Photo: Catalin Garmacea
The recent Fiat Chrysler software vulnerability issue only added fuel to the hacking fire and after suppliers had claimed the issue was limited to FCA vehicles, one question was highlighted more than ever - is any car out there safe when it comes to cyber attacks?
Ironically, the answer points to what is probably the most connected cars you can buy in a showroom, the Tesla Model S. A pair of top-class professional, white hackers has recently managed to crack the Model S, but after meddling with its systems, they concluded the EV “is the only car that can protect itself against a successful cyber attack.”
Kevin Mahaffey, cyber security company Lookout co-founder and Marc Rogers, security researchers for content delivery network CloudFare were forced to turn to physical methods to hack the Tesla, as Forbes writes.
Their way in was an ethernet port found behind the dash on the driver’s side, which allowed the plug into the Model S’ CAN bus, the car’s controller area network. Even after establishing physical access, the job wasn’t easy, as they had to join four separate vulnerabilities to enter the infotainment system.
For instance, the hackers weren’t able to send the Tesla off the road, as it happened in the Jeep situation described in the intro. Yes, the two managed to kill the Model S, but the vehicle switched into neural, gradually coming to a halt in a way that would allow the driver to have control over the situation. Only under five mph would the car crawl to stop, but it would be easy to use the handbrake to control the situation.
Once they concluded the Tesla Model S is safe as far as the driving part is concerned, Mahaffey and Rogers successfully attempted to install malware into the Model S, which means they could’ve launched a remote attack at a later time if they wanted to.
The two hackers also found two additional browser vulnerabilities, but instead of pursuing this path, they decided to end their mission and communicate the results to Tesla.
Thanks to Tesla’s over-the-air updates, which makes the car’s software work just like that on your smartphone, the fixes are being delivered today.
Tesla is more willing than ever to deliver the maximum protection level to its customers, especially since the company is preparing to introduce a pair of features that are part of a larger autonomous driving scheme. We are talking about highway autosteer and parallel autopark, which will also come via a software update.
Kevin Mahaffey, cyber security company Lookout co-founder and Marc Rogers, security researchers for content delivery network CloudFare were forced to turn to physical methods to hack the Tesla, as Forbes writes.
Their way in was an ethernet port found behind the dash on the driver’s side, which allowed the plug into the Model S’ CAN bus, the car’s controller area network. Even after establishing physical access, the job wasn’t easy, as they had to join four separate vulnerabilities to enter the infotainment system.
The hackers were able to kill the car while on the move, but without disastrous effects
However, once inside the two moved away from the little operations, such as unlocking the doors, to shutting down the car while driving at speed. At this point, the hackers discovered Tesla’s security engineers had implemented hidden safety features.For instance, the hackers weren’t able to send the Tesla off the road, as it happened in the Jeep situation described in the intro. Yes, the two managed to kill the Model S, but the vehicle switched into neural, gradually coming to a halt in a way that would allow the driver to have control over the situation. Only under five mph would the car crawl to stop, but it would be easy to use the handbrake to control the situation.
Once they concluded the Tesla Model S is safe as far as the driving part is concerned, Mahaffey and Rogers successfully attempted to install malware into the Model S, which means they could’ve launched a remote attack at a later time if they wanted to.
The two hackers also found two additional browser vulnerabilities, but instead of pursuing this path, they decided to end their mission and communicate the results to Tesla.
Tesla has already solved the problem
The carmaker has already developed fixes for the total of six reported vulnerabilities.Thanks to Tesla’s over-the-air updates, which makes the car’s software work just like that on your smartphone, the fixes are being delivered today.
Tesla is more willing than ever to deliver the maximum protection level to its customers, especially since the company is preparing to introduce a pair of features that are part of a larger autonomous driving scheme. We are talking about highway autosteer and parallel autopark, which will also come via a software update.
Google News