No other car has the potential to be hacked through a 3G network at any time, and crashed into a tree. There are potential exploits in other cars, but very unlikely to be feasible. Whether they are feasible on the Tesla or not is what I'm asking about, but all the information I have so far says "feasible".Herbys, perhaps this car is not for you. I would be shocked to see Tesla release all the information you are asking for. Has any other car manufacturer done all that?
If, based on these concerns, the car is not for me, then it is not for anyone, sorry. I'm not particularly paranoid, but if a car manufacturer is the first to introduce capabilities that make it feasible for the car to be hijacked remotely and driven into a ditch, it's not the geek or the paranoid that need to be scared. If said car manufacturers has taken these issues into consideration and implemented the necessary countermeasures, then they should say it. Just to be sure I'm not paranoid, I showed the car to two other computer security experts. The two said things very in line to what I asked. And no, the fact that only computer security experts worry about it is not reassuring. The rest simply wouldn't know about the risk.
OK, here's my last claim on the issue: before one year, either Tesla will have published a comprehensive security assessment of the car or at least a set of principles that put my fears to rest, or this will be in the front page of mainstream newspapers. Hackers are not slow nor dumb, and they are driven by money. And there's definitely money to make on this.
- - - Updated - - -
How many of those cars have the ability to receive instructions through the 3G network (not audio calls, but actually data calls making them take action), allow software commands coming from THAT SAME COMPUTER RECEIVING THE INSTRUCTIONS) to alter the driving dynamics and have a Linux-based computer controlling all this?
Yes, the attacks on other cars are feasible, but all things being equal, the attack is a few orders of magnitude more practical on the Tesla. What I want to be sure is that "all other things are not equal".
And also to be clear, encryption is not nearly enough. Most (important) computer to computer communications are encrypted and people still get hacked. An attacker could get access to the relevant private keys through the PKI org (it has happened before), there could be vulnerabilities in the encryption mechanisms (it happens all the time, less so on the well-published ones), the attacker could bypass the whole thing by using legitimate channels (e.g. getting your password from a XSS bug on Tesla.com or even some other site where you are using the same password) an then abusing an unchecked input parameter or a buffer overrun or something like that to get to issue commands that are not supposed to be executable remotely. That's just one example. Not saying that it is possible, but it is definitely possible if Tesla didn't do things right. Doing all that through OnStar on a car where the comm channels are much more restricted (OnStar doesn't allow you to call the car from YOUR phone), where the computer is running a proprietary OS (which doesn't add value to security but does slow down things a bit) and where the integration between the on-board computer and the car controllers is very limited (the Tesla offers more flexibility than any other car I know regarding controlling the drivetrain behavior from the UI) is much, much harded.
- - - Updated - - -
> For me, I'll wait until there is a confirmed threat before I start lining my garage with copper.
That principle usually works well for anything OTHER than security.
- - - Updated - - -
Why? Do you think that once a hacker knows how to trash a Tesla they won't trash ALL of them?