A pair of researchers hacked a Tesla Model S and took control of the vehicle, giving us a glimpse of what skills car thieves might need in the future.
Researchers worked with Tesla to help improve the vehicle’s security, and the carmaker has already issued patches, Wired reports.
Marc Rogers, security researcher at CloudFlare, and Kevin Mahaffey, CTO of Lookout, discovered numerous security flaws in the vehicle. They could start the car by plugging a laptop into the dashboard, and remotely turn the car off while someone else was driving once they put a Trojan (a malicious computer program that seems innocuous in order to get a user to install it) on the car’s network.
Rogers and Mahaffey found a total of six security flaws, and according to Wired, Tesla issued fixes to every car on the road. Because Tesla can issue patches over-the-air, the carmaker doesn’t need to recall vehicles if there are security flaws.
Tesla’s patching methods are in stark contrast to other connected cars—last month, Fiat Chrysler recalled 1.4 million cars after researchers discovered a flaw in vehicles that let attackers take over cars remotely.
Though Tesla quickly patched these flaws, there are still questions about its security. As Wired explains:
The Model S has a 17-inch touchscreen that has two critical computer systems. One is an Ubuntu server responsible for driving the screen and running the browser; the other is a gateway system that talks to the car. The Tesla gateway and car interact through a vehicle API so that when a driver uses the touchscreen to change the car’s suspension, lock the doors, or engage its parking brake, the touchscreen communicates with the gateway through an API, and the gateway communicates with the car. The touchscreen never communicates directly with the car. “At least so our research has found so far,” Mahaffey says.
Vehicles that operate on software are still a fairly new phenomenon, and carmakers and drivers are still learning the dangers and how best to protect themselves—one installation of malicious software could be as dangerous as running a red light. Tesla dealt with these discoveries fairly quickly, but it’s likely news of hacks like this one will only increase as more computerized cars hit the streets.
Mahaffey and Rogers are presenting their findings at the Black Hat security conference in Las Vegas this week.
Photo via Janitors/Flickr (CC BY 2.0)