Furthermore, it is clear that much of the ECU software looked at by researchers contains
basic software flaws such as buffer overflow vulnerabilities, reliance on obscurity, and bad
implementation of cryptography (reoccurring nonces). This makes it evident that the car man-
ufacturers discussed in this chapter have not invested in analyzing the code to find and
remediate the most fundamental security issues that are well known in the software develop-
ment community. In addition to analyzing the code, car manufacturers should design their
telematics systems to connect outbound to a trusted destination rather than accepting incom-
ing connections.
In the past two decades, we have learned the hard way that it is a bad idea for laptops and
desktops to trust each other just because they are on the same local network. The probability
of one of the devices on a local network eventually being compromised is high, so it is unac-
ceptable to approve an architecture in which devices on the same network don’t employ end-
point protection to guard themselves. But most cars today do employ this architecture,
because ECUs on the CAN bus explicitly trust the integrity and authenticity of packets. In the
past, the risk posed from this design may have been seen as acceptable because it required
physical access to the car. However, as we’ve seen in this section, research has proved that this
approach can be exploited remotely, which can compromise the physical security and privacy
of the car’s drivers and passengers. The motivation of an attacker for exploiting these condi-
tions can range from a simple prank to a targeted attack against an individual, or even a terro-
rist act targeting a large group of car owners and passengers.
One important point to take away from this section is the fact that the vulnerabilities
being discovered in cars today are rooted in the ignorance of fundamental principles of mem-
ory management, practical cryptography, and basic security controls. In the future, cars will
continue to increase their reliance on wireless communication. We ought to learn from the
mistakes we are committing today so that we can create vehicles that can keep drivers and pas-
sengers safe without exposing vulnerabilities that can be abused by attackers.
The Tesla Model S
The words Tesla Motors, SpaceX, and Elon Musk have become synonymous with relentless
innovation. The eventual goal of SpaceX is to lower the cost of space travel so that the human
race can migrate to other planets. The goal of Tesla Motors is to increase our knowledge of
how to generate energy most efficiently and cleanly, and the company has demonstrated this
by releasing one of the safest and fastest four-door electric sedans, the Model S. The eventual
goal of Tesla is to bring to market an affordable electric car. Elon Musk, the South African–
born engineer and executive behind SpaceX and Tesla, is leading the charge toward the suc-
cess of both the companies.
In the words of Musk: “I didn’t really think Tesla would be successful. I thought we
would most likely fail. But I thought that we at least could address the false perception that
people have that an electric car had to be ugly and slow and boring like a golf cart.” The Model
CHAPTER 6: CONNECTED CAR SECURITY ANALYSIS—FROM GAS TO FULLY(^170) ELECTRIC