#hacking

Two men say they’ve managed to shut off a Tesla Model S at low speeds, proving that no car is actually safe on the streets anymore and we should all go back to driving Chevrolet Vegas.

The hack, which was reported by the Financial Times and detailed exhaustively by Wired, requires physical access to the car’s infotainment system to exploit the vulnerability. The car can then be remotely disabled.

Similar to hackers who recently said they could start and stop OnStar-enabled vehicles, the two men who broke into Tesla’s software said they presented their findings to the automaker and Tesla released a patch for its cars Thursday. Last month, a vulnerability in Fiat Chrysler Automobiles’ Uconnect system forced the automaker to recall 1.4 million cars.

Fresh from the recent Fiat Chrysler Automobiles infotainment-hacking flap, the National Highway Traffic Safety Administration announced last week that it would look further into supplier Harman Kardon for possible vulnerabilities in other cars, the Associated Press reports (via Autoblog).

Harman Kardon produces radios for automakers such as BMW, Subaru, Mercedes-Benz and Volvo, in addition to FCA.

Fiat Chrysler Automobiles announced that it would voluntary recall 1.4 million vehicles to patch a security exploit that could allow hackers to infiltrate a car’s vital systems.

The recall would apply to cars fitted with the Uconnect 8.4-inch touchscreen. A story released by Wired magazine this week detailed two hackers’ system that could take over a Jeep Cherokee and control the car’s systems, including throttle, braking and steering.

Jeep released the update last week, saying the patch was for “nothing in particular” and that they “continuously test vehicles systems to identify vulnerabilities and develop solutions.”

The release required owners to download the update onto a USB drive and install it themselves, or go to a dealership. FCA will mail affected owners a USB drive with the update now.

According to FCA, the company is unaware of any injuries related to the hack.

Automakers are not well known for their expertise in embedded security with vulnerabilities surfacing for many models. Nick Bilton of the New York Times decided to investigate a wireless key vulnerability after his Prius was broken into with a mystery black box. The investigation sounded somewhat promising at first, but quickly deflated, ending at a point where he told us to put our car keys in the freezer.

The story originally unfolded on Twitter as Bilton posted about the break-in and quickly followed up he’d figured out a $100 broadcasting device allowed teenagers to break into his car so easily.

Just saw 2 kids walk up to my LOCKED car, press a button on a device which unlocked the car, and broke in. So much for our keyless future.

— Nick Bilton (@nickbilton) April 6, 2015

Locking the doors may not be enough to deter would-be thieves now, thanks to wireless technology.

This is the Renault Zoe. It’s like most EVs on the road, with its limited range, limited power, and limited usability.

Unlike the other EVs, however, the Zoe comes with DRM attached to its battery pack. In short: If you value your ability to drive the Zoe at all, then you will submit to a rental contract with the pack’s manufacturer. Should you fail to pay the rent or your lease term expires, Renault can and will turn your Zoe into an expensive, useless paperweight by preventing the pack’s ability to be recharged, consequences be damned.

It’s only the beginning.

A team of researchers at UC San Diego and the University of Washington, Seattle, has just published a paper titled “ Comprehensive Experimental Analyses of Automotive Attack Surfaces“. Behind that dry title is a very exciting research study. In essence, they bought a modern reasonably-priced car with lots of fancy features, including a built-in cellular phone interface, and did a serious reverse-engineering exercise to determine whether it had any security vulnerabilities. It’s the most comprehensive study of its kind.