Hats off to Tesla, right now they are doing for cars what Apple did for smartphones in 2007. Under closer examination concept is simple - work closer with customers. In Tesla's case this means monitor working parameters of all the cars they sold. This allows them to identify, diagnose, and solve quite a few problems extremely quickly.
Very cool, but at the same time I can't help but think, "Gee, now that is one less personal device in my life that is under my control".
Would be nice if these updates were open-source and cars ran open source software on open source designs. Unfortunately it's going to be a while before we see this.
Windows does not send anything back to Microsoft unless the user explicitly enables the "Customer Experience Improvement Program." If you want to check if this is enabled, just press start and type "ceip".
Microsoft is huge software corporation that dominates operating system/productivity space. Tesla is a fairly small automotive company that is really innovative. I think that comparison is actually extremely flattering to Tesla.
Anyways your point is correct, however it is one thing to get telemetry from your own operating system that connected to the internet, and entirely different beast to bring that kind of technology to consumer automobiles.
This post just a few away (on the front page) from "Cyber attack that sent 750k malicious emails traced to hacked refrigerator"
I suppose the correlation here being that I would be concerned about not only about malicious activities being committed against your car, but someone then turning your car against you or others within its range.
Somehow I would hope that there would be a better security team at a car company started by the founder of a worldwide online payment processor and a space exploration company trying to mount a mission to Mars, than at your average home appliance company, where odds are most of the management don't even know what Linux is, let alone that their products are running it.
That said, it's a valid concern, and one I hope that's at the forefront of their minds as they design this.
Tesla has been doing staged rollouts already. They've already had a situation in which they pulled an update after it was delivered to only small subset of users and issued a newer version when bugs were resolved.
You guys no doubt think you're being funny, but the way it actually works is like iOS devices: after the download, the car asks you when you'd like to install it, with 2am the next morning being the default. The installation can only take place if the car is stationary, parked, and off.
You can probably melt the battery in Tesla. Batteries are heated, right? Add stress to batter, turn heaters on. Watch battery melt and/or explode. You can already do similar attack on laptops.
That seems crazy to me. Over the air updates will continually make your car safer. You're basically arguing that Windows Update is bad because someone could MITM it to inject an exploit into your computer. Sure, that's possible, but it's much more likely that the delay between availability and installation of an exploit will caused you to be owned.
No, he's arguing that a machine that consumes Windows Update is by very nature less secure than a machine with no network connection. Not because Windows Update is insecure, but because you've added an attack vector (network) and the software can be modified (e.g. EEPROM instead of ROM like in 80's cars). More difficult to permanently PWN a ROM, donchaknow.
You missed my metaphor. The car is dangerous whether or not it has an internet connection, by virtue of it being a highly flammable thing that you sit in while it moves 70 miles per hour. Some of the over the air updates improve the safety of the car during driving.
Carriers and manufacturers have no incentive to deliver a good experience on Android phones past the first few months. It's a high three digits dollar device at best with a profit margin probably in the double digits, and customers don't care enough to reward carriers for doing it.
This is good.... but I do worry slightly that I'd get in my car one day and find some feature I liked had mysteriously vanished overnight or been replaced by something I didn't like. On balance though...good :)
Is there anyone that understands computer security that doesn't think this is criminal?
There are so many things that can go wrong here, both intentionally and by accident.
Currently the Tesla userbase is relatively small so it might not be that worth pwning, but as cars start becoming more like this, we might start seeing some worrying news items... and I'm almost willing to bet at least one person in the world, if not a group, is already trying to find exploits in one.
