By on August 6, 2015

2013-Tesla-Model-S-Rear

Two men say they’ve managed to shut off a Tesla Model S at low speeds, proving that no car is actually safe on the streets anymore and we should all go back to driving Chevrolet Vegas.

The hack, which was reported by the Financial Times and detailed exhaustively by Wired, requires physical access to the car’s infotainment system to exploit the vulnerability. The car can then be remotely disabled.

Similar to hackers who recently said they could start and stop OnStar-enabled vehicles, the two men who broke into Tesla’s software said they presented their findings to the automaker and Tesla released a patch for its cars Thursday. Last month, a vulnerability in Fiat Chrysler Automobiles’ Uconnect system forced the automaker to recall 1.4 million cars.

The hackers say they are presenting their findings at the annual Def Con Hacking Conference, which begins Thursday. The hackers praised Tesla for a robust gateway between the car’s vulnerable systems and the computers that control vital functions such as steering, brakes and throttle.

At speeds lower than 5 mph, when Tesla cars lose power, the vehicles are stopped using the car’s handbrake. At speeds higher than 5 mph, the cars are put into neutral and steering and airbags still remain functional.

“That in itself I think is a huge achievement that I’d like to call Tesla out for,” Marc Rogers, chief researcher for CloudFare, told Wired. “This is a directly contrasting story to the Jeep story … Tesla had actually thought about the ramifications about what might happen and had designed the car to handle it gracefully and be safe … in such a way that catastrophic (failure) would not happen.”

The duo say that they’re using the hack to showcase how little attention some automakers have given to security.

“Early in the industry you have this kind of weird lemming effect, that if nobody does security well, they all kind of jump off the cliff simultaneously,” said Kevin Mahaffey, who is the chief technical officer for mobile security firm Lookout, told Wired. “And if there are one or two companies that are actually doing it well, then shining the light on them … helps raise the overall bar for the entire industry.”

Get the latest TTAC e-Newsletter!

Recommended

21 Comments on “Apparently All Cars Can Be Hacked Now: Tesla Edition...”


  • avatar
    Sgt Beavis

    One major difference between Tesla and most other car makers is that they can actually update their firmware over the air. I don’t know of any other OEM that can update their systems like that.

  • avatar
    zaxxon25

    Chevrolet Vegas also used to shut off unpredictably, they just didn’t have a hacked infotainment system to blame.

  • avatar
    Stu L Tissimus

    The Chrysler story was so surprising because it did NOT require physical access.

    Since this requires physical access it shouldn’t scare anybody; it’s like saying “yes, your home security system can be hacked, assuming somebody is already inside your home and fiddling with the control panel.”

    • 0 avatar
      SomeGuy

      Exactly what I was going to write. This is a non-story IMO seeing as the hackers physically accessed the car.

    • 0 avatar
      Signal11

      Yep, came in here to say this. No computer system is secure if the attacker has physical access. Just a matter of time. The Miller hack is noteworthy because he and his partner don’t require physical access.

      Can we get Jack to write these blog posts? Dude has terrible taste and I’m not the greatest fan of his fiction but in this arena, Jack is the writer I’d rather be reading.

    • 0 avatar

      Yeah, we were talking about this behind the scenes today. The “hack” is so close to saying, “I can penetrate this door lock with my key hack as long as I have access to an original key from which to make a copy.”

      Aaron said to me, “At what point do we just call these “hackers” just plain ol’ “mechanics.””

  • avatar
    another_VW_fanboy

    Why can’t we just make cars simpler. All this dependence on software to do everything that cars used to do without any electronics confuses me. How bout this for a compromise, anything that has to do with the drive train is a closed system separate from the entertainment. So what if u manually have to adjust your radio volume at speed. Better that than some asshat teenage hacker shutting your car down on the highway.

    • 0 avatar
      Syke

      Taking that thought to its logical conclusion, for desirable levels of safety we should go back to crank or kick start, manual spark advance, manual choke, hand throttle mounted on the steering wheel hub and a planetary transmission (since a sliding gear transmission and clutch is beyond the pale for most drivers).

      I look at the bright side: Such a vehicle is virtually impossible to text in while driving, and the physical dexterity to drive it would cut the driving population in half (at least). For the truly mysoginistic, this combination would also remove the vast majority of female drivers from the road.

    • 0 avatar
      OneAlpha

      Agreed.

