Why root exploits aren't public yet and when we are likely to see one

[apacheguy]

I'm creating this thread to begin a discussion surrounding the future release of a root exploit for the Tesla infotainment system.

A number of owners have achieved root on their vehicles and yet this has all been very much "hush-hush" behind the scenes hacking with precious little leaked to the public. Now, obviously, these parties have a vested interest in keeping their exploits private. A publicly disclosed exploit is sure to be patched by Tesla. I understand this.

However, I do not understand instances in which Tesla has long since patched the exploit and yet we still have no insight as to any of the details. It is no secret that Tesla is a fan of NDAs and we can assume that those participating in the bug bounty program are immediately restrained by an NDA regarding all details of their findings. But Apple and Google both have much larger ($$$) bounty programs (and I assume NDAs are a part of this) and yet they have not succeeded in preventing a thriving jailbreak/rooting scene for iOS and Android devices.

Additonally, in the automotive world, the hacking and modification of ECUs has long been publicly discussed. Here on TMC - nada. So what makes Tesla different and why don't we have root exploits floating around on the net? When (if at all) are we likely to see one?

 

[MP3Mike]

Additonally, in the automotive world, the hacking and modification of ECUs has long been publicly discussed. Here on TMC - nada. So what makes Tesla different and why don't we have root exploits floating around on the net? When (if at all) are we likely to see one?

I think at least part of it is the OTA updates that Tesla offers that could take the exploits away, which doesn't happen with normal automotive ECUs. And people that are using these exploits to maintain salvage/out of warranty cars don't want them to go away.

 

[jerry33]

As I recall, the exploits done in the contest held a while back all required a physical connection to the car. OTA exploits are much harder to do, and are a moving target as MP3Mike says. The easier way is social engineering to get the password--not much Tesla can do about that. I'd also suggest that the Linux kernel in a Tesla is a more limited kernel than the kernels in Android and iO/S. Also it's much easier to obtain a smartphone than it is a Tesla, so there has to be real motivation to do so.

 

[apacheguy]

Agree. OTA updates will kill public exploits as I noted in the OP, which is why I was asking primarily about exploits that have already been patched.

The recent iOS 10 jailbreak only came about because Apple patched a private exploit the developer had been using.