Keen Security Lab researchers discover a cyber vulnerability in Tesla’s connected car
Hackers have sized control of a Tesla Model S from a distance of 12 miles, gaming access to the car’s brakes, locks, dashboard screen and other on-board electronics.
Luckily the hack attack was carried out by researchers from the Keen Security Lab in China as opposed to more malicious cyber criminals.
Through wireless connection, researchers Samuel LV, Sen Nie, Ling Liu and Wen Lu where able to access the car’s controller are network (CANbus), which connects all the electronic control units found on a car’s major components like its engine and transmission.
This allowed them to remotely tamper with the car’s controls, demonstrating vulnerabilities in the Tesla Model S P85 as well as the Model 75D.
The Tesla Model S features an on board Wi-Fi network which allows its software to be updated over-the-air. While this allows for new software features to be retrofitted into the car without its owner taking it into a dealer, the wireless network also opens an attack vector for hackers.
Tesla acknowledge the hack and according to Keen Security Lab, is in the process of addressing it. The car maker did tell Reuters that the hack only works when the Model S connects to a malicious Wi-Fi hotspot and a driver accesses the car’s web browser.
“Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly,” Tesla said.
With more cars gaining both Internet connectivity and more autonomous systems, the risk of car hacking can increase exponentially if the manufacturers and any software partners do not take appropriate action to ensure strong cyber security measures are in place.
Craig Young, security researcher at Tripwire, noted his concerns with such car hacks: “The disclosure definitely is a cause for alarm as the attack definitely involved exploitation of a web browser leading to physical control over the car. Ideally these systems should be completely isolated from one another.”
While Mark James, security specialist as ESET noted securing cars from hackers will be no easy task.
“The problem is that delivering secure software is a constantly changing factor, what is considered secure today may not be secure tomorrow. The ability to modify and push our updates is very important, making sure the user is well aware of any updates and making it easy for them to be applied needs to be top of the list when it comes to protecting the users of these types of vehicles,” he said.
With potential cyber threats for cars even coming from homemade laser pointers, it is no surprise the FBI has echoed its concerns over care becoming more vulnerable to hacks.
In the driving seat about connected cars? Take our quiz!