Security researchers have uncovered six fresh vulnerabilities with the Tesla S.
Kevin Mahaffey, CTO of mobile security firm Lookout, and Cloudflare’s principal security researcher Marc Rogers, discovered the flaws after physically examining a vehicle before working with Elon Musk’s firm to resolve security bugs in the electric automobile.
The vulnerabilities allowed the researchers to gain root (administrator) access to the Model S infotainment systems.
With access to these systems, they were able to remotely lock and unlock the car, control the radio and screens, display any content on the screens (changing map displays and the speedometer), open and close the trunk/boot, and turn off the car systems.
When turning off the car systems, Mahaffey and Rogers discovered that, if the car was below five miles per hour (8km/hr) or idling they were able to apply the emergency hand brake, a minor issue in practice.
If the car was going at any speed the technique could be used to cut power to the car while still allowing the driver to safely brake and steer. Consumer’s safety was still preserved even in cases, like the hand-brake issue, where the system ran foul of bugs.
Despite uncovering half a dozen security bugs the two researcher nonetheless came away impressed by Tesla’s infosec policies and procedures as well as its fail-safe engineering approach.
“Tesla takes a software-first approach to its cars, so it’s no surprise that it has key security features in place that minimised and contained the risk of the discovered vulnerabilities,” the researchers explain.
“These key security features include a good OTA patch process and system-level isolation between drive and entertainment systems. Tesla is also open to working with the security research community to find any vulnerabilities to ultimately make their cars safer for their consumers," they added.
Mahaffey and Rogers are due to unveil their research on Tesla’s handling of security issues together with three main recommendations to the automotive industry in best practice during a presentation at this week’s DEF CON hacker conference in Las Vegas.
The car industry can do better at protecting consumer safety while avoiding lengthy and costly recalls and security hazards by adopting three main recommendations, according to the security boffins:
- Set up an OTA update system
- Isolate vehicle systems from infotainment systems
- Secure every individual component in a car system to limit the damage from any successful penetration
More details on the research by Mahaffey and Rogers into Tesla cars, together with more general recommendations for the auto industry, can be found in a blog post here.
Tesla is something of a pioneer in the car industry by establishing a “Bug Bounty” program to encourage external security researchers to responsibly identify and help fix any security issues they uncover.
Mahaffey and Rogers are encouraging other manufacturers to follow suit. Car hacking is a key theme of this year’s edition of Black Hat and DEF CON.
The highlight at DEF CON is likely to be a much anticipated talk by Charlie Miller and Chris Valasek on a hack against Fiat Chrysler's uConnect mobile network which created a means for hackers to hijack a range of affected cars over the internet before it was patched.
Elsewhere, NCC will be talking more about hacking cars through DAB radio transmissions. ®