      The computer that controls the powertrain should be completely isolated from the outside world and only reconfigurable through a hard physical connection.

      • 0 avatar
        APaGttH

        Battlestar Galactica taught us that.

        ;-)

      • 0 avatar
        beastpilot

        How much would you pay for this?

        The integration of networks in a car means a lot of efficiency gains. How does the reverse camera on the entertainment screen know to show up? Either it can have it’s own wire running to the transmission, or it can just sit on the same bus as the transmission and see that it’s been put in reverse.

        What about setting the AC temp on a screen? That needs to communicate to the AC control unit, which needs to communicate to the engine controller to adjust idle speeds. Again, either a bunch of discrete wires, or just one nice bus everyone can play on.

        The ECU needs to know how fast you are going, but so does the instrument cluster, heads up display, GPS, etc. I don’t get to share the one speed sensor?

        It sounds good, but there’s a reason smart engineers have integrated all these systems. The correct answer is not likely “thou shall never connect the two”. There are reasonable ways to build gateways, firewalls, and other methods to make it very unlikely that an internet connected infotainment system can’t issue vehicle disabling commands.

        Also, none of the hacks so far have re-programmed the drivetrain computers. The issue is that a perfectly functioning ECU or TCU listens on a bus and commands on that bus can tell a totally un-hacked ECU/TCU to do something like shift into neutral or reduce power. Just making the drivetrain stuff only be re-programmable via a hard connection doesn’t help.

        • 0 avatar
          OneAlpha

          I don’t WANT a backup camera, nor do I need one because I have eyes.

          I don’t WANT to have to change AC temperatures on a screen and frankly, I don’t care WHAT the specific temperature is, as long as it feels comfortable. A simple electromechanical dial will do that just fine.

          I have no need for an HUD, and all of the various instruments can each be driven by their own sending units.

          My existing car is 20 years old and IMPOSSIBLE to remotely hack because it doesn’t route all of its functions through some halfassed electronic bottleneck where they can be co-opted wirelessly.

    • 0 avatar
      Kendahl

      Computer control is why modern automobiles work as well as they do. The problem is the vulnerability of critical systems to hacking via remote access. Simply separating these systems from and requiring a physical connection would eliminate the vulnerability. Hacking infotainment systems is no more than a nuisance as long as the hackers can’t jump from there into vehicle control systems.

    • 0 avatar
      stuki

      It’s not just “entertainment.” Even cruise control is electronic. When it was very simple, the chips running it was sufficiently hard wired that even physical access didn’t leave much room for altering their function. But once people want radar cruise, lane keeping, auto high beams, fancy algorithms for priming brakes and airbags etc., you end up in the realm of software running on powerful, general purpose chips; which means the software can be altered.

    • 0 avatar
      dal20402

      The makers want to allow systems like the automatic transmission and the suspension to alter their behavior depending on upcoming grades and road geometry, information which only the nav system has. Those features can be good ones if well implemented, so you’d lose something.

      It’s also way, way more difficult than you would think to ensure that systems in close physical proximity are completely isolated from one another.

  • avatar
    PeterKK

    I’m impressed. The hack was probably inevitable. All that other stuff is highly noteworthy. Loving the Tesla the more I hear about it.

    Wonder if I’ll ever be that flush? Or if the price will come down in the coming years? Here’s hoping one way or the other. :)

  • avatar
    05lgt

    I have been led to believe (by Hollywood) that given prior physical access to any auto it can be remotely DETONATED! The u-connect thing is a story, the rest of these are just burying that story in misdirection. In other words more BS than “The Truth.”

  • avatar
    Signal11

    Here is a much more interesting vulnerability:

    http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • EBFlex: That’s the problem. Most people are already tired of these Jeep clones and they haven’t even been released...
  • EBFlex: “Built Wild”. With all the delays that’s the best tag line they could come up with? It’s laughably bad....
  • CoastieLenn: Gotcha. That would make sense… kinda
  • CoastieLenn: I didn’t realize there was a 2 door Sport. I assumed it was 4 door only. Is the full sized one...
  • Lie2me: “I just question the reliability.” Just don’t buy the first year, never buy the first year...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Matthew Guy
  • Timothy Cain
  • Adam Tonge
  • Bozi Tatarevic
  • Chris Tonn
  • Corey Lewis
  • Mark Baruth
  • Ronnie Schreiber