As the infamous hacker conference DEF CON is wrapping up its 23rd year in Las Vegas, news about interesting hacks are pouring in. One such big hack showcased at the event was the hacking of the famous automobile Tesla Model S. Researchers Kevin Mahaffey and Marc Rogers demonstrated the hack by tearing apart the car.
They showed that it is possible to remotely unlock the Model S’ doors, start the vehicle and drive away. They were also successful to issue a ‘kill’ command to Model S consequently shutting down the vehicle’s system, bringing it to a stop. They demonstrated the whole process at DEF CON.
They chose the Model S because according to them “Tesla Model S is an archetype for what cars will look like in the future.” According to the researchers, Model S is very well designed and secure as 40 minutes of their 50-minute talk was devoted to the many dead ends they ran into while trying to hack the vehicle. Despite the fact that they successfully compromised the vehicle, according to March Rogers, the Model S is one of the best cars in terms of security against digital attacks.
The researchers procured the car from a private party and then tore it down carefully, until they found an Ethernet port that let them connect directly to the Model S’ CAN bus, the controller area network across which car data is sent and received. They needed to chain four different vulnerabilities until they got access to the infotainment systems and the touchscreen used to control certain features of the car.
After doing that, they were well able to things like forcing speedometer to disappear, altering the suspension system, unlocking doors, making windows go up and down and also killing the car completely.
Although they got successful in hacking down the Tesla S’ system, the duo found out that the vehicle has a system to prevent even the most severe attack. The vehicle will stop in such cases thus preventing damage. Rogers said “Ironically, that means it’s the only car that can protect itself against a successful cyber attack.”
They were also successful in injecting malware onto the car’s network meaning they can attack the car remotely. Tesla later disputed the fact that the hackers were able to do remote attacks. This is not the first time the Model S has been targeted by hackers. A while back, Chinese researchers exploited the car for the $10,000 bounty.
Tesla acted quickly after they got information about the vulnerability and pushed required updates to patch the bugs demonstrated by the researchers. Tesla Motors Corp (NASDAQ:TSLA) is currently offering bounties of up to $10,000 for finding vulnerabilities in its system.
The over-the-air patch from Tesla went to all cars yesterday. Drivers just have to click yes to accept update – http://t.co/byVxGnrhnY
— Kim Zetter (@KimZetter) August 6, 2015
“Tesla has taken a number of different measures to address the effects of all six vulnerabilities reported by Lookout. And we continue to develop further ways to harden our systems, informed by ongoing discussions with the security research community, as well as our own internal analysis. The update has been made available to all Model S customers through an OTA update. We will deploy this update to all vehicles by Thursday.” a Tesla spokesperson said in a statement to Forbes.
Tesla Motors Corporation has also welcomed a reknowned Google engineer Chris Evans to lead its security team.
I’m very excited to soon be joining @TeslaMotors to lead security.
— Chris Evans (@scarybeasts) August 5, 2015