Might it be that one of Apple Computer's software-security gurus wasn't quite, ahem, secure enough to resist the pull of Tesla Motors CEO Elon Musk? Kristin Paget, who held the illustrious title of "Hacker Princess" at Cupertino, CA-based Apple, starts working for nearby Tesla this week, Re/code says. Paget would only say on her Twitter feed that the gig was "something security-related" and added that she "shouldn't say too much."

Paget would only say that the gig was "something security-related."

Paget joined Apple in 2012 after spending time with Microsoft, where she was responsible for security in the Vista operating system. Paget was also known within the Silicon Valley cognoscenti for her instructions on how to build a fake cell tower that could intercept cellphone calls.

Tesla's headquarters in Fremont are just 25 miles from Apple's, but the poaching is far more than merely geographic. Tesla has always been big on technological advancements and has been steadily making over-the-air software upgrades to the Model S. Most recently, Musk and Tesla Chief Technology Officer Straubel toured Western Europe, talkind to Tesla owners and followers. They said the company was on the cusp of releasing Version 6.0 of the Model S software, which includes more suspension control as well as real-time traffic data. We wonder what features Paget will bring to Version 7.


I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • 45 Comments
      Joeviocoe
      • 10 Months Ago
      Most likely pen testing the telematics, to make sure hackers won't be able to send malicious updates to the car's secure program. The User Interface does not need to be so secure, but there are parts of the system that can control ride height, charging limitations, etc (as recent over-the-air updates have shown)... and if hacked, could pose a danger to driver and others.
        Weapon
        • 4 Hours Ago
        @Joeviocoe
        I doubt, I think it has to do with the app emulator and SDK that they plan to introduce in late 2014/2015.
          Joeviocoe
          • 4 Hours Ago
          @Weapon
          Yes, the SDK may have something to do with it... but she is a security expert, no a general programmer.
          GreenDriver
          • 4 Hours Ago
          @Weapon
          I think, I doubt, therefore I am ;)
      danfred311
      • 4 Hours Ago
      He even hacked his own gender. He's good :) Hacker princess seems like a questionable title and particularly given the history. I guess they are looking into security vulnerabilities with the wireless updates for the cars. Given how Tesla Motors isn't always on top of technical details (like 100watt constant power leak) I'm guessing that updating mechanism is less much than secure.
        purrpullberra
        • 4 Hours Ago
        @danfred311
        Yep, your right. It's a tranny. Why not ask when Tesla is building a third sex bathroom? You make me look composed and always on-topic. Can you imagine what that says about you? I'm guessing YOUR updating mechanism is malfunctioning.
          danfred311
          • 4 Hours Ago
          @purrpullberra
          I think you are the one malfunctioning here. I made a subtle clever comment. You called him a tranny.
      paulwesterberg
      • 10 Months Ago
      Tesla has done a much better job of providing decent software along with software updates for existing vehicles. Having owned two priuses and a leaf with touchscreen software I have to say most of it is garbage compared to what a smartphone will do these days. And years later I am still stuck with the mediocre software it had when it rolled off the lot.
      purrpullberra
      • 4 Hours Ago
      Well, I must say that Vista sucked donkey dong but the security wasn't a problem. And Apple shouldn't have the same security needs as MS so who knows for sure what this lady might work on for Tesla, security may not be her specialty anymore. But I think all of your ideas about enhancing Tesla's current security protocols are likely to be what she ends up working on. It's going to be harder to keep 100,000's of cars updated safely than it was to update the first 25,000 well enough. It will need to be flawless. It's security. I think this is a smart thing to get working on ASAP.
      usugo
      • 4 Hours Ago
      I always find funny/sad/ironic/riculous to hear about this gurus moving from a company to another every few months. Just the time to learn where the coffee machine and the restrooms are. But, maybe they can do in a month what people like me do in a year or more ....maybe
        2 wheeled menace
        • 4 Hours Ago
        @usugo
        As an IT specialist, i disagree. Especially if you are doing programming. Which is why we have had a very hard time finding another programmer for our company. Our system is very complex and getting someone on board with how it works takes a lot of time. Everyone who has seen it runs away screaming, except me. Which is why i have the job that i have. Lol.
          lazybeans
          • 4 Hours Ago
          @2 wheeled menace
          As a technical lead for over a decade in modern application development, I would say if it's too complex you have built it wrong. If it's hard to change and hard to understand, you have built it wrong. Now, rework the whole thing to make it easier to understand.
