Copyright © 2015 Bold Ride LLC.
“We took a bunch of relatively innocuous vulnerabilities you wouldn’t think very much about,” said Rogers, “and by chaining them together and by using each one of them to leverage our ability to gain a bit more access, we were able to go deeper and deeper and deeper into the car until eventually we gained full control of the entertainment system…”
What they also found out, was that the Model S infotainment system wasn’t so “advanced” after all. It was running a four-year-old Apple WebKit browser that could potentially lead to others finding ways of fully remote-hacking the vehicle and cutting the motor (e.g.–Malicious software on a site accessed from the vehicle). Good news is, Tesla isn’t taking this lightly.
While FCA has issued a recall of 1.4 million vehicles surrounding its hacking troubles, Tesla is working with researchers to fix the issue remotely. After several weeks of research, Tesla and engineers were able to find six areas of vulnerability, to which they distributed patches on Wednesday to every Model S on the road to ensure it fixes the issue.
“Tesla has taken a number of different measures to address the effects of all six vulnerabilities reported by [the researchers],” a Tesla spokesperson told Wired. “In particular, the path that the team used to achieve root (superuser) privileges on the infotainment system has been closed off at several different points.”
Mahaffey and Rogers will report more in detail on their findings this Friday at the Def Con hacker conference in Las Vegas, and will continue to work with Tesla—along with newly-hired, former Google Chrome security expert Chris Evans—on further securing the Model S and future vehicles from possible hackers.
Even after all the findings, Mahaffey said of the Model S, “It still the most secure car that we’ve seen.”