Two security researchers have found six ways to hack a Tesla Model S, according to Wired. But by today, those six techniques will not work.
The two “white hat” hackers, Kevin Mahaffey co-founder of security firm Lookout and Marc Rogers, CloudFlare’s principal security researcher, needed to gain physical access to an ethernet port behind the driver-side dashboard in order to control the car—a stark difference from the wirelessly-hacked Jeep that caused a 1.4 million car recall last month.
“It doesn’t immediately give you access to anything,” Rogers told NPR. “You have to do a few special things.”
Once physically connected, the researchers were able to plant a device that allowed remote control from a cell phone.
Tesla cars do have a number of built-in features that put them ahead of the competition in terms of security.
For one thing, they can update their firmware wirelessly. Fiat Chrysler, maker of the hacked Jeep, had to physically send USB sticks with the software to certain car owners after security concerns. Tesla’s ability to instantly patch their cars’ software makes them adaptable to software breaches when uncovered. The car company has already patched their fleet against the security flaws found by Mahaffey and Rogers. Because the company sends signed packages (ensuring it’s sent by Tesla, the same process used on smartphone app stores), the data is able to be authenticated by the car and the server. Wireless communication will never be flawless, but it seems Tesla is wagering rapid updating is worth the potential risk.
The hacks themselves were varied; in one attempt, the hackers gained level after level of access to the car’s infotainment center, and were able to gain superuser access to that computer’s controls. They could unlock doors, open and close windows, and even shut down the car. (Tesla has thought out the remote kill procedure for the car. If the car is turned off going less than 5 mph, the handbrake is activated and the car lurches to a stop. If it’s traveling faster, the car is automatically put into neutral, so the driver can use the momentum to get to a safer place.)
The researchers also found four unsecured SD cards installed in the car that held the car’s virtual private network structure. This allowed them to mimic the car’s software and talk to Tesla’s main infrastructure.
Mahaffey told Wired that the Tesla Model S is still the “most secure car that we’ve seen.” Rogers agreed.
“Yes we found security issues, but we also found more defences than in any other car,” Rogers wrote.
The two researchers will work with Tesla to uncover further security flaws.