The hackers claim they were able to shut down a Tesla Model S driving at low speeds.
Tesla has rushed out a software patch to fix a series of security problems that allowed hackers to take control of one of its Model S sedans.
The announcement is the latest in a swift series of developing involving automotive cybersecurity. While experts have been warning about the potential risks for several years, the issue came to the forefront last month when a pair of hackers remotely gained control of a Jeep Cherokee and were able to send it spinning out of control and into a ditch.
Tesla presents a particularly tempting target for hackers, several experts have told TheDetroitBureau.com, not only because of its high-tech image but, perhaps more importantly, its use of wireless communications to send software updates to its vehicles. The maker used that path to patch the newly discovered security flaws.
(Tesla disappoints with 2nd-quarter earnings news. Click Here to find out why.)
According to a report in the Financial Times, a pair of cybersecurity experts took control of a Model S sedan and were able to shut the vehicle off while it was being driven. They claim to have identified six separate vulnerabilities.
“We shut the car down when it was driving initially at a low speed of five miles per hour,” Marc Roger, principal security researcher at Cloudfare told the FT. “All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop.”
The Tesla Model S is particularly high-tech, with a large videoscreen controlling most vehicle functions.
Rogers took on the challenge along with Kevin Mahaffey, the chief technology officer at cybersecurity firm Lookout.
Tesla later confirmed that its cars had “vulnerabilities,” which it addressed through a wireless update, though the company insisted that the two hackers were not able to shut the Model S off remotely, but only from inside the vehicle.
Nonetheless, “Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards,” the automaker said.
The two cybersecurity experts plan to detail their efforts at the DefCon security and hacking convention in Las Vegas today. That same event will be used to reveal some of the tricks developed by the hackers who attacked the Jeep Cherokee.
(Electronics maker claims hacking problem with Jeep not widespread. Click Here for the story.)
That incident led to the recall of 1.4 million vehicles – and an investigation by the National Highway Traffic Safety Administration. NHTSA Administrator Mark Rosekind last month said that hacking is becoming a serious concern for the safety agency. That has been echoed by other experts, both in and outside the auto industry.
In recent months, a number of other manufacturers have either been attacked by hackers or shown to be vulnerable to cybersecurity attacks. Last February, BMW issued an update covering 2.2 million BMW, Rolls-Royce and Mini models after ADAC, the German equivalent of the AAA, found that hackers could conceivably create a fake phone network that the vehicle would attempt to connect with. At that point, a hacker could gain access to the SIM card and begin to access some vehicle functions.
Earlier this week, reports surfaced claiming hackers could gain control of General Motors vehicles equipped with its OnStar telematics system. The maker said it has fixed one problem and is working to address another.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” New York Sen. Edward Markey warned earlier this year.
(Hacking is becoming an increasing threat to American motorists, Click Here for the story.)
Gee, what a surprise when Elon Musk assured the public how secure their products were. It amazes me that the general public has no understanding that for all practical purposes there currently is little to no effective security for anything that connects to the Internet. Purveyors of said products are dumping half-baked crap into the marketplace without any concerns regarding public or personal consumer safety.
This is precisely why the rush-to-market mentality over AVs is a disaster waiting to happen. And when it does happen people will ask how it could possibly have happened. Negligence is how it happens in a world driven by financial greed. This is another area where the paid liars will reap fortunes though there will be many bogus claims along with a few legitimate ones.
So I see the members of the flat earth club are standing around the campfire chanting about the sky falling. First it should be pointed out that the hackers were in the vehicle,with equipment that joe public doesnt pack around. The only half baked is the critics of technology that has been around for over 30 years in automotive and equipment in manfacturing.
When the lunar module landed on the moon the first time there was only about 100 people who understood how the landing analog computer worked. Forward to today with millions of vehicles with computer controlled everything and the thousands of programers and now mechanics understanding and working on them. And you wonder about those that whine about technology are the keepers of the flat earth herd mentality. Always using fear scare tactics. The reality is when mechanical mechanisms is replaced with electronics and computers reliability goes up often 100%!
DWH, recall how recently the general consensus was that Apple computers couldn’t/wouldn’t be hacked. The most immediate issue is NOT what it took THIS time to crack the code on a Tesla but that it could be done, much as with the BMW hack, the Jeep hack, the OnStar hack, and so on. Until relatively recently, many in the auto industry took this issue to be insignificant and something that was always year away. The fact is that there are increasing paths into the vehicle, both wired and wireless, and as the first cracks are discovered the hackers will get smarter, faster and more dangerous.
Does that mean stopping the use, or growth, of automotive tech? Of course not. It DOES serve as a severe and urgent warning that cybersecurity has to become a critical agenda item now, not after autonomous and semi-autonomous technologies become the norm. It also serves up a warning that the classic approach to cybersecurity, the use of anti-viral and anti-malware software, is likely not to be particularly effective. New approaches are needed and quickly. We’ve written about several promising alternatives.
Paul A. Eisenstein
Publisher, TheDetroitBureau.com
So you’re still in denial DWH even when reality bites you in the ass. It’s no surprise that you like many people simple can’t handle the TRUTH. The truth is hackers are YEARS ahead of the best security systems currently in existence and they are going to stay in front because some of the hackers are “white hats” by day and “black hats” by night.
In addition battery powered EVs will soon be replaced by hydrogen fuel cell vehicles. That is why you should run out and by an EV now as it will be suitable for an auto museum in just a few years. For a guy who talks smack about technology you don’t seem to even understand what is being said or where the industry is going.
Speaking of NASA and disasters caused by a rush-to-launch mentality… History has shown that people die including American astronauts when certain managers place more importance on meeting launch schedules than in the information from the engineers who advise that the booster rocket O-rings can’t function properly at the low ambient launch temps they were being exposed to. Bad things happen when bad decisions are made to rush products out the door before they are properly tested and confirmed to be able to handle all critical issues safely.
BTW, hating on me makes you look ignorant when everyone else can see the facts for what they are. As I previously stated it’s not that we lack technology, we lack the proper application of said technology. That’s due to the rush-to-market for financial gain mentality. Just as it cost lives at NASA it will unnecessarily cost lives with AVs that are rushed to market without the proper security, mission critical controls, failsafe D/A dual inputs, etc. Elon Musk’s bragging about their product security illustrates that he is lacking in knowledge or integrity, perhaps both.
You might want to technically educate yourself and get off your high horse with the inappropriate flat earth comments. As previously advised I am a 30 veteran of the auto industry who has seen the good and the bad. I call it like it is, I don’t sugar coat it. It’s time that you learn that denial is not a river in Egypt.
Another week another hack. This will become commonplace soon no doubt.
Another day another disclosure of what I have been reporting for years, i.e. the lack of PC security and it impacts over 90% of all PCs in existence.
http://www.theinquirer.net/inquirer/news/2421402/serious-intel-cpu-security-exploit-spotted-in-old-x86-chips
DENIAL is not a river in Egypt.
I’ll bet some Tesla stockholders are not happy with the latest Model S security news and the losses that continue to mount at Tesla even with what some folks believe is creative accounting. Losing ~$4,000 per car and now starting new rebates of ~$2,000 or so per car in a dwindling EV market might cause some concern.
http://www.theregister.co.uk/2015/08/09/tesla_still_burning_cash_each_car_loses_4000/