          2 wheeled menace
          • 4 Hours Ago
          @2 wheeled menace
          Analyzing the code itself can give you quite a bit more insights than the attack vector though... :)
          Joeviocoe
          • 4 Hours Ago
          @2 wheeled menace
          In IT security, my field, it is very different from programming. Think of it this way, it takes a lot of experience with a particular software to help program it. But to break it, takes someone from the outside. Her background gives it away. IT security consultants are typically from the outside of the organization, but they work with company security people who have been there awhile. With the upcoming SDK, possibilities for vulnerabilities will multiply. So every precaution is needed.
          Joeviocoe
          • 4 Hours Ago
          @2 wheeled menace
          Yes, but code analysis can be done very well from a fresh perspective that is untainted by the entire design process. Security personnel do study programming language... but from a different point of view. The purpose of a programmer tends to be on functionality and product development in a timely manner.... which tends to leave a lot of vulnerabilities, for the security researcher to find later.
        Joeviocoe
        • 4 Hours Ago
        @usugo
        In IT security, my field, it is very different from programming. Think of it this way, it takes a lot of experience with a particular software to help program it. But to break it, takes someone from the outside.
        Rotation
        • 4 Hours Ago
        @usugo
        Don't get confused. Just because a person is good at marketing herself doesn't mean she's a guru. A nobody with a twitter account changes jobs.
          Joeviocoe
          • 4 Hours Ago
          @Rotation
          Guru is not a good word. 1337 or (elite) is better. She has presented some very good hacks with cell phone towers to show how your phone calls and data can be intercepted if using GSM networks. This is not a 'marketing' plow, she has serious street cred.
          Rotation
          • 4 Hours Ago
          @Rotation
          Joeevicoe: Yes, it was trivial then too. It was already being done in fact. http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/ Many people will confuse a cool demo for a great hack. Maybe we're disagreeing on the "trivial" aspect here? You think trivial means inexpensive while I think it means complicated or previously unknown. Paget put up a fake 2G cell tower. This isn't complicated or previously unknown. I guess Paget cost-reduced the hardware. That's cool, but is it a great hack? Furthermore is it any kind of security hack? Paget didn't find any new exploit or security hole, just demoed a known technique on his own hardware.
          Joeviocoe
          • 4 Hours Ago
          @Rotation
          Before this was done... it was not at all trivial. Building an IMSI catcher is only easy now, because it has been done, and the source code is out there for anyone to look up. And so goes most great hacks, before it is done.... it is not easy to do... but once done (like the 4 min/mile) the method becomes "trivial".
          Rotation
          • 4 Hours Ago
          @Rotation
          Joeviocoe: It's trivial to divert phone calls with a fake cell phone tower. The phone has no way to authenticate towers. You don't have to be some kind of elite to demo this.
        Joeviocoe
        • 4 Hours Ago
        @usugo
        IT specialists don't need to "learn the inner workings of a company" like some regular employee. This type of work can be easily transferred without delay. Besides, for penetration testing, you want someone from the outside.
      Jim_NJ
      • 10 Months Ago
      Correction: Tesla's headquarters in PALO ALTO are just 10 miles from Apple's in Cupertino. Tesla's FACTORY is in Fremont. Tesla's headquarters are in Palo Alto. I suspect that Ms. Paget will do most of her work in Palo Alto.
        purrpullberra
        • 4 Hours Ago
        @Jim_NJ
        Well done, Jim, you are now a better journalist AND editor than anyone working at AB & ABG. Really guys, this is no time to act as immature and pigheaded as your CEO. Well, I guess you have a right to be unhappy working for that POS. But still.... There is no excuse for such shabby 'reporting' and such a lack of professional editing at work. This is damning evidence of people with no respect for themselves or readers. No one cares. Yuck. Why do I come back here? For all you guys, I like 'talking' to you. And you have more real info than the 'pros'.
      lad
      • 4 Hours Ago
      The Model S is fast becoming a computer that just happens to control an EV.
      Rotation
      • 10 Months Ago
      Oh look, valley nonsense somehow turned into car news?
        m_2012
        • 4 Hours Ago
        @Rotation
        This is about a car company, no?
          Rotation
          • 4 Hours Ago
          @m_2012
          Grendal: Paget announced this, not Tesla. This isn't Tesla making any kind of release. And wow, you sure are assuming a lot about the situation from the information presented. There are plenty of things for a security expert to secure besides the communication with cars.
          Grendal
          • 4 Hours Ago
          @m_2012
          As long as it is more secure it works for me.
          purrpullberra
          • 4 Hours Ago
          @m_2012
          Dude, Grendal didn't say Tesla made the announcement. In fact the words were "without officially announcing it". Bad day Rotation? Negative Nancy....
          danfred311
          • 4 Hours Ago
          @m_2012
          For those intelligent enough to look past the skin of cars.
