So, just to clarify my little bounty now that I have an extra moment to do so...
The attacker must exploit the recently discovered bug in "bash", which was fixed under CVE-2014-6271/CVE-2014-7169, on one of the systems integrated into an unmodified Model S. Specifically, based on info in this thread, the center console, the dash console, or the "gateway" module. Feel free to try via WiFi, 3G, the internal LAN on the car, normal use of the touchscreen (ex: typing a URL or going to a web page), the USB ports (USB identifiers?), or other reasonable means. Kudos for a network based exploit, however.
The exploit must be able to be verified by any third party who desires to do so, and specifically must be verifiable by me on my own unmodified Model S. I will refrain from applying updates to my car beyond the currently installed v6.0 update, which seems to have been released prior to CVE-2014-7169, or I will ensure I have access to a non-updated Model S to use to verify claims. I'm working under the assumption that the next set of updates would update bash, if it even exists in the car at all, and close off any potential problems associated with it.
Essentially, if I can not duplicate the result, no bounty. First to post a process to exploit the bug here, along with at least some kind of visible proof that it works, wins the $1000 bounty after I personally verify the attack.
The bounty will remain open until 2014-10-28 00:00:00 UTC, or until a winner is declared, whichever comes first.
I reserve the final say on the awarding of the bounty. This is essentially done in good faith, on my own, not associated with Tesla Motors. I'm not responsible for anything you do or do not do as a result of this little contest or in pursuit of this bounty. Any legal action taken against me with regard to this bounty completely voids this contest, since that would kind of go against the good faith part of the whole thing. This is all in good fun. If for whatever reason this gets out of hand or turns into some ridiculous internet-troll type nonsense, I'll pull the plug on this. I expect everyone involved to behave please.
I'll also note that for kicks I've tried a bunch of attacks on the Model S with regard to this bug already without success, and I'm pretty confident that others will have similar results.
Good luck.