By William Knowles @c4i
July 14, 2014
At the 2014 SyScan 360 Conference, being held July 16th and 17th 2014 at the Beijing Marriott Hotel Northeast in Beijing China. Security professionals and hackers paying $319 to attend the conference will have the opportunity to win $10,000 if they can compromise the security of the Tesla Model S.
While the official rules haven’t been released, one could surmise that this will involve remotely gaining control of the vehicle’s controls or physically via the 17-inch touchscreen in the Tesla.
Back in March 2014, Nitesh Dhanjani detailed a cursory evaluation of the Tesla Model S, pointing out threats such as Tesla’s six character password can lead to the Model S being remotely located and unlocked via social engineering, email account compromises, brute-force attacks, malware attacks, phishing attacks, and password leaks.
Tesla REST API Implicitly Encourages Credential Sharing with Untrusted Third Parties. “The Tesla iOS App uses a REST API to communicate and send commands to the car. Tesla has not intended for this API to be directly invoked by 3rd parties. However, 3rd party apps have already started to leverage the Tesla REST API to build applications.”
The Tesla for Glass application lets users monitor and control their Teslas using Google Glass.
While Tesla has confirmed that it is not officially involved in the SyScan contest, it has taken security very seriously, hiring former Apple security expert Kristin Paget to be the “Hacker Princess at Tesla Motors,” creating a Security Vulnerability Reporting Policy, and a Tesla Security Researcher Hall of Fame.
Investors in Telsa shares don’t seem concerned with the contest, TSLA closed at $226.70 a share, up 3.93% from Friday’s close.