[Owasp-leaders] Tesla S and Infosec.. cool read

Jonathan Carter jonathan.carter at owasp.org
Mon Mar 31 18:16:54 UTC 2014


Typically, unauthorized sellers of mods are selling devices to the general
public that try to do things like tweak engine parameters, disable checks,
etc.  These devices connect to the bus and modify firmware on other devices
(buffer overruns, etc.). Typically, the sellers advertise the devices as
increasing performance or fuel efficiency.  The problem with all of this is
that these modifications can lead to impacts on safety, reliability, and
the user experience (brand damage).  There are plenty of devices on the
market that can be found online.

It's an unexpected use-case for the type of problem space I focus on.


On Mon, Mar 31, 2014 at 9:23 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> John,
>
> That is actually a really interesting angle.
>
> Are you referring to legit car owners "modding" the software of their cars
> to improve performance, unlock features, etc?
>
> Do you have any pointers to share?
>
> Thanks,
> Fabio
>
>
> On Mon, Mar 31, 2014 at 5:09 PM, Jonathan Carter <
> jonathan.carter at owasp.org> wrote:
>
>> One of the big threats that I deal with a lot in the automotive sector is
>> unauthorized code modification of the underlying firmware of the cars.
>> Manufacturers are trying to protect against intentional modification by car
>> enthusiasts or third parties selling mods. Can lead to problems with
>> safety, reliability, as well as brand damage. The article mentions malware
>> but the far bigger threat comes from people that try to mod their own
>> components intentionally.
>>
>> On Mar 31, 2014, at 8:55 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>
>> weak passwords, 3rd party & weak api's, phishing, etc... you name it.
>>
>>
>> http://www.dhanjani.com/blog/2014/03/curosry-evaluation-of-the-tesla-model-s-we-cant-protect-our-cars-like-we-protect-our-workstations.html
>>
>> Fabio
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140331/d77514d5/attachment.html>


More information about the OWASP-Leaders mailing list