Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tesla Model S Has Been Hacked

Posted by samzenpus on from the lock-it-down dept.

cartechboy writes: First, it was Chrysler last month with its Uconnect system being hacked while being driven down the road. Now, it's Tesla's turn. That's right, the Silicon Valley automaker's very own Model S electric car has been hacked by two white-hat hackers. The duo were able to manipulate the speedometer, lock and unlock the car, and at speeds of less than 5 mph they were able to make all the electronics go blank and shut down the car while engaging the emergency parking brake dragging the car to a stop. Tesla's already issued a software update that owners can download to path the security flaw. Welcome to the new world where cars can be hacked thanks to all their electronics.

5 of 262 comments (clear)

  1. Re: Sure... by Anonymous Coward · · Score: 1, Interesting

    Who else also has the ability to do updates over the air and what sorts of interesting updates can they perform?

  2. Re:Sure... by sxpert · · Score: 5, Interesting

    it's https over openvpn... I'd say it's good enough

  3. Only going to get worse by Doghouse13 · · Score: 4, Interesting

    OK, so there's a security patch available. So what? "We regret that you crashed at 85mph yesterday - please download our latest patch?" The problem is not the software per se, but the mere fact that there's external access at all. Because there's simply no such thing as "flawless" code. And the internet's been around long enough to show us that, if there's any legitimate way in, people who want to abuse the system will get in as well, and find a way to subvert it. And right now all we're seeing are "white hat" attacks; just wait until the black hat guys start getting creative.

    1. Re:Only going to get worse by sinij · · Score: 3, Interesting

      We have seen this play out in IT during 80s and 90s. AV and Firewalls for cars are next. Then they will wise up and move cars to a dedicated network with mutual authentication. Until then, we have 'lost decade' of blue-screen-of-death automobiles. Unfortunately, unlike mostly harmless IT crashes, when auto crashes someone going to get hurt.

  4. Re:Welcome to the new world? by steelfood · · Score: 1, Interesting

    It's another attack vector, on top of all the existing attack vectors.

    The attack vector these electronics close is hotwiring under the dash. This kind of attack doesn't happen as much as you think. More likely, people go for the GPS unit or something other item that's left out in the open, or your wheels and other easily-accessible parts. Stealing whole cars is rarer, unless you've got some collector's piece, and stealing whole cars via hotwiring is very rare. For stealing whole cars, there's a lot of low-hanging fruit, namely people who forget to lock their doors, people who more than crack their windows, or people who habitually keep the keys inside their car. And people who do steal whole cars for a living (usually for getting to less-accessible but more expensive parts) will have the equipment to be able to gain entry anyway, so it hardly matters.

    The additional electronic security may close one or two attack vectors, but it doesn't close all of them, and certainly not the most important ones. So now the question becomes, is closing the one or two attack vectors worth the additional (literally) thousands of dollars worth of electronics as well as introducing an additional unknown quantity of electronic attack vectors?

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."