Not even Ludicrous speed can outrun hackers. This week, researchers hacked into a Tesla Model S and were able to shut off the engine. Now Tesla is confirming the security issue and is sending a software patch to handle it.
“Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards,” states Tesla.
The software patch will be installed in cars over-the-air. The automaker also assures drivers that the research hackers did not shut off the vehicle remotely, but while inside the car. Nevertheless, researchers were able to shut off the engine at low speeds with the vehicle then safely shifting into neutral and allowing for the driver to safely stop.
However, the researchers were able to do other things remotely including locking and unlocking the doors, controlling the radio and touch screen display, and opening and closing the trunk.
The research was completed by Marc Rogers, of CloudFlare, and Kevin Mahaffey, of Lookout. In a blog post, Mahaffey notes that he and Rogers chose the Tesla S because it is built with software DNA from the start and was likely using software to make security decisions.
Their research successfully exposed six vulnerabilities in the Model S and also confirmed that the automaker had made some good security decisions in the software design of the S. The security issues that they exposed showed that after initial physical access to the car full control of the infotainment system could be breached remotely.
In his post, Mahaffey makes some suggestions for improving automotive cyber security including pointing out some of the things that Tesla did right. One of the things that he applauds Tesla for is for setting up a “gateway” between the vehicle network and the infotainment network. This creates an additional obstacle for hackers, but the gateways security also needs to be monitored.
Even though Roger and Mahaffey were successful in hacking the Model S, Mahaffey says, “I feel more secure driving in a Tesla Model S than any other connected car on the road.”
This research hack follows last month’s “friendly hacker” experiment on a Jeep Cherokee that resulted in the FCA recalling 1.4 million vehicles and releasing a software update.
Mahaffey and Rogers will present their full research at the Def Con hacking conference this week in Las Vegas.
Photo Credit: Tesla