August 10, 2015

Tesla Model S being hacked and patched blazing-fast

News

If hacking were high fashion, this season’s hot trend would be car hacking. Shortly after researchers Charlie Miller and Chris Valasek revealed details on Jeep Cherokee’s breach, another team managed to take over a Tesla Model S electric car.

Co-founder and CTO of mobile security firm Lookout Kevin Mahaffey and his partner Marc Rogers, principal security researcher for CloudFlare, found six vulnerabilities in the car’s systems and collaborated with the Tesla Company for several weeks to create fixes.

DEF CON 23: Researchers hack Tesla S — the company patches cars quickly

Though the patches have been revealed, the incident is already notorious. Security holes allowed a criminal take a PC, physically connect it to the Ethernet network inside of a car and use a software command to dash away — also time to say “goodbye” to your $100,000 vehicle. Alternatively, malefactors could infect the system with a Trojan, which would let them cut an engine remotely, with a person driving the car.

DEF CON 23: Researchers hack Tesla S — the company patches cars quickly

Testing potential threats, researchers gained full control of the entertainment system. They could open and closed windows, lock and unlock doors, raise and lower the suspension and cut power to the car.

Still, Tesla did not make the same mistakes Chrysler did. Its cars are equipped with a system that activates the hand brake if a power is cut in a moving vehicle.

At the speed less than 8 km/h (~4 mph) the car would lurch until it stops; for higher speeds the company has taken special precautions. During the test on high speeds, the car went neutral while the driver retained control of the steering and brakes and was able to pull the car over. The airbags also remained fully functional.

In the similar situation Chrysler had to recall 1.4 million cars for emergency security patches while Tesla Motors got away with over-the-air patching. Ironically, some car companies provide security patches quicker, than many manufacturers of our smartphones.

“If you have a good patch process, it can solve a lot of problems. If you look at a modern car, it’s running a lot of software and it needs to be patched as frequently or sometimes even more frequently than a PC, and if you have to bring your car into a dealership every week or every month, that’s just a pain in the ass. I think every car in the world should have [an OTA process] if they’re connected to the internet,”commented Mahaffey to Wired.

DEF CON 23: Researchers hack Tesla S — the company patches cars quickly

Mahaffey and Rogers are going to continue their collaboration with Tesla on improving security of its vehicles. It’s also reported that the company has also hired a new respected engineer from Google: Chris Evans will be the head of Tesla Motors security team.