In an earlier post from Black Hat, I discussed how car washes could be hacked. Today, we can remove the “wash” part and simply focus on the car. More specifically, Teslas.Researchers from Keen Lab hosted a session entitled Free-Fall: Hacking Tesla from Wireless to CAN Bus and outlined a series of hacks that they performed on a Tesla Model S (here is a story outlining the hacks) — and disclosed to Tesla in late 2016.
Similar to the research from the Jeep hackers, an outsider having ability to remotely control a moving car is something that should concern anyone who gets into a car on a daily basis. Although Tesla patched the initial vulnerabilities shared from Keen Labs within 10 days, team members did not rest on their laurels when presenting at the annual hacker conference in Las Vegas.
While on stage, Sen Nie, Ling Liu, and Yuefeng Du revealed that they had one more trick up their sleeve: vulnerabilities within the Tesla Model X. They said they were working with Tesla to fix the vulnerabilities and would not disclose how they hacked it, but they did show a proof of concept video as well as outlining the vulnerabilities that allowed them to remotely break a car while it was driving, opening the doors and trunk remotely as well as having some fun with the lights.
Anyone who follows Tesla closely knows that the company takes security extremely seriously. Earlier in July, Tesla CEO Elon Musk noted that one of his biggest fears was someone hacking into the company’s fleet of autonomous cars:
“We gotta make super sure that a fleet-wide [hack] is basically impossible and that if people are in the car, that they have override authority on whatever the car is doing. If the car is doing something wacky, you can press a button that no amount of software can override and ensure that you gain control of the vehicle and cut the link to the servers.”
Security is going to need to evolve along with the technological advances of the auto industry. We advise any owners of Teslas or other autos to keep up with security updates for their automobiles.
Of course, Tesla is not the only car that can be hacked. Cars are getting more and more connected, which means more electronics plus access to the Internet, which, in turn, means more opportunities to hack cars remotely. Modern cars need to be developed with security in mind, and that is something that has to be done by security professionals.
We at Kaspersky Lab take automotive security no less seriously. That’s why we are partnering with vendors from the automotive industry and installing secure KasperskyOS into car parts. It will help prevent the execution of anything that was not intended by the car manufacturer, thus making cars significantly more secure. We hope that you will soon see the results of those partnerships and the overall increase in automotive security.