At the Def Con hacker conference in Las Vegas on Friday, two researchers are expected to reveal that connecting a computer into Tesla's Model S will allow hackers to start the car, drive it, and force it to come to a stop and power down when someone else is behind the wheel.
Acting quickly to address the Model S's vulnerability to being hacked, Tesla said it will release the last of patches today, Aug. 6, to fix these issues.
The two researchers, Kevin Mahaffey and Marc Rogers, found a total of six vulnerabilities the Tesla car has, and have been working with the company over the past several weeks to help them develop the fixes.
Mahaffey, the CTO at the mobile security firm Lookout, and Rogers, the principal researcher at CloudFlare, found that the Model S can be hacked, but only when they directly connected a laptop to the car's computer. The Model S is equipped with two computer systems, the Ubuntu server for the car's touchscreen and a gateway system that communicates via API to the car.
After plugging a laptop into the network cable behind the dashboard on the driver's side of the Tesla, the researchers were able to plant a Trojan on the car's network which allowed them to later power down the engine once they were no longer physically connected. While someone is driving, hackers would be able to bring the Model S to a sudden stop if the driver is going less than 5 mph. If the car is moving at a higher speed, it will slowly reach a stop.
Hacking into the vehicle's entertainment system, the researchers were also able to lock and unlock the car's doors and open and close the windows.
Not only is Tesla's network vulnerable to attack, but the researchers also discovered the infotainment system browser in the car was outdated, which could be another way hackers could control the car remotely.
Tesla is able to address the vulnerabilities in a timely manner since the electric cars are always connected to the Internet, meaning an update is only a download away.
A Tesla spokeswoman told Wired the company has addressed the reported vulnerabilities in the patch, which includes separating the browser from the rest of the infotainment system, and having the system closed off at several points.
The ability to potentially hack a Tesla vehicle joins the recent reports of other cars being vulnerable to hacks as well. In July, two hackers were able to remotely control a Jeep Cherokee, which prompted Fiat Chrysler Automobiles to recall 1.4 million vehicles. Another researcher, Samy Kamkar recently revealed that he found he could remotely locate, unlock and start General Motors vehicles by intercepting OnStar RemoteLink commands using a device we made. Kamkar also is expected to reveal details about the GM hack at Def Con as well.
Via: Wall Street Journal
Photo: Joseph Thornton | Flickr