On the heels of a report of hackers taking control of a Jeep Cherokee and messing with the vehicle’s control systems, comes word of hackers shutting down a Tesla Model S.
Information was presented by online and mobile security companies Cloudfare and Lookout at Defcon 23, the 2015 hackers’ conference in Las Vegas, about the Model S’s vulnerabilities in its highly automated systems.
Cloudfare’s Marc Rogers and Lookout’s Kevin Mahaffey highlighted several vulnerabilities in the Model S. They also pointed out that Tesla is one of the best car companies when it comes to tech security.
“From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla Model S work and most importantly how they can be hacked,” the pair stated in a pre-conference release.
The flaws allowed the pair to black out all the displays in the car, unlock doors, open and close windows, shut down the infotainment system and apply the electronic emergency brake, bringing the car to a standstill. They also noted that the car, under attack while it’s moving, will shift into neutral to allow the driver to pull over safely and restart it (reboot?).
Tesla, which for the second year was present at the conference, pointed out that the hacking didn’t happen from a remote connection. In fact, the hackers had to literally rip the interior apart to find an Ethernet port through which they could access the controller area network (CAN bus). They then had to chain vulnerabilities together to access the infotainment system and touchscreen that controls most vehicle functions. By gaining access to the onboard systems, the pair was also able to upload malware which could then allow the car to be controlled remotely.
For its part, Tesla wants to be involved with the hacker community, including recruiting hackers to help improve its security measures. The company has had a presence at Defcon for the past two years.
Tesla cars are particularly attractive to hackers because of their connectivity, including updating onboard software through mobile uploads.