Peter S. Shenkin September 3, 2020 8:16 AM

The thing that stands out in my mind from this is how willingly and promptly Tesla engaged with him. Of course, he was already a known individual within the Tesla community, but still….

me September 3, 2020 9:35 AM

only 50 000$ for the complete control of every veicle in the world???
50k is much money but for a such critical bug they should give much more.
as musk said if such a bug is exploited by a bad actor tesla will just stop to exist.
nobody want a car that can be hacked/has been hacked and that can be remotely controlled.

me September 3, 2020 9:47 AM

this low payment for bug bounty is quite common: there was a steam (game store) bug that allowed to buy for free any existing game ( and they payed only 15k.
I have found a bug too that allowed me to find & control any device in the world for an iot device that we sell (but it’s made in usa), i got paid 2k by my company just because my boss is a good person, the company that make that device took one year to fix it and never payed anything (i have not asked and they don’t have a bug bounty program).
I think that the world need a gov agency to report bugs that will fine company if bugs are stupidly simple, in that way company will take security more seriously.
(sorry for double comment, delete if too offtopic)

echo September 3, 2020 9:51 AM

I quit having interest in Tesla yonks back and very firmly blocked Musk when I was on Twitter. Ditto SpaceX etcetera. He’s just a big head who exploits people like Dyson. I’d rather walk than take a Tesla.

Their security advisories are only marketing. Yet another way to make a dollar so I’m not clicking the link.

Rj September 3, 2020 10:24 AM

So now you know why I drive a 1984 Mercedes 300SD 5 cylinder turbo diesel! The closest things to a computer in it are the cruise control and the climate control, both of which are notoriously unreliable and don’t work most of the time. Other than that, the glow plugs and starter use electricity to get the thing astarted, but one the engione is running, you could take the battery and alternator out of the car and throw them in the ditch and still drive from New York to California, provided you did not shut the engine off.

andy F September 3, 2020 12:28 PM


So you have a tradeoff between vehicle security/resilience and harming the health of yourself and others due to the emissions that come out of your diseas-el engine and CO2e emissions of about 2.4Kg per litre of fuel it consumes (you have to add fuel supply chain emissions to this figure).

I have a first gen electric car which I mostly charge off my off-grid solar and the occasional public charger. It has no remote access to the management computer and is therefore generally immune to informational attacks other than via the locking system.

I guess it could be argued that the electronics of the car represent an attack surface but at least I mitigate the pollution and CO2e emissions.

Life is a compromise 🙂

tx September 3, 2020 3:50 PM

A Tesla loses a small fraction of its value in the first few years of ownership. That’s because everyone gets updates. All the other mfrs, if an improvement comes out you have to buy the new model. Saw a long list of cars and the average hit was 40% in three yrs.
This will have an enormous impact in years to come, in addition to the emissions issue.

Anything new and disruptive follows the same pattern. DARPA demo’s AI-controlled fighter in simulated dogfight and everyone goes “It’s not real, there’s no way it would be a real pilot in a real dogfight.” Exactly what they said when computers beat chess champions, then Go champions. And the new guy, in this case Tesla, is going to get hammered for every last tiny thing that goes wrong. Same thing with Quantum Computing. Check back in a few years.

Elnac September 4, 2020 1:26 AM

@andy F

Electric cars, on average, also pollute a lot. From the battery manufacturing to its currently inexistant recycling. The electricity used in these cars (apart from those with solar panels built-in) also comes from somewhere. In the US it will be coal and gas, in other countries it could be nuclear.

Most electric cars take between 300.000 and 500.000km to even out their pollution with older diesel/gasoline ones, just because of the enormous initial pollution to produce the lithium, and electronics.

So, for now, electric cars are both a cybersecurity hazard, seeing as the recent ones are more and more connected, but also a bigger pollution source than gasoline cars, because of the lithium, and because of the pollution needed to produce the electricity.

But I understand why most westerners think they’re less polluting. Batteries are made in China/India, so it’s not a ollution people see, or think about.

WmG September 4, 2020 2:21 AM


The claims you made about electric vehicles surface from time to time. Never with any evidence quoted.

References and sources, please.

1&1~=Umm September 4, 2020 4:25 AM


“Batteries are made in China/India, so it’s not a ollution people see, or think about.”

Elon Musk gets bateries from where?

“From the battery manufacturing to its currently inexistant recycling.”

