Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday September 07 2018, @02:20PM   Printer-friendly
from the just-doin-the-right-thing dept.

Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free

Carmaker won't void warranties, fling sueballs at pros seeking security vulnerability rewards

[...] Tesla will allow vetted security researchers to hunt for vulnerabilities in its vehicle firmware risk free – as long as it is done under its bug bounty program.

The luxury electric automaker said this week it will reflash the firmware on cars that have been bricked by infosec bods probing for exploitable bugs in its code, provided they have suitably enrolled in the Elon Musk-run biz's bounty program. And any sanctioned searching can be carried out with worrying about being sued by Tesla's legal eagles.

"If, through your good-faith security research, you (a pre-approved, good-faith security researcher) cause a software issue that requires your research-registered vehicle to be updated or 'reflashed,' as an act of goodwill, Tesla shall make reasonable efforts to update or 'reflash' Tesla software on the research-registered vehicle by over-the-air update, offering assistance at a service center to restore the vehicle's software using our standard service tools, or other actions we deem appropriate," Tesla's updated security policy now reads.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by requerdanos on Friday September 07 2018, @02:53PM (1 child)

    by requerdanos (5997) Subscriber Badge on Friday September 07 2018, @02:53PM (#731773) Journal

    Just as with the "Tesla Does Not Give A Rat's Red Rear End About Complying With Software Licensing Stories", the resolution for this one is also:

    "TESLA SUCKS SLIGHTLY LESS BUT STILL SUCKS HARD".

    (The outcome of the software licensing problems [linux.com] was that Tesla, instead of refusing to provide any source code to comply with the licenses of the free software they had appropriated and modified, started to provide some source code, while still carefully and deliberately failing to comply with the licenses involved, while boldly and falsely declaring that they were "MAKING THE SOURCE CODE AVAILABLE." The outcome here is that instead of going to war with security researchers, they are declining for the moment to attack (only) their pet researchers, while still at war with the majority of security researchers, while boldly and falsely declaring "TOTALLY NOT MAKING WAR ON SECURITY RESEARCHERS".)

    Tesla is a malicious DRM delivery company that uses 3G/4G networked cars to deliver its DRM. (The Tesla fans here argue with this; I expect to see some of that below. But they argue around it--not against it--because all of us are working with the same set of Tesla-Owns-U facts.)

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by MostCynical on Friday September 07 2018, @09:45PM

    by MostCynical (2589) on Friday September 07 2018, @09:45PM (#731940) Journal

    There is a fundamental issue with vehicles (cars, boats, aeroplanes..)
    Once they can be modified, things can go wrong.
    You local motor vehicle inspection can see that you haven't bolted your 454 into your 1960 Chev properly, or you brakes are not working.

    Once you get to modified code (in frimware, or where ever) no one from local mechanic to the inspectors to the manufacturer will be a bly to certify that your changes are safe.

    They can't even do that with any vehicle, now, but insurance and things like ATSB help "correct" things when they go wrong.

    Even if Tesla released all the code, (because "license") there is an arguement that bad actors will find exploits and use them, rather than let the company/world know.
    As Boeing or Airbus to release the code of a modern jet.

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex