At the Defcon convention in Las Vegas this summer, one of Elon Musk’s Tesla electric cars will be made available to hacker attendees, so they can tinker with any piece of the vehicle they like.
“The benefits for Tesla will be twofold: they will be made aware of any bugs in the vehicle and of any hackers who are worth hiring,” writes Thomas Fox-Brewster at Forbes. “At Defcon last year, Tesla scouts were on the prowl, finding plenty of talent whilst meandering the halls of the Rio Hotel & Casino.”
Here’s the talk summary. Tesla won’t comment on it, and no Tesla people are listed as being officially part of the talk. But it does appear that Tesla is loaning one of their vehicles, and Forbes reports that a source close to the planning who asked for anonymity says they’re involved. Makes sense.
Remote Exploitation of an Unaltered Passenger Vehicle
Charlie Miller Security engineer at Twitter
Chris Valasek Director of Vehicle Security Research at IOActive
Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.
Charlie Miller is a security engineer at Twitter, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as “It’s complicated”.
Twitter: @0xcharlie
Christopher Valasek is the Director of Vehicle Security Research at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.
Twitter: @nudehaberdasher
[Thanks, RC!]