          Rotation
          • 4 Hours Ago
          @m_2012
          purrpullbera: Tesla didn't officially or unofficially announce anything. Paget did. Why are you attributing to Tesla what appears on Paget's twitter?
          Grendal
          • 4 Hours Ago
          @m_2012
          My bad writing creating an unclear message. "By hiring Paget" Tesla is showing their intent to....
          Rotation
          • 4 Hours Ago
          @m_2012
          Where's the actual car news here?
          Grendal
          • 4 Hours Ago
          @m_2012
          Without officially announcing it, Tesla is trying to make their communication with their cars even more secure. All cars have issues with this and Tesla, even more so. That is important news to me.
      goodoldgorr
      • 4 Hours Ago
      I won't buy a car that need complicated software update like the tesla model s. I just need a cheap uncomplicated car that run simply without touchscreen control, gps, data recording, recharging, all that at high price and deceptive day to day operation and bothersome maintenance. I need a car that is ready to run from day one to 20 years long. I will then keep my dodge neon 2005 to the end of his lifetime and I will buy a used car after that cost the less possible. I visited the montreal car show last month and all the cars had touchscreens ??? do they sell now conventional control buttons as an option ? Im willing to pay more for conventional technology.
        m_2012
        • 4 Hours Ago
        @goodoldgorr
        Its not complicated; in fact you do nothing. No service visits to get updates. Do you realize how much LESS maintenance an EV needs over an ICE? A couple of quarts of gear lube every 10 years, that's it.. Forget air filters, oil changes, spark plugs, belts, hoses, coolant flushes, transmission services, and fewer brake services. No exhaust to rust out or catalytic converters to change.
          Actionable Mango
          • 4 Hours Ago
          @m_2012
          I'm with you on most of that, but I do wonder about liquid cooled batteries. That sure sounds like hoses, coolant, and a radiator to me, albeit low pressure.
          paulwesterberg
          • 4 Hours Ago
          @m_2012
          I have had to fill up on wiper fluid twice in the last year and check tire pressure every few months. Air filters still need changing every few years because of the ice vehicles.
        purrpullberra
        • 4 Hours Ago
        @goodoldgorr
        Still longing for the grave, huh? Looking backward is so yesterday.
        Actionable Mango
        • 4 Hours Ago
        @goodoldgorr
        "I will then keep my dodge neon 2005 to the end of his lifetime and I will buy a used car after that cost the less possible." Yes, we know. You've told us this 100 times.
          Marco Polo
          • 4 Hours Ago
          @Actionable Mango
          @ Actionable Mango Gorr has been posting on ABG for years, his posts are often, ..um..a little eccentric, but he's basically well intentioned. sometimes amusing, and pretty harmless. His faith in his trusty old Dodge neon ,shows even the, dullest, most unloved vehicles, find someone who appreciates their virtues : )
      Marco Polo
      • 4 Hours Ago
      For Joeviocoe, 2WM, and others working in the IT industry, the idea of security to prevent a car's computers malfunctioning, is just another facet of 21st century technology. For the rest of us, especially the 'older generation' the idea that your car could be subject to cyber attack, is a bizarre new concept ! I imagined (for my generation) I was familiar with the principles of IT technology. However after spending a fascinating couple of hours, listening to our IT security expert, I realised I understood only about 10% of what he was talking about ! (and I suspect he dumbed it down, just for me). The fact that Tesla is investing in such forward thinking to stay ahead of these issues, is one of the reasons why Tesla is outclassing some of the older OEM's, where older executives lack the insight as to how fast the world is changing.
        Joeviocoe
        • 4 Hours Ago
        @Marco Polo
        Cars are turning into appliances. Although there are still plenty of old school folks that want only to drive and feel connected to the road. The next generation of drivers are becoming more attached to connectivity, rather than the road. The auto industry in America has become a dinosaur only moving when forced, and even then, 'kicking and screaming'. We already have given our safety to the hands of computers, whether drivers know about them, or not. Most automotive computers don't interact with humans directly, (in the car, or part of traffic systems)... and thus, most people are unaware that their safety relies in the hands of computer engineers as much as automotive/mechanical/electrical engineers. Security is an interesting domain... I look forward to the challenges.
          Marco Polo
          • 4 Hours Ago
          @Joeviocoe
          @ Joeviocoe "O brave new world, that has such people..." :) Yes indeed Joe, the speed of change is overwhelming. Each new technology has it's hazards and potential for misuse. Computer security is becoming crucially important. To most of us, the cyber world is a mysterious, secret place. The average person has little ability, or knowledge, to understand the challenges of implications of misuse or failure. I'm glad guys like you, (with integrity) are working hard to keep the systems safe and functioning.
    • Load More Comments