Since our cars become smarter, their doors have become open to more hacking dangers. At the DEF CON digital security conference, security researchers Marc Rogers and Kevin Mahaffey explained how they hacked a Tesla Model S.
Since modern cars have computers if you crash the computer you can also crash the vehicle. The two hackers tried doing exactly that with a car that in their opinion is strong in terms of hardware and software. For their experiment, Rogers and Mahaffey chose the Tesla Model S and were successful booking in. This is of no surprise, but what's really surprising is the way Tesla responded.
Marc Rogers is a principal security researcher with CloudFlare and Kevin Mahaffey is a co-founder of Lookout. Their cyber-security firms are based in San Francisco, California. The two security researchers came to attend DEF CON in Las Vegas, a popular conference among hacker and security experts. DEF CON is the place to exchange tricks of the trade, being attended by both "black hats" and "white hats". Rogers and Mahaffey are "white hats", security experts who break into networks only to research flaws and help getting them fixed.
According to Rogers, they could break in the Tesla Model 5 because the cars feature a cable inside, used by the maintenance technicians to access the on-board system and fix things. The cable is supposedly hidden in a secret panel, either under the touch screen or at the left of the driver. But for the two security experts was easy to find the cable and connect. According to Rogers, this gives you access to look for security flaws in the software.
The team was able to find several security weaknesses of the software installed on Tesla Model S. This way, they gained access to the car's network and made the computers on the network to leak information, according to Rogers. He and Mahaffey were able to convince computers at Tesla headquarters to communicate with their laptop as it would be the car's onboard computer.
At this point the two were able to request permission for more information from Tesla servers, Rogers explained. By analyzing the information received from Tesla's networks the hackers were able to get administrative access to the car and to take over all the car's computers. At that point, the team built a back door to enable control from afar. They could bring later a real-life Model S to a halt by using that back door.
However, Tesla's customers don't have to worry. Tesla, unlike other automakers, has a system in place to fix security flaws through regular software updates. According to Tesla co-founder and chief technology officer, JB Straubel, the company does over-the-air updates every three months in the same way Apple, for instance, does for iPhones. And since the two hackers emailed Tesla about the security flaw they found.
Straubel and his team invited Rogers and Mahaffey for a meeting to get details. The company has also had a security bug bounty program in place that offers rewards to researchers who point out flaws in its vehicle information systems. The maximum reward was recently upped to $10,000.