Tesla Issues OTA Update to Model S for Security Flaws Found by Hackers

7 Aug 2015 | Author: | No comments yet »

Researchers hack & remotely control Tesla Model S, inform manufacturer to fix bugs.

Tesla Motors Inc said it has sent a software patch to address security flaws in the Tesla Model S sedan that could allow hackers to take control of the vehicle. Software vulnerabilities in Tesla’s Model S cars have allowed cybersecurity experts to completely take over the vehicle’s electronic system and even shut down the car remotely.A month after a Jeep Cherokee made headlines for being hacked on the highway – prompting the company to recall 1.4 million vehicles – experts are asking how best to make the modern automobile more secure. Kevin Mahaffey, chief technology officer of cybersecurity firm Lookout, and Marc Rogers, principal security researcher at Cloudflare, said they decided to hack a Tesla car because the company has a reputation for understanding software that is better than that of most automakers, the FT said. “We shut the car down when it was driving initially at a low speed of five miles per hour,” the newspaper quoted Rogers as saying. “All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop.” “Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards,” the automaker said.

Using the hidden cable installed in Tesla cars for maintenance and technicians to fix flaws, the security experts were able to search for flaws in software. Once gaining access, the team was able to work through the entertainment system and connect to the Model S’s main control, allowing them to stop the vehicle. The cybersecurity analysts built themselves a backdoor to perform any action available to the car’s owner via the Tesla’s s touch screen or smartphone app. Mahaffey noted in his post that Tesla did include several security measures that made the process difficult, and in many ways, the company is doing more to focus on cybersecurity for what has essentially become “rolling computers.” For example, the car would not come to an immediate stop unless it was traveling at 5 m.p.h. or less.

At higher speeds, the vehicle shuts off its engine but “gracefully” allows drivers to control steering and braking before the car eventually stops. The computer experts were also able to control the speedometer to display the wrong speed, lower and raise the windows, lock and unlock the $100,000 car. While direct access to the vehicle was required to perform the hack, Rogers and Mahaffey still warn that hackers could eventually compromise a driver’s safety. “Attackers may compromise the browser in a vehicle’s infotainment system in order to get access to the more dangerous vehicle drive systems—brakes, steering, acceleration, etc,” they warned. They were later invited to a meeting to explain their findings. “In order to realistically patch vulnerabilities at the frequency they are discovered, manufacturers must implement an over-the-air patching system into every connected car. Though Fiat Chrysler responded to its vehicle’s vulnerability with a 1.4 million vehicle recall – which essentially became a 1.4 million USB stick distribution – Tesla released a patch to fix the issue on Thursday.

This is the difference between Tesla and Chrysler, and something that more car manufacturers are looking to tackle: by treating constantly connected vehicles the same way companies treat computers and software issues, danger can be avoided and the company can save money. Despite unveiling security risks in the car, Mahaffey and Rogers “confirmed that Tesla indeed made a number of excellent security decisions in the design of Tesla Model S.” But if a malicious hacker gains control of a vehicle traveling on a crowded highway or pedestrian-clad street, more than just personal information could be at risk.

Here you can write a commentary on the recording "Tesla Issues OTA Update to Model S for Security Flaws Found by Hackers".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

About this site