- 5 June 2017
A team of researchers discovered a flaw in Tesla newest model. They managed to take control of door, locks, lights and brakes from the several kilometres away.
Fortunately, the team of researchers discovered the fault of the system before any hacker could take advantage of it. As a result, Tesla fixed the problem with a software update.
According to The International Business Times, this so-called white-hat hack was exposed on Youtube, now that the Tesla company fixed the security breach. As shown in the video below, for the hackers to enter the system it was enough that the car would connect to a malicious hotspot.
Once remote access to the car has been established, the hackers are then able to control various features, including the brakes, while the car is moving.
Basically, this breach would have been the perfect way to steal Tesla models or to harm any driver of Tesla from a distance. If exploited properly, this flaw could give access to unlock the doors, take over control of the dashboard computer screen, open the boot, move the seats and activate the indicators, as well as fold in the wing mirrors while the car is being driven.
The most important aspect, of course, is how the brakes can be applied without the driver’s involvement.
Tesla company says that a patch to repair this vulnerability had been issued 10 days after the discovery and it was sent to all the Tesla Model S cars available.
Brian Spector, CEO of cyber security firm Miracle, said: “These hacks demonstrate the serious problems around identity verification in today’s connected cars. Having very limited encryption, identity management and data protection within such a powerful computer is extremely dangerous and poses a real and serious threat to everyone using our roads today.”
Moving forward into a world of autonomous cars, Spector said: “The potential fallout from this lack of authentication becomes even more frightening.”
In a statement sent to US media, Tesla said: “The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly … We commend the research team behind today’s demonstration and plan to reward them under our bug bounty programme, which was set up to encourage this type of research.”