A potentially serious security flaw to do with Tesla cars has been discovered by researchers, which allowed them to assume control of the vehicle.

But the American car firm says it has now patched the vulnerability and pointed out that the hack was only possible as the researchers had access to the inside of the car.

Already Patched

The flaw was discovered by Kevin Mahaffey, CTO of cyber security firm Lookout, and Marc Rogers, principal security researcher at Cloudflare.

The car they chose to hack is arguably one of the most advanced in the world, the Tesla Model S salon which is always connected to the Internet. The researchers said they chose Tesla because it tends to understand software better than other car makers. The researchers presented their findings to the cyber security conference Def Con in Las Vegas on Friday.

The researchers said that they managed to take control of the car and turned it off at low speed. Apparently all the screens went blank, music was turned off, and the handbrake was applied when the attack was carried out, bringing the car to a halt.

Lookout’s Mahaffey confirmed in a blog posting that he and Rogers had discovered a total of six flaw in the Tesla car, but said that overall its security was very good.

And there are two bits of good news for Model S owners.

Firstly, the researchers had to be physically inside the vehicle, and secondly, Tesla confirmed that it has already issued a patch after it deployed an over-the-air update to address the vulnerabilities.

“Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating and updating our safeguards,” the car maker was reported as saying.

Car Security

Car makers are nowadays increasingly facing tech security issues with their vehicles, as more and more cars incorporate computer technology into their designs and become connected to the outside world.

Last year a group of hackers and security researchers known as “I Am The Cavalry”, urged attendees of the Def Con security conference in Las Vegas to sign an open letter encouraging carmakers to improve the security systems of their latest cars.

That call came because the security flaws are a very real threat. Last month Fiat and Chrysler recalled over million vehicles in the United States because of a security vulnerability.

And in February, BMW confirmed it had patched a serious security flaw that could have allowed hackers to seize control of some of its cars’ systems. That flaw could have allowed hackers to the open doors of 2.2 million Rolls-Royce, Mini and BMW vehicles. The flaw could also have allowed the hackers to access the onboard vehicle computer system, which manages everything from engines and brakes to air conditioning.

Prior to that in September last year, General Motors ramped up its protection from hackers when it hired a watchdog to maintain mobile system security and guide the company into the future.

And in April 2014, security researcher Nitesh Dhanjani warned that weaknesses in the way Tesla lets drivers control their cars could allow someone to easily open the doors.

In the driving seat about connected cars? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

38 mins ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

2 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

5 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

5 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

6 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

23 hours ago