[wodzu]

I would rather worry about bad guys pushing a harmful update to all the Tesla cars.

Rather than hacking all the individual cars, hack the Tesla server and push the updates. Happened few times to open source software.

[breser]

If you read the Wired article I linked earlier you'll see that this is indeed a concern since the updates aren't signed. Tesla is relying on the two way verification of their VPN that is used to communicate between the car and Tesla to validate the software.

[snuxoll]

This at least prevents a MITM or a malicious actor from hijacking DNS, etc - since the car effectively ensures it's at least talking WITH Tesla. This doesn't prevent a malicious employee from gaining access to the update server and pushing out an update, but you're going to have to worry about that regardless.

[Silhouette]

This doesn't prevent a malicious employee from gaining access to the update server and pushing out an update, but you're going to have to worry about that regardless.

I'm pretty sure that if your car isn't connected in the first place, so that its essential control systems can't be updated remotely by a single malicious actor like that, then this isn't a significant concern.

[selestify]

> Happened few times to open source software

Interesting, what are some examples?