If hacking were high fashion, this season’s hot trend would be car hacking. Shortly after researchers Charlie Miller and Chris Valasek revealed details on Jeep Cherokee’s breach, another team managed to take over a Tesla Model S electric car.
#BlackHat 2015: The full story of how that Jeep was hacked https://t.co/y0d6k8UE4n #bhUSA pic.twitter.com/SWulPz4Et7
— Kaspersky Lab (@kaspersky) August 7, 2015
Co-founder and CTO of mobile security firm Lookout Kevin Mahaffey and his partner Marc Rogers, principal security researcher for CloudFlare, found six vulnerabilities in the car’s systems and collaborated with the Tesla Company for several weeks to create fixes.
Though the patches have been revealed, the incident is already notorious. Security holes allowed a criminal take a PC, physically connect it to the Ethernet network inside of a car and use a software command to dash away — also time to say “goodbye” to your $100,000 vehicle. Alternatively, malefactors could infect the system with a Trojan, which would let them cut an engine remotely, with a person driving the car.
Testing potential threats, researchers gained full control of the entertainment system. They could open and closed windows, lock and unlock doors, raise and lower the suspension and cut power to the car.
#Tesla Model S being #hacked and #patched blazing-fastTweet
Still, Tesla did not make the same mistakes Chrysler did. Its cars are equipped with a system that activates the hand brake if a power is cut in a moving vehicle.
ICYMI, researchers hacked a Model S, but Tesla’s already released a patch http://t.co/4fSC2tJSo8
— WIRED (@WIRED) August 6, 2015
At the speed less than 8 km/h (~4 mph) the car would lurch until it stops; for higher speeds the company has taken special precautions. During the test on high speeds, the car went neutral while the driver retained control of the steering and brakes and was able to pull the car over. The airbags also remained fully functional.
How the Jeep hack reveals Tesla’s biggest advantage http://t.co/Cs2e6USvvJ
— TIME.com (@TIME) August 7, 2015
In the similar situation Chrysler had to recall 1.4 million cars for emergency security patches while Tesla Motors got away with over-the-air patching. Ironically, some car companies provide security patches quicker, than many manufacturers of our smartphones.
The over-the-air patch from Tesla went to all cars yesterday. Drivers just have to click yes to accept update – http://t.co/byVxGnrhnY
— Kim Zetter (@KimZetter) August 6, 2015
“If you have a good patch process, it can solve a lot of problems. If you look at a modern car, it’s running a lot of software and it needs to be patched as frequently or sometimes even more frequently than a PC, and if you have to bring your car into a dealership every week or every month, that’s just a pain in the ass. I think every car in the world should have [an OTA process] if they’re connected to the internet,” — commented Mahaffey to Wired.
Mahaffey and Rogers are going to continue their collaboration with Tesla on improving security of its vehicles. It’s also reported that the company has also hired a new respected engineer from Google: Chris Evans will be the head of Tesla Motors security team.