Tesla Hires Hacker Kristin Paget

I hope TMInc provides her a business card as cool as the one she had at Apple.

AudubonB said:

I hope TMInc provides her a business card as cool as the one she had at Apple.

Click to expand...

Same job title, but with Tesla on the card.

neat, soemthing to look forward too

Maybe last minute prep for the China launch.

APIs, here we come.

I do like the Silicon Valley thinking. Detroit would hire a security consultant. The valley goes for a hacker princess.

Sounds like they are taking security seriously which is great. Good hire.

But do I sell my AAPL now, then?

Tesla Hires Hacker Kristin Paget - pls merge

One of the downsides of having a vehicle that is so highly automated and connected to the Internet is that it becomes vulnerable to hacking attacks.

Tesla hired a hacker, possibly to test & build security to try to reduce security vulnerabilities.

Tesla Hires Hacker Kristin Paget to, Well, Secure Some Things | Re/code

I wonder if the concern is the embedded linux or the car systems modules (or both). I know very little on the linux side but ECU reversing and what major OEMs have done to stop tuning is a hobby of mine.

BMW have introduced RSA based tester authentication routines prior to a test tool even starting a conversation with their ECUs. MB and BMW have moved to RipeMD160 hashes of updated code embedded in RSA encrypted messages. If the new code does not match the RSA encrypted hash, the code does not run. So far there have been ways found to get around this but it is getting MUCH harder. I'd be curious to see what Tesla has done and how they've implemented their solutions/protections.

AudubonB said:

But do I sell my AAPL now, then?

Click to expand...

It's probably too late to sell your apple.

lolachampcar said:

BMW have introduced RSA based tester authentication routines prior to a test tool even starting a conversation with their ECUs. MB and BMW have moved to RipeMD160 hashes of updated code embedded in RSA encrypted messages.

Click to expand...

In a mirror, I can see my lips moving, but I have not the foggiest notion of what they're saying.

How about we play let's spot the nerd. I'll give you a hint (its me).

AudubonB said:

In a mirror, I can see my lips moving, but I have not the foggiest notion of what they're saying.

Click to expand...

I think lola is referring to BMW trying to prevent MITM attacks/alterations on their systems. Basically the same thing that was in the news a lot regarding the NSA intercepting web based SSL encrypted traffic by forging authentic certificates.

If I were Tesla, I would also consider hiring the iPhone dev team or evad3rs, both of which are behind many of the jailbreaks. If anyone can break into a secured, locked down OS it would be them. On the other hand, I think I'd be great if they can get us access into the Linux console in the car.

Perhaps, I think they would want to pickup folks used to beating on Linux, not iOS. I would be less concerned with MITM (man-in-the-middle) attacks from devices with physical access and more concerned with attacks via the internet connection, either directly or via the Telsa servers.

The upside is if they feel they have hardened the OS enough, I can see them maybe opening up the APIs via an SDK or at least opening up an app store of some sort.

O

omarsultan said:

Perhaps, I think they would want to pickup folks used to beating on Linux, not iOS.

Click to expand...

Kristin was responsible for mainly for OSX in Apple, and before that worked on security for Windows Vista while at Microsoft. So I think his breadth is wide enough to cover Linux too.

Agreed--I think Kristin is a great addition--I was referring to the earlier comment regarding the iPhone Dev Team or evad3rs.

O