Daily Management Review

Tesla to Update Security Flaws Found in its Model S Sedan by Hackers


08/06/2015




Tesla to Update Security Flaws Found in its Model S Sedan by Hackers
Following vulnerability of its software on the Model S sedan, Tesla announced on Thursday that it had already sent a software patch to address security flaws in the car.

A day ago there were reports that the software system installed in the Model S sedan of Tesla was vulnerable to attacks by hackers after cyber security researchers demonstrated how the sedan can be remotely controlled with a slight access to the systems.

There were media reports that the cyber security researchers had been able to take control of a Model S and turned it off at low speed. This, according to the cyber security researchers was just one of the six significant flaws they had found that could allow hackers to take control of the vehicle.

While confirming that the report contents were partially true, Tesla confirmed that it had already taken measures to resolve the problems.

Deciding to test the reputation of Tesla as being an auto manufacturer who presumably understood car software better than that of most auto makers, two cyber security researchers - Kevin Mahaffey, chief technology officer of Lookout and Marc Rogers, principal security researcher at Cloudflare, conducted the hacking tests, said media reports.

"We shut the car down when it was driving initially at a low speed of five miles per hour. All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop,” reported media reports quoting the two cyber security researchers.

Reacting quickly to the reports, Tesla confirmed that it had developed and deployed an over-the-air update to Model S owners to address the software "vulnerabilities" indicated in the model by the researcher duo.

“The hackers did not turn off the car remotely, but from inside the vehicle,” the company said in a statement.

"Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards," the auto maker said in a communiqué.

In July, Jeep Cherokee of Fiat Chrysler was reportedly similarly attacked as hacker managed to break into the software system of the vehicle that prompted the company to recall 1.4 million vehicles in the United States.

A part of the claims made by Tesla however seemed to be true as reports verified that the researchers were not able to hot-wire the electric car but they found that by plugging their laptop into the network cable behind the driver's side dashboard, they were able to start the car and drive it away. Subsequently remote access to the car was possible by planting a remotely controllable Trojan virus into the system that can turn off the car’s engine and shut it down completely.

Actions like remotely lock and unlock the car, control the radio and screens, display any content on the screens like map displays and the speedometer, open and close the boot and turn off the car systems were possible with the car after the researchers gained access to the in-car entertainment system and by the use of a daisy chain attack.

However Tesla security systems did not completely go off at high speeds as the researchers were only able to put the car in neutral at high speeds allowing the driver to steer the car safely to a halt.
 
(Source: www.ibtimes.co.uk, http://money.cnn.com & www.reuters.com)