Tesla Shows Off Scary Snake-Like Automatic Charger

7 Aug 2015 | Author: | No comments yet »

Researchers Hack A Model S, Tesla Sends Out Over-The-Air Fix.

Tesla has issued a security update to its Model S car after security researchers discovered six flaws that allowed them to control its entertainment software and hijack the vehicle.After it was announced last week that cars from both Chrysler and GM had major security vulnerabilities, two security researchers announced that they had figured out a way to take control of certain components inside Tesla’s flagship Model S line, according to the Financial Times. With access to the entertainment software, Kevin Mahaffey, CTO of security startup Lookout, and Marc Rogers, a security researcher at CloudFlare, turned off the engine while a person was driving, changed the speed and map information displayed on the touchscreen, opened and closed the trunk and controlled the radio. After physically connecting a computer to the car via an ethernet cable, Mahaffey and Rogers had access to certain systems in the car, and were also able to leave behind a Trojan Horse to allow for remote-access.

But the so-called “white hat” hackers, who probe internet-connected devices to try to push companies to improve security, still found vulnerabilities. The most notable exploit discovered by the researchers was the ability to turn off a Model S, which if going under 5 MPH, would initiate the brake and cause the car to suddenly stop.

The hack on the Tesla car, to be detailed on at the cyber security conference Def Con in Las Vegas on Friday, is the latest in a series of vulnerabilities discovered in connected cars. However, if turned off while traveling faster than 5 MPH, the car just switched to neutral, leaving the ability for a driver to presumably safely navigate to the side of the road. The bright side is that both researchers have been working with Tesla for several weeks on software fixes, and today the company rolled out an OTA (over the air) update to automatically update the car’s software, which will patch these vulnerabilities. Any software program can be hacked and the assumption is hackers will be able to eventually remotely attack a car’s entertainment applications, Mahaffey said.

The company’s method of wireless updates lets them push new software to their cars over Wi-Fi or cellular connection, which is still a new experience for the automotive industry. One way to bolster a car’s security is by increasing the protection around individual components, and that way preventing a hacker from using one compromised system to access another. This technically means that some of Chrysler’s cars will still be vulnerable to remote takeover until all 1.4 million owners manually plug in the drives.

As more vulnerabilities are discovered in car systems, expect to see automotive manufacturers place a higher priority on things like information security and vulnerability testing. Mahaffey would like other automotive manufacturers to fix security flaws by delivering updates over the air, instead of slower, traditional mass repair methods like recalls. “Your car today has more in common with a laptop than a Model T,” he said, adding that cars will need to be patched more quickly than a piece of computer hardware.

Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards. U.S. legislators have taken an interest in this issue and have proposed regulations that would force manufacturers to better protect vehicles from hackers. Mr Mahaffey called on car companies to create an “over the air update” process, to install strong separation between the internet-connected entertainment network and the systems that control driving and ensure strong security on each element of the car.

Here you can write a commentary on the recording "Tesla Shows Off Scary Snake-Like Automatic Charger".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

About this site