Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Tesla's response to me leaking info about the P100D?

This site may earn commission on affiliate links.
#101
patrick42h said:
Bonnie, what security risk does posting an encrypted version of the string "P100D" pose to Tesla or its customers?
Click to expand...

Bonnie wasn't saying that what wk057 did posed any risk. She was addressing another post that suggested that all security vulnerabilities should be made public.

This was the post she had quoted, and thus was responding to:

mlindner said:
As a fellow stockholder, wk057 and anyone else should be doing their due diligence to keep Tesla on it's toes and release any and all found information. This helps improve the company by instilling better practices. A sloppy software company is a dead software company.
Click to expand...

I believe her point is that the white hat hackers take their information to the company privately, so that exploits can't be taken advantage of. They don't release it. (That's what black hat hackers do.)

Interestingly, wk057 has posted that he received a bounty from Tesla some months ago for doing exactly that.
 
#102
If someone finds some public info I've posted on how to exploit something on a Model S, please let me know. I'd be curious to find out who my impostor is.

In other news, Tesla's firmware servers are telling my car no update is available still... although I'm pretty sure I'm going to just override this and install 2.13.77.
 
#103
bonnie said:
-------- And only wk can answer this (and just idle curiosity on my part, tbh): Since wk claims to have had this information for several weeks, what was the rationale for releasing it now?
Click to expand...

I believe @wk said elsewhere that he released the information now because the latest firmware version had actual IMAGES of the P100D badge, not just references to the configuration.
 
#104
bonnie said:
Q: What's the difference between a white hat releasing found information publicly and a black hat doing the same thing?

A: Absolutely. Nothing. The real white hat informs the company privately. If you believe there is a real security risk to users and the company isn't doing anything, then you release publicly.

-------- And only wk can answer this (and just idle curiosity on my part, tbh): Since wk claims to have had this information for several weeks, what was the rationale for releasing it now?
Click to expand...

I was thinking this way all night. So glad wk slept on it and didn't make matters worse by publicly leaking more information. I think wk was having "fun" and had no malicious intent. However, I hope he informs Tesla ONLY about his discoveries going forward.
 
#106
schonelucht said:
It's entirely unsurprising that Tesla will do everything it can to prevent their future roadmap being revealed on anything but their own terms. If that means pissing off a high profile, high capabilities hacker of their cars, they have already taken the executive decision to do so. Can't say I blame Tesla for this one, they are in the process of asking thousands of reservation holders to confirm their model X. Talk of a P100D or AP v2.0 on the horizon is literally the last thing they want because it's pretty likely none of these will be available as an upgrade to existing owners.
Click to expand...

Thank you for your guidance on this. To me, if this is true, it sounds more corporate policy following than a strategic approach; there will always be new rivers flowing and valleys forged in doing so, and a mature path forward would be to set up strategy to take advantage of this, not try to build dams and canals as the only way to control nature. But I've been wrong in the past; our planet is literally covered in urban areas where they've uninstalled rivers. I just don't see that as the best use of nature. But Tesla has their own right to treat it on their own terms, regardless of whether I see it as an enlightened approach or not. Also, I'm the first to admit that in a sea of regulations, sometimes the boats that must traverse it have to put their paddles in the water. Not saying I agree, but overall, I can see the path that transpired, if so, so, there it is, and peace be all. And as Bonnie has pointed out, at the end of the day, month, and year, I think we will all be better off, so no need to worry about the well in any kind of transcendent way. (i.e., wk057, take a nap, get some sleep, and yes I see the issues too.)
 
#107
<Pedantic> Hashing is not encryption. The hash was reversed by finding a match in a dictionary (not Webster's). Reversing a hash is not decryption. </Pedantic>

**Heavy Sigh** Sorry, that was grating on me. I now you return you to your regularly scheduled thread. :smile:
 
#109
mlindner said:
Holy crap. As a non-Tesla owner but a fellow hacker, wk057 is one of the best users on this forum. Calling him for "ego drama" is some of the lamest ******** I've ever seen. I really want to tell you to **** off right now.

- - - Updated - - -



I don't know where to begin with you. It's his own property, what he does with it or doesn't do with it his business. Tesla sabotaging his vehicle is AGAINST THE LAW and could get them a lawsuit from wk057 if he really wanted to press the issue. The fact you're calling wk057 for being an honest guy and not completely releasing all the information he finds publicly is utterly awful.
Click to expand...

and I have just the opposite viewpoint.

Thousands of people work at Tesla. They're working hard to make the March 31st event a big deal. wk gets some unreleased info out of his car and then goes online and shares it, harming what other people have worked hard and planned for, just so he can get some internet ego-boost. a LOT of effort goes into timing public announcements to generate the most interest. Early leaks do a large amount of harm to that. It's a dick move to everyone that works at Tesla.
 
#110
wk057 said:
In other news, Tesla's firmware servers are telling my car no update is available still... although I'm pretty sure I'm going to just override this and install 2.13.77.
Click to expand...

Just a suggestion, but why not wait a while and see what happens? If they reload the update, it will be a strong indication of their intentions, and that perhaps word has come down from the top with respect to how you should be treated moving forward. Installing your version on your own gains you nothing but the ability to charge at rates between 40 and 64 amps or something. You can charge just fine now at 72 or 80 or 40. I think you have a lot more to gain by waiting to see what happens than by installing your own version now.
 
