Chinese researchers gain access to software in a Tesla car

 

 

Researchers from Keen Security Lab have been able to remotely control various operational functions of a Tesla car while being driven, and from some distance away.

Since the ‘controlled-hack’ Tesla has updated its software to prevent any future manipulation of its cars.

This hack is worrying for three reasons.

First, it was conducted from a great distance – posing no risk to the hacker – and second, the hackers were able to gain near full control.

Third, the attack was conducted online via a web browser, and not as Tesla has previously suggested on a malicious Wi-Fi.

>See also: The future of driverless cars and data security

“The disclosure definitely is a cause for alarm as the attack definitely involved exploitation of a web browser leading to physical control over the car. Ideally these systems should be completely isolated from one another,” said Craig Young, security researcher at Tripwire.

During the experiment a Chinese researcher took control of a vehicle from the passenger seat, while someone else was behind the wheel. The security implications are severe, and even though the software has been updated, hacking threats will continue to evolve to bypass these improved operating systems.

“The problem,” said Mark James, security specialist at ESET, “is that delivering secure software is a constantly changing factor, what is considered secure today may not be secure tomorrow. The ability to modify and push our updates is very important, making sure the user is well aware of any updates and making it easy for them to be applied needs to be top of the list when it comes to protecting the users of these types of vehicles.”

>See also: Everything you need to know about car hacking

Tesla, however, do have the ability to provide automatic updates on their cars to address vulnerabilities, without owners needing to attend a dealership.

The ability to conduct over-the-air updates is hugely important, but whether they could be instigated in real-time to prevent an ongoing hack is the question that should be at the forefront of manufacturers minds.

Brian Spector, CEO at MIRACL, suggests “manufacturers should deploy a distributed trust model which allows for fast pre-authorisation, and removes the roadblock of a centralised service” to solve this problem of slow verification and update services, with the aim of connecting “the components more quickly and autonomously”.

 

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.

Related Topics

Driverless Cars
Hacking