At The Register, John Leyden talks about the recent revelation that the Tesla Model S has known hacking vulnerabilities:
Security researchers have uncovered six fresh vulnerabilities with the Tesla S.
Kevin Mahaffey, CTO of mobile security firm Lookout, and Cloudflare’s principal security researcher Marc Rogers, discovered the flaws after physically examining a vehicle before working with Elon Musk’s firm to resolve security bugs in the electric automobile.
The vulnerabilities allowed the researchers to gain root (administrator) access to the Model S infotainment systems.
With access to these systems, they were able to remotely lock and unlock the car, control the radio and screens, display any content on the screens (changing map displays and the speedometer), open and close the trunk/boot, and turn off the car systems.
When turning off the car systems, Mahaffey and Rogers discovered that, if the car was below five miles per hour (8km/hr) or idling they were able to apply the emergency hand brake, a minor issue in practice.
If the car was going at any speed the technique could be used to cut power to the car while still allowing the driver to safely brake and steer. Consumer’s safety was still preserved even in cases, like the hand-brake issue, where the system ran foul of bugs.
Despite uncovering half a dozen security bugs the two researcher nonetheless came away impressed by Tesla’s infosec policies and procedures as well as its fail-safe engineering approach.
“Tesla takes a software-first approach to its cars, so it’s no surprise that it has key security features in place that minimised and contained the risk of the discovered vulnerabilities,” the researchers explain.
