Stories surrounding car hacking seem to be all the rage these days. The issue was first thrust into the spotlight a few weeks ago when famed hackers Charlie Miller and Chris Valasek were able to take over Wired reporter Andy Greenberg’s jeep as it sped down the highway at 70 mph.
Such is the risk involved with connected cars. On the one hand, the technology that underlies modern vehicles makes driving more convenient, efficient, and enjoyable than ever before. On the other, expanded capabilities opens up the door for hackers to potentially wreak havoc.
That being the case, there’s one car company, above all others, who has their security game on lock down. Not surprisingly, that company is Tesla.
During a presentation at the annual Def Con Hacking Conference in Las Vegas last week, researchers Kevin Mahaffey and Marc Rogers detailed the endless number of roadblocks they encountered when trying to hack a Tesla Model S. Ultimately, they managed to find a key vulnerability by accessing Tesla’s VPN via a somewhat hidden Ethernet port located behind the drivers side dashboard. In turn, they were able to access a key piece of the car’s software which enabled them to “shut down a moving Model S at low speed” while also giving them control over the car’s windows, doors, and suspension.
Tesla, the researchers note, quickly patched the vulnerability.
So if Mahaffey and Rogers were, in fact, able to hack a Tesla, wouldn’t one assume that the Tesla Model S is far from secure?
Truth be told, the bulk of their talk centered on all of the dead ends they encountered in their effort to skirt around the Model S’ security. Indeed, the work that went into finding and exploiting the aforementioned vulnerability took place over the course of two years. What’s more, physical access to the car is needed for the hack to be effective.
The company also engineered the car to handle sudden power loss in a graceful way. If power to the car were cut while the vehicle was in motion, the hand brake would kick in, and the car would lurch to a stop if it was traveling 5 miles per hour or less. It would go into neutral if traveling faster than this. But the driver would still retain control of the steering and brakes and be able to pull the car over. The airbags also would still be fully functional.
“That in itself I think is a huge achievement that I’d like to call Tesla out for,” says Rogers. “This is a directly contrasting story to the Jeep story… Tesla had actually thought about the ramifications about what might happen and had designed the car to handle it gracefully and be safe… in such a way that catastrophic [failure] would not happen.”
Tesla’s over-the-air software updates were also praised by Mahaffey and Rogers as it enables them to immediately address and fix software vulnerabilities as they arise.
So is the Model S hackable? Sure, with enough time and resources it’s hard to say that anything is truly impenetrable. That said, Mahaffey and Rogers had no problem stating that the Tesla Model S is the “most secure car that we’ve seen.”
As a final point, and speaking to how seriously Tesla takes security, the company recently hired Chris Evans from Google’s Project Zero to head up its security team. Project Zero, if you’re unfamiliar, was a Google team comprised of hackers dedicated to finding zero-day exploits.