Hackers prove how hard it is to hack a Tesla
Car hacking has been the story of the moment, with a lack of cybersecurity understanding evident among large automakers. Tesla, however, is a different case.
Security researchers Kevin Mahaffey and Marc Rogers gave a presentation at this year's Def Con hacking conference on how they were able to hack into a Tesla Model S and control its various functions, reports CNET. Their work proves how secure the Model S is compared with many other modern cars.
SEE ALSO: Elon Musk responds to question on Uber tie-up with six-second silence
Mahaffey and Rogers purchased a Model S for their research and began tearing apart its dashboard and centre console to find vulnerabilities. The first breakthrough came in the form of a file called carKeys.tar found on an SD card that housed the file system.
They hit many dead ends — the report notes 90% of their presentation was dedicated to the walls they ran into — until finding a mysterious Ethernet port that they used to access the car's network which allowed them to connect to Tesla's virtual private network (VPN).
With physical VPN access, the hackers downloaded and decompiled the car's firmware, pointing them in the direction of an insecure folder of passwords. The hackers then spoofed the Wi-Fi network at Tesla service centers (which the car is automatically designed to connect), giving them access to a piece of software called QtCarVehicle, which controls all the vehicle's functions.
To demonstrate, the hackers shut down a moving Model S at low speed.
Even if you're a Model S owner with extremely tech-savvy enemies, there's no need to be alarmed. Tesla was extremely quick in patching the vulnerability, and the hack requires taking a Model S apart and maintaining a physical connection with the ethernet port.
Mahaffey and Rogers of course proved a Model S is hackable, but they also proved how secure it is. Indeed, Mahaffey told Wired the Model S was "the most secure car that we've ever seen."
It's a great example of how different Tesla approaches car making to its traditional counterparts. The much-publicized hacks of Fiat Chrysler and GM vehicles pointed to a fundamental lack of cybersecurity understanding from automakers.
Fiat Chrysler knew about a major vulnerability for 18 months before notifying regulators and issuing a patch via mailed USB stick. Tesla issued an over-the-air update to Model S owners after working with the hackers for a few weeks, reports Wired.
What's more alarming is that traditional automakers are pushing to have the Digital Millennium Copyright Act (DMCA) laws apply to their vehicles, effectively outlawing the work of independent hacking researchers like Mahaffey and Rogers.
Tesla, by contrast, is not part of the consortium of automakers pushing for the DMCA. In addition, Telsa recently began a bug bounty program, which rewards independent hackers anywhere from $25-$10,000 for bringing a vulnerability to the company's attention.
As far as cybersecurity is concerned, Tesla seems to be leading the way among automakers. Of course, nothing is 100% secure and the Model S proves this, but cybersecurity is clearly a larger concern at Tesla than it is elsewhere.