Tesla has issued an urgent update to the software controlling virtually aspect of its high-tech battery-electric vehicles, a move triggered by reports that a Chinese security team had managed to hack into the Model S sedan’s control system.
Researchers from Keen Security Lab were able to take remote control of the vehicle from distances of up to 12 miles. They were able to take control of functions such as the vehicle’s brakes and windshield wipers.
The news only adds to growing concerns about automotive cybersecurity at a time when the industry is in the midst of what some are calling a “transportation revolution.” Just this week, federal regulators issued the first national guidelines for the development of autonomous and even more advanced driverless vehicles. Some observers fear hackers could make such vehicles a target for criminal efforts and even for terrorist activities.
Keen Security’s researchers took months to crack the code on Tesla’s software, and they noted that it wouldn’t be easy for malicious hackers to duplicate their feat. It would require a driver to inadvertently connect the vehicle to a malevolent WiFi hotspot and then use the vehicle’s onboard web browser. Nonetheless, were that to occur, it could give a hacker control of key vehicle functions, possibly causing a crash.
The project, which Keen documented in a video posted on YouTube, is similar to what happened when a security team hacked into a Jeep’s control software last year, remotely driving the vehicle into a ditch. Researchers have been able to hack into a number of other vehicles lately, though often to a lesser extent. One team showed how it would be possible to capture the codes used by Volkswagen’s wireless keyfobs to open a vehicle’s doors.
Meanwhile, police in Houston last month arrested two thieves who had been stealing Jeeps and other Fiat Chrysler products by hacking into the car with a laptop computer to duplicate the owner’s digital key.
(For more on the Jeep cyber-thefts, Click Here.)
Tesla provides a particularly tempting target, according to various cybersecurity experts who have talked to TheDetroitBureau.com, because of the very high-tech nature of its products. The Models S and X use a laptop computer-sized touchscreen to control virtually all vehicle functions.
Keen researchers advised the California carmaker before going public with their report, and the company said it has a policy to “engage with the security research community” to seek out and correct possible software vulnerabilities.
“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues,” Tesla said in a statement. “Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”
Tesla vehicles are equipped to take over-the-air, or OTA, updates of their software, something that makes it easier to ensure all vehicles are covered. OTA technology is expected to become even more common in the future as automakers adopt ever more high-tech control systems.
(Click Here for more on over-the-air updates.)
The automobile is rapidly becoming “a supercomputer on wheels,” according to Mark Rosekind, the administrator of the National Highway Traffic Safety Administration.
On Tuesday, NHTSA and the U.S. Department of Transportation issued the first federal guidelines for autonomous vehicles and cybersecurity was one of the key points covered by the new rules. The first semi-autonomous models are already on the road, including those using Tesla’s controversial Autopilot system. NHTSA is currently investigating a fatal Florida crash that may be the result of software flaws.
(For more on the new autonomous vehicle rules, Click Here.)
Nissan and several other automakers hope to have the first fully autonomous models in production by as early as 2020, and Ford last month said it would be building completely driverless vehicles for ride-sharing and delivery fleets by 2021.
And that raises even greater cybersecurity concerns, said Assistant U.S. Attorney General John Carlin, during the July cybersecurity summit.
The transportation industry is on the “cusp” of a major crisis said Carlin, stressing that “We can’t make the mistake of not designing in cybersecurity protection.”
(FCA launches “bug bounty” program to get help from “white hat” hackers. For more, Click Here.)