Researchers Hacked a Model S, But Tesla’s Already Released a Patch
August 7, 2015
TESLA CARS HAVE one security advantage that a lot of other cars don’t: the electric vehicles are impervious to hot-wiring, so a thief can’t just break into your $100,000 vehicle, pop open the steering column, futz with some cables and drive off. But if he has a computer with him, he could “hot-wire” it another way.
Two researchers have found that they could plug their laptop into a network cable behind a Model S’ driver’s-side dashboard, start the car with a software command, and drive it. They could also plant a remote-access Trojan on the Model S’ network while they had physical access, then later remotely cut its engine while someone else was driving.
Kevin Mahaffey co-founder and CTO of mobile security firm Lookout and Marc Rogers, principal security researcher for CloudFlare, discovered the vulnerabilities after digging through the architecture of a Tesla Model S over a period of about two years and will be discussing their findings at the Def Con hacker conference on Friday in Las Vegas.
Both of these hacks require physical access to the car, at least initially, and they require control of the car’s infotainment system, which has the ability to start the car or cut power to it.
But they also found that the car’s infotainment system was using an out-of-date browser, which contained a four-year-old Apple WebKit vulnerability that could potentially let an attacker conduct a fully remote hack to start the car or cut the motor. Theoretically, an attacker could make a malicious web page, and if someone in a Tesla car visited the site, could gain access to the infotainment system. “From that point, you’d be able to use a privilege escalation vulnerability to gain additional access and do the other stuff that we described,” Rogers says. The WebKit vulnerability is a well-known and well-documented hole that has already been used by previous attackers to gain privileged access to other systems. Rogers and Mahaffey didn’t test this method of intrusion on the Tesla, but Rogers notes that finding a privilege escalation vulnerability isn’t out of the question. Tesla recently patched one in the Model S’ Ubuntu Linux operating system.
Read the rest of the story at wired.com