Comment by varenc
21 hours ago
From the article
> Tesla offers a “Root access program” on their bug bounty program. Researchers who find at least one valid “rooting” vulnerability will receive a permanent SSH certificate for their own car, allowing them to log in as root and continue their research further.
Pretty interesting. Sounds like Apple's Security Research Device Program[0], where you're loaned a rooted iPhone, but with a clear qualification criteria.
It strikes a nice balance, because to qualify you have to 1) show you have the skills to get root access anyway and 2) show you're willing to participate in the bug bounty program and get things patched.
I would of course love root on everything I own, but I can understand Tesla's motivation here since root for everyone would make vulnerability discovery easier for malicious actors. And if everyone had root on their Tesla, it'd be much easier to make naughty modifications that might catch the ire of regulators. (like disabling driver attentiveness checks in self-driving mode).
> Researchers who find at least one valid “rooting” vulnerability will receive a permanent SSH certificate for their own car
It feels like this is something you should get by being owner of the car, and not have to do free speculative research for the manufacturer to get it.
The underlying tension is that "you own the car" means something very different from "you own the software running the car." Tesla treats the firmware as licensed software rather than property you can inspect and modify. The bug bounty program is a PR-friendly way to say "we support security research" while keeping full control over who gets access and under what terms.
Right-to-repair legislation is chipping away at this but slowly. The EU's right-to-repair directive covers physical repair and doesn't really touch software access. The real test would be a regulator taking the position that restricting root access on hardware you own constitutes an anticompetitive tying arrangement, since you can't use the car's data for your own purposes without going through Tesla's APIs and paying their fees.
John Deere has been the main battleground for this argument so far. Farmers can't repair their own tractors without paying for dealer access to diagnostic software. Tesla is the same pattern applied to consumer vehicles, but the consumer advocacy pressure is weaker because fewer people feel the pain directly.
>> Tesla is the same pattern applied to consumer vehicles
No i'd push back on this because the entire workshop manual is available for free without even registration required. You can literally google and land in the relevant sections and it is of a far higher quality than ford, VAG or bmw as three examples i'm pretty familiar with. I haven't seen the John Deere stuff.
Tesla does have "special tools" for some repair procedures, a practice as old as the auto industry but they don't rely on them to the same extent as BMW for example. Anecdotally, the special tools i'm aware of are genuinely useful - for example, the tool for disconnecting seatbelt anchors saves time vs the traditional bolt - where special tools on other marques are often clearly to workaround a failure of packaging or engineering resulting in tight access for a regular tool.
Their online API access is a little bit annoying, or at least unfriendly to casual home user, specifically the workflow to register an OIDC client, but not insurmountable.
> "Tesla is the same pattern applied to consumer vehicles"
It really isn't. Unlike John Deere, Tesla is actually pretty good on right-to-repair. All of their technical and repair manuals are available for free to anyone. The service/diagnostics software ("Toolbox") is also available to anyone, albeit for a (not entirely unreasonable) fee.
(There is also a service mode built in to the car which can do many basic diagnostics for free)
4 replies →
I would love to lobby to change how the law works for these cases: for some definition of "firmware" (informally "software that ships with hardware and is not intended to be selected by the consumer like a computer operating system"), add a copyright exception so that modifying the firmware in situ is treated like modifying the physical hardware, because in practice they are in fact the same thing: a single component that does a single thing.
With this, the John Deere approach to gatekeeping vehicle repair would no longer be legally protected by the DMCA or by copyright law. All the other protections afforded by copyright law would still apply: you cannot rip the firmware off the hardware and distribute it, the manufacturer is under no obligation to help you modify it, etc.
However, tools which patch or circumvent antifeatures of the firmware would now be legal to use on hardware you own: it would be legal to patch out software locks, retune engine computers, etc.
>The underlying tension is that "you own the car" means something very different from "you own the software running the car."
What does that mean? "The software" is a specific configuration of the hardware you own. How can you own the hardware and not the specific copy of whatever data is on it? Note that I'm not confusing the copy of the data with the IP rights to it.
1 reply →
> Tesla treats the firmware as licensed software
This would be okay if there's a way to reject the license and install my own firmware.
3 replies →
> The underlying tension is that "you own the car" means something very different from "you own the software running the car."
How is this different from the 2000s, or the 90s, or even before, when the normal thing to do with commercial software was to purchase a license to use said software and a physical medium containing a copy? You'd also then not "own the software", but you owned the right to install a copy on your own computer and use it. That worked without having to hand over the keys to your own computer.
Sure, the physical delivery medium is gone, but that's just a detail. Why do we now think that just because we license software for use, we can't be in ultimate charge of our own devices?
