Follow by Email

Thursday, August 6, 2015

The Tesla Model S Has Been Hacked—But Tesla’s Already Fighting Back

Copyright © 2015 Bold Ride LLC.

Tesla Hacked 2

First FCA, then Chevrolet, and now Tesla. No automaker is safe at the hand of world-class hackers researchers. The advanced systems in today’s modern cars are making them easy targets, and not even Tesla—arguably one of the most technologically advanced automakers out there—can avoid being the latest victim.
According to a report from the Wall Street Journal, researchers Kevin Mahaffey and Marc Rogers, have found a way to non-remotely hack the Model S. They simply plug their laptop into a network cable behind the driver-side dashboard, and shut down the Tesla completely while driving. They do this by digging deep into the so-called “advanced” entertainment system.

“We took a bunch of relatively innocuous vulnerabilities you wouldn’t think very much about,” said Rogers, “and by chaining them together and by using each one of them to leverage our ability to gain a bit more access, we were able to go deeper and deeper and deeper into the car until eventually we gained full control of the entertainment system…”

Tesla Hacked

What they also found out, was that the Model S infotainment system wasn’t so “advanced” after all. It was running a four-year-old Apple WebKit browser that could potentially lead to others finding ways of fully remote-hacking the vehicle and cutting the motor (e.g.–Malicious software on a site accessed from the vehicle). Good news is, Tesla isn’t taking this lightly.

While FCA has issued a recall of 1.4 million vehicles surrounding its hacking troubles, Tesla is working with researchers to fix the issue remotely. After several weeks of research, Tesla and engineers were able to find six areas of vulnerability, to which they distributed patches on Wednesday to every Model S on the road to ensure it fixes the issue.

“Tesla has taken a number of different measures to address the effects of all six vulnerabilities reported by [the researchers],” a Tesla spokesperson told Wired. “In particular, the path that the team used to achieve root (superuser) privileges on the infotainment system has been closed off at several different points.”

Tesla Hacked 3

Mahaffey and Rogers will report more in detail on their findings this Friday at the Def Con hacker conference in Las Vegas, and will continue to work with Tesla—along with newly-hired, former Google Chrome security expert Chris Evans—on further securing the Model S and future vehicles from possible hackers.
Even after all the findings, Mahaffey said of the Model S, “It still the most secure car that we’ve seen.”