Computer security conferences, where industry professionals and hackers join together to attend presentations and workshops on computer software and hardware security, have long offered prize funds to individuals capable of remotely hacking their way into a supposedly secure system.
Usually, the target of the challenge is a particular operating system, program, or smart device, but at this year’s SyScan-360 conference, there’s a $10,000 prize fund waiting for the first person who successfully hacks their way into a brand new Tesla Motors (NASDAQ:TSLA) Model S.
Due to kick off in Beijing in a week’s time, SyScan-360‘s program is packed with presentations and workshops with some of the world’s most renowned programmers, hackers and security professionals. This year, speakers include the team behind the popular Pangu iPhone Jailbreak software, penetration testers (people actually paid to try and hack their way into computer systems by the systems’ owners) for a major British Bank, and a former spyware author turned white hat. (For those who don’t know, a white hat is someone who uses their hacking skills to help the security world expose and patch design flaws, while black hats use their skills for nefarious purposes.)
As cars get smarter and more computerised via in-car networks and even Internet connectivity, car security is becoming an increasingly common thread at security conferences. This year at SyScan is no exception, with one presentation devoted to designing and building hack-proof CAN (Controller Area Network — the special computer network used by different parts of a car to communicate with each other) systems for cars.
It’s no surprise then that the Tesla Model S is the subject of this year’s hacking challenge. While the conference is keeping its list of registered competitors and rules for the competition secret, it did tell Forbes that it is expecting a wide range of different hacking outcomes, from physically controlling the car from a laptop to forcing the car’s on-screen display to visit specific websites.
The outcome, of course, is to see if it’s possible to remotely attack Tesla’s premium electric car remotely, asking if Internet-connected cars are in fact safe in the process. If someone succeeds without a physical connection to the car, it proves that like any other computerised, Internet-connected device, Tesla’s luxury Model S is vulnerable to attack. If the Model S can’t be attacked it proves — at least for now — that the Tesla Model S is safe from the kind of malicious hacking we encounter in the online world every day.
While the conference is taking place in China, arguably Tesla’s biggest market outside of the U.S., Tesla itself isn’t officially taking part in or supporting the competition. With a large internal team devoted to proactively working to keep its Model S safe from hackers — not to mention a full vulnerability disclosure program designed to make reporting security flaws easy — Tesla appears ready for the hacking competition.
What’s more, Tesla has previously been extremely proactive with anyone attempting to hack its Model S. Back in April, a curious Tesla Model S owner hooked a laptop computer up to their luxury plug-in and succeeded in running a custom browser on the car’s 17-inch touch screen display. It didn’t take long for Tesla to notice, sending the owner a polite request to stop doing what they were doing — or face an invalidated warranty.
As more and more plug-in cars come to market, remote telematics systems and interconnected cars are becoming an increasingly common sight on our roads. Protecting internet-connected cars from malicious remote attacks is a real, and serious endeavour. Very soon, we’ll find out how prepared the most connected of them all — the Model S — really is at keeping hackers at bay.
Of course, Tesla’s Model S may defeat the hackers this time, but that’s not to say it will forever. As any security advisor worth their salt will admit, the act of connecting a device to a network opens it up to the possibility that one day it will be hacked.
However small, however unlikely, it’s only a matter of time before someone develops a hack for Internet-connected cars, plug-in for otherwise. The length of time it takes will depend on how good the auto industry really is at protecting its cars.
[Hat-Tip: Brian Henderson]
You can also support us directly as a monthly supporting member by visiting Patreon.com.