Model S at DEF CON hacker convention August 6-9
The program for this year's DEF CON includes a presentation "How to Hack a Tesla Model S":
DEF CON 23 Hacking Conference - Speakers
In an attempt to heighten the level of an anticipated discussion of that event here, I will try to clarify a couple of things that may not be clear to the typical Model S owner:
1) With one likely exception, Tesla Model S as a topic at DEF CON is a _good_ thing for Tesla Motors and for Tesla Model S owners. a) It gives Tesla Motors renewed media attention and public awareness for free. b) It promises to give the public
an understanding of what information the data the Model S collects and what Tesla does with this data, which is important in terms of a (prospective) owner's right to privacy. c) It promises to disclose to the public a handful of so called zero-day software vulnerabilities in the Model S, which is good since this will in turn allow Tesla to improve its software. Starting with 19th century lock smiths it has been a subject of debate if and how security vulnerabilities should be disclosed. A commonly held view is that if they are _not_ disclosed to the public, the vulnerabilities are less likely to be fixed, criminals will still know about them and exploit them to the detriment of the owners and prospective owners will not be able to appreciate the security of competing products in the market. A zero-day vulnerability is a vulnerability that is being disclosed to the public with zero days of advance notice to the producer, in this case Tesla. In the case of Model S and DEF CON, it means that in three weeks not only Tesla Model S owners, but also criminals and others can expect to to able to compromise the software in a Tesla Model S. Tesla Motors will thus be in a race to push out an update to their cars and depending on the severity of the type of compromise and the complexity in fixing the issues, we can expect Tesla to react rather quickly to this disclosure. A segment of IT security researchers hold the view that it is more responsible to give prior notification to a software vendor (such as Tesla Motors de facto is) before disclosing a software vulnerability, i.e. to avoid disclosing zero-day vulnerabilities in favor of so called responsible disclosure. As such it is hardly good news for Tesla Motors and the typical Model S owner, if zero-day vulnerabilities are in fact going to be disclosed. An advantage for courageous Model S owners is that the zero-day disclosure gives them the prospect of "jail-braking" their Model S, i.e. giving them the freedom to modify the software in the car, but at the risk of causing it to malfunction - quite possibly with a voided warranty to boot.
2) The typical Model S owner may not appreciate the significance of the fact that the Model S uses Linux and apparently also Ubuntu on top. Apart from cars, Linux is the most widely used operating system in the world, found in everything from smart phones, routers, PCs to servers and supercomputers, there is even a rifle scope that uses Linux. Linux (and Ubuntu) is protected by copyright laws in all countries (that have signed the Bern Convention, including the USA and France where one inquisitive Model S owner appears to reside). The copyright holders of Linux are its contributors, which include major IT-players such as Google. All copyright holders of Linux/Ubuntu have agreed to give the users of Linux (e.g. a Model S owner) wide ranging freedoms in using the software, on certain conditions that are also imposed on anyone who redistributes Linux/Ubuntu (e.g. Tesla Motors when they sell a Model S with Linux/Ubuntu inside). The conditions are called the "GNU Public License" (GPL) and are enforceable under copyright law. The conditions stipulate among other things that when Tesla Motors redistributes Linux (i.e. sells a car), they have to give "prominent notice" to the recipient (i.e. the buyer). So all Model S owners should have a note from Tesla that their car uses Linux/Ubuntu, mentioning the GPL. Another condition is that if Tesla has made modifications to the Linux/Ubuntu in the cars they sell, they are required to make this software available to the buyer. (Tesla like others are allowed to distribute their own separate pieces of software together with Linux/Ubuntu in certain ways, without having to use the GPL for these separate pieces of software. For example the Tesla specific software that draws the images on the Model S touchscreen does not necessarily have to be distributed under the GPL). A third condition is that Tesla is not allowed to take away the freedoms that the copyright holders have granted the Linux recipient (i.e. Model S owner). This implies among other things that Tesla is not allowed to forbid reverse engineering of the Linux versions they have sold. What exactly would happen if Tesla refuses to honor its warranty after a Model S owner causes his car to malfunction after having modified the Linux inside may be something for the courts to decide.
I realize that the perspective of this posting is probably somewhat unusual for this forum, but hope it is still considered interesting - and I look forward to learn more about the Model S from the DEF CON presentation.
All the best.