As an acknowledged leader in the field of electric self-driving cars, California-based Tesla is the golden boy of the Golden State. But over the last couple of weeks, dazzling-white smiles have been thin on the ground at the American car maker. Hackers have revealed they could take over a Tesla’s brakes, open the boot and unlock doors, operate the indicators and even move the electrically adjusted seats.
The cyber attack was carried out remotely by Chinese hackers. Tesla has confirmed that it was informed of the vulnerability in its software and systems several weeks ago, and has subsequently issued updated software as a free download to all affected customers.
The American electric car manufacturer worked with Keen Security Lab, which approached Tesla after discovering the weak areas that led to the hack. Keen Security Lab is part of Tencent, one of the giants of China’s booming technology and communications industry.
How was the Tesla Model S ‘hacked’?
Operating remotely and without the car’s key, hackers managed to find a way into the car’s ‘CAN bus’ system. This controls the many gadgets and gizmos fitted to the Tesla. They managed it after the car was connected to a malicious wifi hotspot, allowing hackers access through the car’s web browser.
They managed to unlock the doors, open the boot, and even slam on the brakes while the car was being driven. By moving the electrically operated seats, they could also make it impossible for some drivers to reach the pedals. And in a final touch, they took control of the infotainment (navigation, audio and climate control) and instrument display screens.
What are the implications for drivers?
Many motorists will view this as all part and parcel of the growing pains of the next generation of semi- and fully-autonomous cars which use new technology to take on the task of driving on motorways or around towns.
Jim Holder, editorial director of consumer motoring titles including Autocar and What Car?, told the Green Flag Blog that while the growth of autonomous and connected car technology opens up consumers to the threat of hacking, car makers will race to stay ahead of cyber criminals as they seek to build consumer confidence in new technology.
“As with any new technology, it is open to being challenged and tested. And so far it appears that is what the various groups of hackers have been doing. They want publicity and notoriety – not fees or bribes.
“For as long as that is the case, it’s a good thing, as it forces the car companies to worker harder to stay ahead of the hackers. If they can’t prove that they can stay ahead of the hackers, then customer confidence in this new technology will always be low and the car makers won’t sell enough cars with the tech to justify the cost,” Holder said.
Is the Tesla Model S the first car to be hacked?
Tesla isn’t the first car maker to see one of its cars’ onboard computers broken into, and it won’t be the last. The most high profile case came in 2015, when American hackers Charlie Miller and Chris Valasek took control of a 2014 Jeep Cherokee and shut down its gearbox, causing the car to slow to a halt on an Interstate motorway. Chrysler subsequently recalled 1.4 million vehicles.
Charlie Miller told Wired: “When you lose faith that a car will do what you tell it to do, it really changes your whole view of how the thing works.”
Are all self-driving cars vulnerable to being hacked?
In a word, yes. Connected cars – that is to say cars that can connect to the Internet to offer online services – are flooding showrooms. And the FBI has issued warnings to drivers of the threat of hacking from downloading third party applications or software, or installing after-market devices into their cars. Either approach could make motorists susceptible to hacking or more traditional phishing scams, whereby criminals attempt to obtain credit card details or account details and passwords.
Some observers in the technology industry are fearful that we are on the verge of a new wave of politically activated or criminally minded cyber crime.
Unscrupulous firms may seek to damage the reputation of competitors, or criminals could demand ransoms from manufacturers or even individual drivers.
Brian Spector is the CEO of MIRACL, a security company specialising in cryptography. He said the complexity of modern cars is their undoing when it comes to hacking: “Given the huge number of components in connected cars, hackers usually find a pathway by following a ‘weakest link’ scenario which attacks the easiest point of entry to the vehicle. This problem is compounded by the array of parts that comprise a vehicle, and the lack of a security protocol that ensures they will all work together safely and securely.”