Tesla’s Model S is the latest car that can be hijacked by hackers. Luckily, in this case, it was white hat hackers who showed they can manipulate controls and Tesla has provided a fix for motorists.
The news comes just weeks after Fiat Chrysler began the recall of more than 1.4m cars in the US after security researchers revealed one of its cars could be hacked.
Kevin Mahaffey, co-founder and CTO of mobile security firm Lookout, and Marc Rogers, principal security researcher for CloudFlare, dug through the architecture of the US$100,000 Tesla Model S over a two-year period.
They found that it was possible to take control of the electric car’s main screen, manipulate the speedometer and even put on the handbrake if a car is going under 5Mph.
In Tesla’s defence, if the car is going faster than 5Mph safety features will only allow the hackers to put the car into neutral and the steering wheel will remain fully functional.
High-speed chase between carmakers and hackers
To the Elon Musk-owned company’s credit, it introduced a patch yesterday to fix these problems, but the development indicates the high-stakes game that car makers are playing against hackers.
The researchers, who will be presenting their findings at the Def Con hacker conference in Las Vegas today (7 August), said that, unlike the hacking of the Chrysler Jeep Cherokee, hacking the Tesla Model S required physical access to the car initially.
Once in they were able to take control of the car’s infotainment system, which has the ability to start the car and to cut power to it.
In effect, proving that the new generation of IT-centric cars are in effect giant smartphones or laptops; one of the ways into the infotainment system was a four-year-old Apple WebKit vulnerability.
By making a malicious web page, they were able to demonstrate that, in theory, by visiting this web page from within a Tesla car the infotainment system became vulnerable to attack.
However, unlike the Jeep Cherokee, which hackers were able to frighteningly take control of at high speed, the Tesla Model S safety features kicked in and the screen went blank, the car dropped to neutral and the driver maintained full control of the steering.
Tesla moved swiftly yesterday to issue a patch to fix the flaws, which drivers could download via Wi-Fi or cellular connection.
The development signals a worrying future for vehicles that are increasingly becoming festooned with the latest technology and shows that, just like with computers and smartphones, it will be a cat and mouse game between security and hackers.
With lives in the balance, the stakes could be very high.
Tesla Model S image via Shutterstock