Tesla Joins Chrysler, General Motors on Car Hack List

It seems car hacking is the latest pastime. The Tesla Model S is the most recent example of a car with flaws in its computer software that could put drivers in danger.

Kevin Mahaffey, co-founder and CTO of cybersecurity startup Lookout, and Marc Rogers, a security researcher at hacker protection firm CloudFlare, plan to show the world how hackers can remotely hijack the vehicle at the Def Con hacking conference in Las Vegas Friday. Apparently, anybody who has physical access to the interior of the Model S can inject malware into the system that gives that individual complete control.

EUWe identified six vulnerabilities in the Model S that ultimately resulted in the ability to, with initial physical access to the car, gain full control over the vehicleEUs infotainment system and be able to perform any action accessible to the center touch screen or TeslaEUs smartphone app,EU Mahaffey explained. EUIn one case, we were able to turn off the car while it was driving.EU

Over-the-Air Patching

Connected cars are effectively computers on wheels, Mahaffey said. To realistically patch vulnerabilities at the frequency they are discovered -- instead of issuing a mass recall like Chrysler did -- manufacturers need to implement over-the-air patching systems into every connected car, he said. Tesla has such a system.

EUIn the past, security teams relied on a EUperimeterEU security architecture to protect their systems. That is to say, hard on the outside and soft and chewy on the inside,EU Mahaffey said.

EUAs the story went, if you kept attackers outside the gates, you didnEUt have to worry so much about protecting the systems inside the gates," he said. "Time has proven, however, that itEUs practically impossible to completely prevent attackers from getting inside the perimeter. There are simply too many vectors to defend.EU

WhatEUs the Answer?

Chrysler, General Motors and now Tesla...

Comments are closed.