Car hacking has been a big concern lately. After a Wired article demonstrated how security researchers could remotely disable a new Jeep Cherokee by worming into the car’s infotainment system, automakers are under increased scrutiny over their digital security. Now, security researchers have reportedly figured out how to take control of one of the most tech-heavy vehicles on the road today: the Tesla Model S.
According to a Financial Times report (which can only be accessed through a subscription), researchers Kevin Mahaffey and Marc Rogers were able to completely disable a Model S as it drove along at low speed. Reuters quotes the researchers: “We shut the car down when it was driving initially at a low speed of five miles per hour [. . .] All the screens go black, the music turns off, and the handbrake comes on, lurching it to a stop.” Mahaffey and Rogers will present their findings at the Def Con cybersecurity conference on Friday.
Wired goes into greater detail, explaining how the hackers were able to gain control of the vehicle. First off, unlike the Jeep hacking event, Mahaffey and Rogers’s exploit required physically plugging a laptop into the Model S dashboard. Once their computer was connected to the vehicle, they were able to start and drive the Tesla through laptop commands. The researchers say that they also were able to plant a remote-access Trojan into the car’s software while the laptop was connected, allowing them to remotely cut the car’s motor at a later time.
Wired also reports that the duo found that the Tesla’s large center dash touch screen uses an out-of-date browser that, theoretically, could allow an attacker to gain wireless control of the car if the owner navigated the dashboard touch screen to a malicious web page. The researchers did not specifically test this vulnerability.
In all, the researchers found six vulnerabilities in the Model S’s software, and worked hand-in-hand with Tesla to develop fixes. Wired reports that an over-the-air patch was distributed on Wednesday to every Model S to close the loopholes discovered by the researchers.
The researchers say they chose to hack the Tesla because of the electric carmaker’s reputation for understanding software. A Tesla spokesperson e-mailed us the following statement:
“Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards. Lookout’s research was a result of physically being in Model S to test for vulnerabilities. We’ve already developed an update for the vulnerabilities they surfaced which was made available to all Model S customers through an OTA update that has been to deployed to all vehicles.”
Hey, at least Tesla was able to push out the fix wirelessly. Jeep owners will need to bring their cars to a dealership or download the patch to a thumb drive.
This story originally appeared on roadandtrack.com.
This entry passed through the Full-Text RSS service - if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.
from Car and Driver Blog http://ift.tt/1K5mZ0u
via IFTTT
0 comments:
Post a Comment