I follow car hacking pretty closely, having had a car PC in my automobile for a number of years and seeing the fascinating research that Charlie Miller and Chris Valasek presented at Defcon. I also enjoyed the research Alberto Garcia Illera & Javier Vasquez Vidal did on the subject. (If you missed their fascinating talk, here it is.)
Computers in cars continue to be a hot topic, with the inexpensive DIY car hacking to be revealed at BlackHat Asia.
With recent mumblings hinting at remote kill switches in forthcoming European car models, voluntary self spying from insurance companies, rumors of law enforcement dumping ODB2 records at accident sites, the threat landscape for car hacking is looking pretty bleak.
And so, when the news hit the “twitterverse” that Tesla Motors just hired Kristin Paget to assist them with security, I was quite pleased.
Tesla Motors looks to pioneer both the use of electricity to power their vehicles and the security of their products.
I distinctly remember looking at some interior pictures of their flagship, the Tesla Model “S” with that monstrous iPad like touch screen dash, seen here accessing the internet, and wondering: “What operating system runs on that? Whoa, this thing has internet access? What if there are vulnerabilities in their browser?”
Tesla "S" ginormous touch screen. Screen capture courtesy of Telsa's website.
With the recent push to integrate technology, from the Microsoft based Ford Sync, the Apple on-board initiative with iOS7, all the way to the Google initiated "Open Automotive Alliance", the rush to deliver a connected experience to the automotive market is threatening to deliver a feature rich and security poor environment for everyone.
It is refreshing to see a company like Tesla address the potential security risks so early in the game, where the general sentiment coming from the security industry is that we won’t have proper security in place until after some catastrophic event occurs.
Maybe other car manufacturers will follow in Tesla's footsteps and start looking at testing the security of their future offerings.
Let us hope we never see a self-driving car botnet, or that my favorite prediction, ransomware locking you out of your car, will remain in the realm of fiction.
I for one, would be happy I these predictions do not come to pass.