Gone are the days when only laptops and PCs were the target of hackers. With the continuous increase in the scope of Internet of Thing devices, now even hackers have got choices to hack into connected things rather than old school smartphones and laptops.
A group researchers (yeah, white hat hackers) were able to hack into the system of Tesla Model S car and gain access to infotainment system of cars which is equivalent to all the user accessible functions via touch screen and smart phones. The six vulnerabilities discovered were reported to Tesla who then released over-the air- patch on Wednesday to all its customers to fix the issues.
Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards,
a Tesla spokeswoman said.
Lookout’s research was a result of physically being in Model S to test for vulnerabilities. We’ve already developed an update for the vulnerabilities they surfaced which was made available to all Model S customers through an OTA update that has been to deployed to all vehicles.
Researchers namely Kevin Mahaffey, co-founder of the security firm Lookout, and Marc Rogers, principal security researcher at CloudFlare have been working with Tesla for over last two years to improve upon the security system. The primary aim of their research was to find out the major strengths and shortcomings of security in Tesla cars in order to benefit the other wide range of cars to have better security.
In their recent hack, they reported that they were able to connect their laptops into a network cable behind a Model S’ driver’s-side which is usually hidden and used for maintenance purposes and tricked the system into believing that laptop was the car itself thereby gaining full access to the system. “We spoke to Tesla as the car, and essentially requested permission for more information,” Rogers said. “Once we had that foothold, we then took over all the computers in the car.”
They were also able to plant a trozen into the system which gave them remote access to many functions, the most important being able to stop the car remotely. However, the company’s security system did allow stopping the car safely in event of sudden power cut. So, if the car is travelling at a speed lower than 5 miles, the emergency hand brakes can be controlled to halt the car immediately while at higher speeds, the system shuts off the engine and allows the user to control steering and braking to eventually stop the car “gracefully”.
In addition to it, hackers can also remotely make changes in the information regarding speed displayed on the screen, open and close windows, lock and unlock doors and raise and lower the suspension. They reported their findings to Tesla who then invited them to a meeting to discuss the problems and solutions and later released OTA patch to all their customers.
Tesla is one of the first companies to use such kinda OTA update which is very efficient and fast. Recently in a similar but more serious hack into the system of Fiat Chrysler jeep, the company had to ship 1.4 million USB sticks to all the affected owners who then manually updated the system. “In order to realistically patch vulnerabilities at the frequency they are discovered, manufacturers must implement an over-the-air patching system into every connected car. We are happy to report that Tesla has built such a system,” Mahaffey said in his blog.
At the same time, the researchers also hailed Tesla as one the most “security focused company on the market” despite their hack into their system particularly commending the stopping system of car in event of power failure.
That in itself I think is a huge achievement that I’d like to call Tesla out for,
This is a directly contrasting story to the Jeep story… Tesla had actually thought about the ramifications about what might happen and had designed the car to handle it gracefully and be safe… in such a way that catastrophic [failure] would not happen.
Mahaffey further went on saying in his blog post,
Our research confirmed that Tesla indeed made a number of excellent security decisions in the design of Tesla Model S. It also, however, has a number of areas where we believe Tesla can improve. Overall, I feel more secure driving in a Tesla Model S than any other connected car on the road.
Both researchers are going to give a demo of their recent findings and present their research at the Defcon hacker conference in Las Vegas, Nevada.