2 replies →
Tesla’s manuals are all online and many of the parts sell for cost plus. You may be thinking of Ford and Toyota
Tesla absolutely does not apply the same patterns as John Deere. Everyone can fix Teslas. Parts are easy to obtain. Never had issues with them. John Deere on the otherhand is the absolute evil of right to repair.
Normies get scammed on Discord into pasting commands into their browser console.
As a pedestrian I prefer for most people to not have root access to their multi-ton fast-moving killing machine.
Agrred, but it is remote root access is the danger, they already have root access to the physical dangerous things.
8 replies →
In most cases I agree with this, but maybe not for potentially dangerous things like cars? What if someone roots into their car and disables some essential safety feature - maybe even a legally mandated safety feature?
More concretely, the expertise-required-to-access-root is in a different field to the expertise-required-to-make-wise-changes. i.e. you might know how to hack a car, but that doesn't mean you know how cars operate.
People have been modifying their cars since cars have existed, an electric car shouldn’t be anything new.
5 replies →
As much as I tend to agree philosophically, could it not result in people making changes that endanger other road users?
No, one can do that anyway. There is basically no real way to stop folks from modifying their cars. It can be made more difficult, sure.
This is about selling tools and access. It's another profit pipeline for car OEMs.
10 replies →
I don’t think that’s the reason, seeing as a car is already endangering everyone around it by existing. More likely about keeping the tooling to diagnose issues proprietary and expensive.
2 replies →
That kind of thing is always the stated justification but never the real reason.
Almost invariably when that excuse is trotted out, there are are usually many things that are much more common that are also far more dangerous. For example, texting while driving or driving with bald tires in the wet are both 100x more dangerous than anything almost anybody would do by modifying the car's software.
Four 9/11s worth of people die every year from drunk driving. If we can't even get that under control, I don't see why being able to modify your own car is a big deal.
3 replies →
You can translate that to corresponding car-purchases, i.e. vote with your wallet.
Really? Which car manufacturer officially provides you a root access to your vehicle?
3 replies →
You can feel that way, but plenty of car configuration has always been locked away and walled off, and manufacturers make a tidy profit selling software licenses to dealers and mechanics to perform basic diagnostics. Proprietary software is big business what can you do.
Definitely not always. It used to be that a mechanic or a skilled owner could tune, modify, repair or replace absolutely anything in your car. That was basically since the invention of the car, up to somewhere in the 2000s. And even then, various hackers and pirates made sure almost anyone could get their hands on the software. In fact, many mechanics these days use 3rd party software because the manufacturer refuses to sell them their version or even that version doesn't have all the features.
That is the recent (and gradually worsening) situation but it is not in and of itself a justification. Effectively you're saying "it's currently this way therefore it's okay for it to be this way".
Manufacturers have increasingly restricted control over products as they've gradually been digitized. Prior to the digital era anyone could do anything to personal property (regulations notwithstanding ofc); more expensive items typically came with circuit diagrams for the purpose of repairing them.
[dead]
[flagged]
Having shell is extremely handy for further discovery. SO handy that if they were just gonna patch the bug and lock you out, you would simply not disclose it.
This is what happened. Tesla security received tons of bug reports that required root access to identify, yet they got a vanishingly small number of root vulnerability reports. This policy fixes that misincentive.
If they don't give root, researcher may have incentive to keep vuln secret for root access. Looks reasonable.
It's a mixed bag. This only applies to the infotainment system and not the autopilot computer.
They've also revoked certificates from researchers personal cars in the past
That’s quite a weak confidence in their own platform security if finding a root level vulnerability is not one-off event, but it’s a program expected to have multiple people routinely finding those.
Well it's a selection bias.
If an athlete breaks a world record, they're likely to do it again. Even though it's incredibly hard to break a world record.
Imagine having to hack your device, then having to submit a request to actually own it.
The interesting part is this implies that Tesla cars have static certifcates that don't rotate. (Whoops.)
My read of the output in the post when they tried to SSH to the device was that Tesla are actually doing the right thing here and using an SSH certificate authority, which allows issuing certificates signed with a private key authorising access to a subset of devices (optionally for a defined period of time). https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-b... has more information, but in summary unless the private signing key is compromised in some way this is entirely legit. I'd hope that they also have some mechanism for distributing a new public key if the signing key does get compromised but who knows.
I understand there are also certs involved with tesla vehicles communicating with a supercharger as well.
Not necessarily. All they have to do is roll a pub key into the update package. Same as any OTA update.
Why can't they rotate ? having root ssh keys on the device doesn't imply the certs don't rotate.
And as we all know, if you're smart enough to get root access, your neighbours children playing football in the street should be subject to the risk of you driven a car that claims to have full self driving with custom code on it.