Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free
Carmaker won't void warranties, fling sueballs at pros seeking security vulnerability rewards
[...] Tesla will allow vetted security researchers to hunt for vulnerabilities in its vehicle firmware risk free – as long as it is done under its bug bounty program.
The luxury electric automaker said this week it will reflash the firmware on cars that have been bricked by infosec bods probing for exploitable bugs in its code, provided they have suitably enrolled in the Elon Musk-run biz's bounty program. And any sanctioned searching can be carried out with worrying about being sued by Tesla's legal eagles.
"If, through your good-faith security research, you (a pre-approved, good-faith security researcher) cause a software issue that requires your research-registered vehicle to be updated or 'reflashed,' as an act of goodwill, Tesla shall make reasonable efforts to update or 'reflash' Tesla software on the research-registered vehicle by over-the-air update, offering assistance at a service center to restore the vehicle's software using our standard service tools, or other actions we deem appropriate," Tesla's updated security policy now reads.
(Score: 2) by urza9814 on Friday September 07 2018, @02:51PM (2 children)
This wouldn't even be necessary if Tesla wasn't doing everything in their power to prohibit and block any attempts to repair these vehicles. You can't even buy a single bolt from them without jumping through hoops to prove you're "approved". Wonder how difficult it's going to be to get approved for this program?
(Score: 2) by Arik on Friday September 07 2018, @03:25PM (1 child)
If every or nearly ever or frankly, probably, if even 10% of the folks that came in to buy a Tesla wound up walking right back out without one (which is what should have happened because no one would sign such a completely unconscionable set of terms without a gun to the head!) then the problem would have been solved right at the start. Instead of festering.
But no, most people are dumb sons of bitches that just sign anything some smooth-talking con man like Musk wants them to sign, so no one gets the benefits of a working market.
If laughter is the best medicine, who are the best doctors?
(Score: 3, Interesting) by urza9814 on Friday September 07 2018, @03:40PM
Yup, no disagreement there.
But this isn't a new or unique problem either...pretty sure I've made almost the exact same point on a couple other articles this week about other security issues. People assume that as long as they use a sufficiently popular product, someone else will be forced to bail them out in case of any serious problem. The worst part is it's not even a terrible strategy, they're more or less correct. What I can't figure out is how the fuck we could convince them to do otherwise...because that seems to be the only way we're ever going to fix this bullshit.