this post was submitted on 03 Sep 2023
331 points (92.1% liked)
Technology
58164 readers
3495 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It may be difficult to spoof a certificate today, but tomorrow is a whole new day. To wit, OpenSSL has a pretty long history of serious vulnerabilities, despite being the best SSL library out there.
It is absolutely only a matter of time until the Tesla OTA functionality is compromised. There's too many moving parts for it to not be.
"Attack surface" is the term you want. Big software means big attack surface. So keep code lean for security as well as efficiency.
There are still a lot of other layers that need to be compromised past the cert for such an attack to even be possible. Even so, I suspect when such an attack does happen it will probably be for stealing cars. Your car would just wake up in the middle of the night and drive itself somewhere else to be cut up for parts. Less likely is any kind of safety issue since its so easy to take over control of the car.