DoSla - Journey to a CVE - CVE-2020-10558

Title: Unveiling Vulnerabilities: My Journey with Tesla in 2019-2020

Introduction:
Today, I would like to share my experience in uncovering a vulnerability within Tesla vehicles during their struggles in the years 2019 and 2020. This talk aims to shed light on the process I followed to identify the flaw, highlighting the importance of responsible disclosure and collaboration with companies in the pursuit of cybersecurity excellence.

Objective: Identifying a Vulnerability in the Tesla Model 3 Vehicle

My investigation commenced with a clear objective in mind - to find a vulnerability within the Tesla Model 3 vehicle. However, discovering such weaknesses in a complex system like a modern electric car is no easy task.

Investigation: An Iterative Pursuit of Flaws

Throughout my investigation, I explored various avenues to uncover vulnerabilities. I embarked on a journey of trial and error, testing potential weak points in Tesla's security infrastructure. This included scrutinizing areas such as USB connectivity, Wi-Fi and LTE connections, Android and iPhone apps, the Tesla Key Card, charging ports, the CAN bus, TPMS sensors, GPS functionality, and even the MCU Ethernet port. Despite these exhaustive efforts, no significant flaws were discovered in these areas.

The Breakthrough: A Successful Vulnerability via the Web Browser

Persistence paid off, and I eventually stumbled upon a successful vulnerability through Tesla's web browser. This discovery allowed me to perform a denial of service attack on the vehicles web browser, and crashing the entire interface with it.

Resolution: Collaborating with Tesla and Responsible Disclosure

Following the identification of the vulnerability, I promptly reported my findings through Bugcrowd, a renowned platform for responsible disclosure. I had the privilege of working closely with Tesla's security team to ensure the issue was addressed promptly and efficiently. As a gesture of gratitude, Tesla kindly rewarded me for my contribution.

Responsible Disclosure: The Essence of Ethical Cybersecurity

The importance of responsible disclosure cannot be overstated, particularly during challenging times when companies face adversities, such as Tesla's struggles during the period in question. It is imperative to recognize that by responsibly disclosing vulnerabilities, we aid in the collective effort of enhancing security and protecting individuals and organizations alike. This often requires patience and selflessness, as it may involve delaying personal gratification for the greater good.

Conclusion: A Journey of Collaboration and Ethical Responsibility

In conclusion, my exploration of vulnerabilities within Tesla vehicles during their struggles in 2019-2020 was a profound experience. It highlighted the significance of diligent investigation, perseverance, and responsible disclosure. By sharing this journey, I hope to inspire a collective commitment to cybersecurity excellence, fostering a culture of collaboration between security researchers and companies. Together, we can fortify the resilience of critical systems and ensure a safer and more secure future for all.