#111
Ulmo said:
Thank you for your guidance on this. To me, if this is true, it sounds more corporate policy following than a strategic approach; there will always be new rivers flowing and valleys forged in doing so, and a mature path forward would be to set up strategy to take advantage of this, not try to build dams and canals as the only way to control nature. But I've been wrong in the past; our planet is literally covered in urban areas where they've uninstalled rivers. I just don't see that as the best use of nature. But Tesla has their own right to treat it on their own terms, regardless of whether I see it as an enlightened approach or not. Also, I'm the first to admit that in a sea of regulations, sometimes the boats that must traverse it have to put their paddles in the water. Not saying I agree, but overall, I can see the path that transpired, if so, so, there it is, and peace be all. And as Bonnie has pointed out, at the end of the day, month, and year, I think we will all be better off, so no need to worry about the well in any kind of transcendent way. (i.e., wk057, take a nap, get some sleep, and yes I see the issues too.)
Click to expand...

Interesting water metaphors. How are Osse and Uinen doing these days?
 
#113
wk057 said:
And to what end? What exactly would doing this accomplish besides irritate me? Seems like someone over there is making some very poor decisions.
Click to expand...

On the one hand this is really surprising and exceptionally un-Silicon Valley like. Exceptionally. IIRC Apple had similar findings in the OS pointing to some future product names. Got some buzz, then died off.

On the other hand, we have the Alsop incident and one may wonder if they may make another poor decision in the future with some denial of warranty service due to a claim of hacking or something silly.

If this wasn't some rollback for everyone (I didn't read the whole thread), then I got to wonder who wonder who made this decision and who has authority to go into a customer's car and rollback an upgrade.
 
#114
Skotty said:
The problem with the hash is that it was basically a weak password that was easily guessed. Guess what it is, run it through common hash algorithms, see if any match.
Click to expand...

Yeah, we were musing in the channel last night about the unexpected nature of "P100D" being in a dictionary, but given the length and lack of complexity whatever dictionary was used might have had all alphanumeric permutations in it up to a certain character count.

I can only imagine (or maybe stare off into the distance and try to calculate) how long it took someone (or a botnet of someones maybe...) to compile such a dictionary for sha256.
 
#116
Drumheller said:
and I have just the opposite viewpoint.

Thousands of people work at Tesla. They're working hard to make the March 31st event a big deal. wk gets some unreleased info out of his car and then goes online and shares it, harming what other people have worked hard and planned for, just so he can get some internet ego-boost. a LOT of effort goes into timing public announcements to generate the most interest. Early leaks do a large amount of harm to that. It's a dick move to everyone that works at Tesla.
Click to expand...
Yes, leaks are always bad for publicity and for gaining the most interest....

:confused:

If anything this will draw _more_ attention to the 31st of march event! Now people are expecting a Steve Jobs-moment:)
 
#117
Drumheller said:
Thousands of people work at Tesla. They're working hard to make the March 31st event a big deal. wk gets some unreleased info out of his car and then goes online and shares it, harming what other people have worked hard and planned for, just so he can get some internet ego-boost. a LOT of effort goes into timing public announcements to generate the most interest. Early leaks do a large amount of harm to that. It's a dick move to everyone that works at Tesla.
Click to expand...

Assuming that they were even going to announce a P100D on 3/31... Maybe they were going to announce it tomorrow, or maybe they are never going to announce it...

I wonder if he found images of the new 19" Slipstream wheels before today that are now standard...
 
#119
Look, bowing out now. My original posts on this issue were because wk was saying Tesla 'took the first swing' and I only wanted to point out how it could seem to some at Tesla that perhaps he had. Perceptions and all that.

I have't been arguing on the rightness or wrongness of the issues til recently - only pointing out how it might have so quickly escalated to where it was.

But y'know, if someone is going to be arguing that these were white hat actions, because 'white hats are helping a company by pointing out the flaws' ... then it's only reasonable to also point out that white hats don't do it publicly unless there is a safety issue. And there wasn't.
 
#120
bonnie said:
And only wk can answer this (and just idle curiosity on my part, tbh): Since wk claims to have had this information for several weeks, what was the rationale for releasing it now?
Click to expand...

He already answered this. Last night he found the badging graphic while before it were just text references. Therefore he assumed the news release was imminent and decided to make a registry of him having found this before the official release.

- - - Updated - - -

bonnie said:
Exactly. It doesn't. And since it doesn't, then what possible reason would a white hat have for releasing the information publicly?
Click to expand...

Easy : bragging rights.
 
You must log in or register to reply here.

Similar threads

I
Temperature Related “Touchscreen Unresponsive” Error??? - MCU 2 - 2015 Model S
Replies
0
Views
281
Model S: User Interface
IndyAdamC
I
Atomic Wheels
Vendor 21+ Model S Premium Forged Wheels by Atomic Wheels
Replies
85
Views
7K
Model S: Driving Dynamics
Atomic Wheels
Atomic Wheels
S
Available SCALES coilovers Tesla Model S AWD (14-19) - Buffalo, NY or Cambridge, Ontario.
Replies
1
Views
1K
Tesla Aftermarket Parts & Accessories
siamnet
S
jammi
TPMS disable / delete on Model S 2012 to late 2014 "Baolong"
Replies
15
Views
4K
Model S
Wim_V
Wim_V
M
One Year - Complete Costs - M3 LR - 10k Miles
Replies
16
Views
8K
The UK and Ireland
Chris CG
Chris CG
Top
Back
Blog
New
Forum list
Marketplace
Menu