There is some recycling currently going on in the West. In part it’s from splitting battery packs down and pulling out bad cells and reusing the good cells. For some reason that is not understood as well as many would hope the lifetime on lithium cells is very variable and in some cases as much as 5:1. Which is why it is cost effective for people building their own “PowerWalls” to buy up both used vehicle cells and used computer cells. As for more industrial style “recycling” as with most recycling it’s actually ‘market driven’ that is currently there is no market for the recycled parts with sufficient profit for the usual Asian operations to get involved. But,

“Most electric cars take between 300.000 and 500.000km to even out their pollution with older diesel/gasoline ones, just because of the enormous initial pollution to produce the lithium, and electronics.”

I think you need to compare like with like European studies have shown that the average family car takes ~25years of usage to repay it’s “Manufacturing polution” offset. Which in the case of both iron and aluminium require a very very large electrical input for the smelting process so much so infact that for many years Aluminium smelting was only carried out in areas with lots of low cost electricity that was produced by hydroelectric generation. The studies of interest were carried out before electronic engine managment and it’s consequent ‘extra polution’ became prevalent.

The real issue between electric and IC vehicles is actually two fold. Firstly the inefficiencies of total drive chain from storage to vehical movment. Even with the old heavy lead acid batteries used in “delivery vehicles” having nearly no mechanical drive chain tipped the balance in favour of electric vehicles. Secondly though was and still remains the issues of fueling. An IC engined vehicle can be ‘charged’ in a matter of minutes, whilst batteries can take hours to sizeable fractions of a day. If you were to try to replace the current fossil fuels with another source of chemical energy the chances are you would not be alowed to do so due to health, safety, and environmental protection legislation. The ‘Petro-Chem’ industry with regards vehicle fuels would not be alowed to exist if the legislation in place today was in place a little over a century ago. Thus the IC engine is not playing on a level playing field and thus leads a ‘charmed existance’.

But talking about fuel transportation, whilst finding figures on ‘loss’ for the electrical/mains grid is not particularly difficult, finding simillar for petro-chem / fossil fuels is very difficult as it’s more or less kept ‘hidden’. The reason is most electrical grid transmission loss is ‘heat’ which whilst it is the ultimate form of pollution is nowhere near as dangerous as the chemical ‘loss’ ditectly into the environment, most chemical energy sources are toxic (including those we eat) and so just dumping them into the environment is a very bad idea.

But you mention coal etc used for electricity generation but you do not mention the refining process of fossil fuels and the immense polution issues involved.

We could endlessly bat individual parts of the ‘from sunlight to motion’ chain backwards and forwards, but in most cases that would be like arguing what effect the colour of ‘the lipstick on the pig’ has on the taste of the sausages or the quantity of squeal in the process.

You need to consider the entire chain from ‘sunlight to motion’ and compare them side by side. If you did you might find that the real joker in the pack is the petro-chem industry from ‘hole in the ground to vehicle storage’ as far as polution is concerned.

1&1~=Umm September 4, 2020 12:07 PM


We’ve all heard jokes about ‘Volvo drivers’ well what sort of joke is it going to be with ‘Google in the seat’?

Yup that’s right designed in Sweden built in China brain lobotomy for Android and destined for the US market, with a name like a job title in a topless establishment the ‘PoleStar II’ is being let loose with all kinds of electronic brain damage in a US city not far from you,

Apparently Volvo’s Chinese Execs think it’s a Tessler 3 killer…

Chevy Volt Guy September 4, 2020 5:22 PM

@1&1~=Umm asks, “Elon Musk gets bateries from where?” Assuming the answer to be common knowledge. But to make sure, he gets the batteries from his Giga Nevada battery factory near Reno, Nevada, USA.

With solar panels, I have gone from filling a 16 gallon tank with gasoline every 2 weeks to putting in a couple or three gallons every 2 or 3 months. We don’t drive a lot, so most is within the 35 mile battery range.

Total (vehicle charging plus all other use) annual power bill is under $600 for 7 years now.

So, if you wonder how the economics work out, this is a good illustration. Your mileage would vary.

And if you wonder why the oil industry hates the electric vehicle so much, this gives you a pretty good idea.

Samuel Johnson September 9, 2020 7:18 AM

How does one very firmly block Elon Musk on Twitter, as opposed to just, you know, blocking him? How would he know? I bet he’s losing sleep over this.

Me September 11, 2020 8:47 AM

Is anyone else getting doubles of articles in the RSS feed?

Just wondering if both the old and new sites are RSSing, or something. I don’t actually know how RSS works, I just like how it does.

EvilKiru September 11, 2020 5:46 PM

@Me: I only had a handful or two of RSS dupes when the blog switched to the new platform, mostly on Tuesday when I read my RSS feed after the long weekend, with some stragglers later in the day or possibly on Wednesday, with no dupes since then.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.