Security reseachers have hacked a Tesla Model S electric car allowing them to remotely shut off the car's systems. They did however praise the Elon Musk company for its security features and fail-safe measures.
This week at Def Con, Kevin Mahaffey from mobile security company Lookout and Marc Rogers from DDoS mitigation service CloudFlare unveiled their research into the vulnerabilities which affect Tesla's Model S electric car. With physical access to the target Model S, the researchers found six vulnerabilities through which they were able to exploit to gain root (administrator) access to the Model S' in-car entertainment systems.
While hot-wiring an electric car like the Model S is not possible, the researchers found that by plugging their laptop into the network cable behind the driver's side dashboard, they were able to start the car and drive it away. They also found that they were able to plant a remote access trojan to allow them subsequently remotely access the car's systems to start it or shut if off.
Having gained access to the in-car entertainment system, the researchers were able to escalate their privileges using a daisy chain attack and carry out actions like remotely lock and unlock the car, control the radio and screens, display any content on the screens (changing things like map displays and the speedometer), open and close the boot, and turn off the car systems.
Last month two security researchers showed how it was possible to remotely hack a Chrysler Jeep Cherokee and cut power to the engine, showcasing this ability by cutting the power while it was travelling at 70mph on a motorway.
In the case of the Tesla, the researchers found that while they were able to remotely turn off the car systems the failsafes built into the Model S made it much safer for drivers. Indeed Tesla has already patched all six vulnerabilities uncovered by the researchers.
While the researchers carried out the attack with physical access to the car, because one of the vulnerabilities was in an old version of Apple's WebKit, it is possible that a hacker could create a malicious website and if the Tesla owner visited that site on the car's system it could be taken over.
When turning off the car systems while the car was below five miles per hour or idling, the Mahaffey and Rogers were able to apply the emergency hand brake, which they say "is fairly limited in its repercussions".
However, if the car was going any speed above that they could cut power to the car, but the car would "gracefully fail", meaning it would allow the driver to safely brake and steer. "Tesla did a great job of ensuring that if anything went wrong with the internal systems, the consumer's safety was still preserved."
Despite the vulnerabilities the security researchers discovered, they also praised Tesla's approach to securing their vehicles: "Tesla takes a software-first approach to its cars, so it's no surprise that Tesla has key security features in place that minimised and contained the risk of the discovered vulnerabilities. These key security features include a good OTA patch process and system-level isolation between drive and entertainment systems. Tesla is also open to working with the security research community to find any vulnerabilities to ultimately make their cars safer for their consumers."
At a time when cars are becoming increasingly autonomous and connected, the dangers of them becoming targets of hackers and cybercriminals is increasing, and to this end Mahaffey and Rogers have addressed the wider automotive industry with what they see as best practices which should be implemented:
Set up an over-the-air update system - Auto manufacturers need to be able to push new firmware to cars and they ensure this process is smooth by enabling all cars to have a mobile network connection free of charge.
Have strong separation between drive and non-drive systems - Manufacturers must separate infotainment systems and the critical drive systems, tightly controlling communication between them, just as commercial airliners isolate inflight Wi-Fi networks from critical avionics systems. If any gateway between them exists, it must be heavily secured. Otherwise you're effectively saying the iPhone connector and the brakes are of the same safety concern.
Secure every individual component in your system to limit the damage from any successful penetration - First off, assume that hackers can compromise any one system. In a good security architecture, access to one system doesn't give you access to another. If you hack system A, you do not automatically get access to the entire vehicle. Manufacturers must make it extremely difficult to get access point blank. This is called the daisy chain (or kill chain), and this method was used in order to gain escalated privileges within Tesla's systems.