Tesla: Model S software update will patch flaws exposed by hackers

Researchers took control of a Tesla Model S electric car and switched it off while the car was running at low speeds. Tesla has already issued a patch, the company said, and all Tesla owners will be able to update their cars today. 

|
Jeff Chiu/AP/File
A Tesla vehicle is parked at a charging station outside of the Tesla factory in Fremont, Calif.

Fiat Chrysler Automobiles has come under intense public scrutiny after a pair of hackers took control of a Jeep Cherokee remotely through its Uconnect infotainment system and disabled certain features, including its brakes and transmission.

Publicity around that vulnerability quickly led the company to recall 1.4 million vehicles for a fix, under strong pressure from the National Highway Traffic Safety Administration (NHTSA).

Now, it's Tesla's turn.

According to a report in Britain's Financial Times, two hackers will explain tomorrow at the DefCon conference in Las Vegas how they took control of a Tesla Model S electric car and switched it off while the car was running at low speeds.

The article says that a pair of "white-hat" researchers--Kevin Mahaffey, chief technology officer of Lookout, and Marc Rogers, principal security researcher at Cloudflare--identified a collection of six security flaws that permitted the hack.

They decided to target Tesla, they said, because of its reputation as a software-centric company--which might mean its software would be less vulnerable than that of legacy automakers.

 As it turned out, Tesla's Silicon Valley origins were apparently not enough to produce entirely secure vehicle control software.

White-hat hackers are those who search for security flaws in order to push companies to fix them and focus more intently on preventing such flaws in the future.

They contrast to "black-hat" hackers whose goals are malicious, destructive, and sometimes criminal.

Mahaffey and Rogers acknowledged that they first had to gain physical access to the Tesla in order to accomplish their hack, requiring a physical connection via Ethernet cable that then allowed them to access the Model S remotely. 

According to the FT, the pair was able to "manipulate the speedometer to show the wrong speed, lower and raise the windows, lock and unlock the car and turn the car on or off."

At low speeds--5 mph or less--they were able to shut the car down, which turned all the instruments and displays black and engaged the emergency brake--dragging the car to a stop.

At speeds higher than that, however, while the screens went blank and the car's electric drive disengaged, the Tesla continued to offer power steering to the driver, who could steer it safely to the roadside.

Tesla has already issued a patch, the company said, and all Tesla owners will be able to update their cars by today (Thursday, August 6, 2015).

The researchers complimented Tesla for being able to update its control software so quickly via its unique "over-the-air software update" capability, built into all Model S cars since the start of production in June 2012.

Vehicles built by conventional carmakers do not offer that ability; they must be brought into the dealer to change their software, with a few makers offering an exception for non-critical updates to infotainment systems that owners can install via USB drive.

UPDATE: Green Car Reports reached out to Tesla Motors, which provided the following comment:

Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards. Lookout's research was a result of physically being in Model S to test for vulnerabilities.

We've already developed an update for the vulnerabilities they surfaced which was made available to all Model S customers through an over-the-air update that has been to deployed to all vehicles.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Tesla: Model S software update will patch flaws exposed by hackers
Read this article in
https://www.csmonitor.com/Business/In-Gear/2015/0806/Tesla-Model-S-software-update-will-patch-flaws-exposed-by-hackers
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe