Tesla has rushed out a software patch to fix a series of security problems that allowed hackers to take control of one of its Model S sedans.
The announcement is the latest in a swift series of developing involving automotive cybersecurity. While experts have been warning about the potential risks for several years, the issue came to the forefront last month when a pair of hackers remotely gained control of a Jeep Cherokee and were able to send it spinning out of control and into a ditch.
Tesla presents a particularly tempting target for hackers, several experts have told TheDetroitBureau.com, not only because of its high-tech image but, perhaps more importantly, its use of wireless communications to send software updates to its vehicles. The maker used that path to patch the newly discovered security flaws.
(Tesla disappoints with 2nd-quarter earnings news. Click Here to find out why.)
According to a report in the Financial Times, a pair of cybersecurity experts took control of a Model S sedan and were able to shut the vehicle off while it was being driven. They claim to have identified six separate vulnerabilities.
“We shut the car down when it was driving initially at a low speed of five miles per hour,” Marc Roger, principal security researcher at Cloudfare told the FT. “All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop.”
Rogers took on the challenge along with Kevin Mahaffey, the chief technology officer at cybersecurity firm Lookout.
Tesla later confirmed that its cars had “vulnerabilities,” which it addressed through a wireless update, though the company insisted that the two hackers were not able to shut the Model S off remotely, but only from inside the vehicle.
Nonetheless, “Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards,” the automaker said.
The two cybersecurity experts plan to detail their efforts at the DefCon security and hacking convention in Las Vegas today. That same event will be used to reveal some of the tricks developed by the hackers who attacked the Jeep Cherokee.
(Electronics maker claims hacking problem with Jeep not widespread. Click Here for the story.)
That incident led to the recall of 1.4 million vehicles – and an investigation by the National Highway Traffic Safety Administration. NHTSA Administrator Mark Rosekind last month said that hacking is becoming a serious concern for the safety agency. That has been echoed by other experts, both in and outside the auto industry.
In recent months, a number of other manufacturers have either been attacked by hackers or shown to be vulnerable to cybersecurity attacks. Last February, BMW issued an update covering 2.2 million BMW, Rolls-Royce and Mini models after ADAC, the German equivalent of the AAA, found that hackers could conceivably create a fake phone network that the vehicle would attempt to connect with. At that point, a hacker could gain access to the SIM card and begin to access some vehicle functions.
Earlier this week, reports surfaced claiming hackers could gain control of General Motors vehicles equipped with its OnStar telematics system. The maker said it has fixed one problem and is working to address another.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” New York Sen. Edward Markey warned earlier this year.
(Hacking is becoming an increasing threat to American motorists, Click Here for the story.)