller have promised to show off a car hack, which will remotely exploit the Control Area Network (CAN) of an automobile – something that’s only been done a handful of times in recent memory. The blurb for their talk reads: “Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. “Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.” Though Valasek declined to offer more on what was going to be revealed at the talk, the following tweets hint at what vehicle will be targeted and just what the pair will achieve through their attacks: With a range of open source car hacking tools, from CANard to CANCat, hitting the web in recent months, and scores of researchers trying to expose flaws in vehicles, the security of modern cars is under intense scrutiny. That’s why groups like I Am The Cavalry have emerged, pressuring lawmakers and manufacturers to spur on the betterment of cars’ protections from malicious hackers before something cataclysmic happens. Some on Capitol Hill are listening, including Senator Markey, who, after requesting more information from manufacturers on their security efforts, claimed many were failing to protect drivers adequately and were leaking private data too. A handful of car makers have responded too. The likes of Tesla, BMW and GM, which is currently on a recruiting drive, with jobs such as vehicle cybersecurity testing engineer on offer, have set up initiatives to drive better security. But many continue to ignore the problem, hence the hacker drive to push them towards safer practices. [© forbes.com] ... https://www.defcon.org/ Defcon convention in Las Vegas, NV DEF CON 23! Want Details on the next show? Here's the skinny so far: When: August 6-9, 2015 Where: Paris/Bally's, Las Vegas How much?: $230 USD Pre reg?: No, cash only at the door. https://www.defcon.org/html/defcon-23/dc-23-index.html DEF CON 23 website https://resweb.passkey.com/go/SBDEF5 DEF CON 23 Room Res Link http://boingboing.net/2015/04/28/tesla-to-open-the-electric-car.html Tesla to open the electric car doors to hackers at Defcon 2015 By Xeni Jardin Apr 28, 2015 ht2 RC Photo: teslamotors.com At the Defcon convention in Las Vegas this summer, one of Elon Musk’s Tesla electric cars will be made available to hacker attendees, so they can tinker with any piece of the vehicle they like. “The benefits for Tesla will be twofold: they will be made aware of any bugs in the vehicle and of any hackers who are worth hiring,” writes Thomas Fox-Brewster at Forbes. “At Defcon last year, Tesla scouts were on the prowl, finding plenty of talent whilst meandering the halls of the Rio Hotel & Casino.” Here's the talk summary. Tesla won't comment on it, and no Tesla people are listed as being officially part of the talk. But it does appear that Tesla is loaning one of their vehicles, and Forbes reports that a source close to the planning who asked for anonymity says they're involved. Makes sense. Remote Exploitation of an Unaltered Passenger Vehicle Charlie Miller Security engineer at Twitter Chris Valasek Director of Vehicle Security Research at IOActive Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks. Charlie Miller is a security engineer at Twitter, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated". Twitter: @0xcharlie Christopher Valasek is the Director of Vehicle Security Research at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh. Twitter: @nudehaberdasher [© boingboing.net] http://www.itpro.co.uk/security/24520/hacking-planes-trains-and-automobiles Hacking planes, trains and automobiles ... [dated] http://www.geek.com/apps/tesla-responded-to-defcon-model-s-hacks-with-job-offers-1602647/ Tesla responded to DefCon Model S hacks with job offers - Geek.com Aug 22, 2014 ... When you are the manufacturer of the most connected car in existence, you'd be foolish not to invite the seedy underbelly of the tech world to ... ... http://www.reddit.com/r/teslamotors/comments/2czsjc/my_friend_just_posted_this_from_defcon/ My friend just posted this from DEFCON : teslamotors - Reddit Aug 8, 2014 ... Tesla Motors, Inc. (Tesla) designs, develops, manufactures and sells .... https:// www.defcon.org ... Anything can be hacked, it just takes time. For EVLN posts use: http://evdl.org/evln/ {brucedp.150m.com} -- View this message in context: http://electric-vehicle-discussion-list.413529.n4.nabble.com/EVent-Tesla-Plans-To-Open-EV-Doors-To-All-Hackers-8-6-9-Las-Vegas-NV-tp4675235.html Sent from the Electric Vehicle Discussion List mailing list archive at Nabble.com. _______________________________________________ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
