GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
CALIFORNIA – Silicon Valley electric automaker Tesla Motors (NASDAQ: TSLA) reported on Tuesday that it has delivered a software patch to fight against hackers who have wanted to take charge of the Tesla Model S.
Kevin Mahaffey, co-founder and CTO of mobile security firm Lookout, and Marc Rogers, principal security researcher for CloudFlare, found six key weaknesses in the Model S early this week ahead of a presentation on Friday at the Def Con hackers conference in Las Vegas. However, users do not have to worry for it did not take long until the company recalled for a fix.
Tesla has a characteristic that can be a model for other automakers: it has the ability to update owner’s vehicles and send a quick fix over the internet. Researches also emphasize that to hack a Model S vehicle, the hacker must be close to it, which makes it difficult for them to hack over the airwaves.
“In order to realistically patch vulnerabilities at the frequency they are discovered, manufacturers must implement an over-the-air patching system into every connected car,” Mahaffey posted on his blog. “When a manufacturer realizes that a software vulnerability affects their vehicles, they can deploy a patch immediately in a matter of days without the owner having to return to a dealership, receive a USB drive in the mail, or have their car completely recalled.”
On the tests Mahaffey and Roger applied on the Model S, they were able to control speedometer to display the wrong speed, lock and unlock the vehicle, and lower and raise the windows.
This is a common problem known in the cybersecurity community. Just last month, Fiat Chrysler Automobiles was told to recall about 1.4m vehicles to update software after researchers remotely hacked a Jeep Cherokee travelling at 70 miles per hour and caused it to run off a freeway in a demonstration for Wired. The automaker patched its software by mailing out USB drives to be plugged into vehicles.
However, that hack worked by scanning a cellular network to locate and disable Jeeps, a more dangerous method that the one used in the Tesla’s hack, in which the researches had to have physical access to tamper with the car’s electronics.
The company said drivers will be able to download the updates via Wi-Fi or a cellular connection. In order to stop the vehicle completely, the pair plugged a laptop into a network access port located behind the Model S’ dashboard. Publicity around that vulnerability quickly led the company to recall 1.4 million vehicles for a fix, under strong pressure from the National Highway Traffic Safety Administration (NHTSA).