Customers look at a Tesla Motors Inc. Model S electric vehicle on display at the company's showroom in Beijing, China, on Tuesday, Nov. 11, 2014. Tesla Motors Inc. projected a surge in orders for its Model S and said on Nov. 6 it's accelerating production of the plug-in electric car. Photographer: Tomohiro Ohsumi/Bloomberg
Tesla S electric car © Bloomberg

Hannah Kuchler in Las Vegas

Jump to comments section

Cyber security researchers have found six significant flaws in Tesla’s Model S cars that could allow hackers to take control of the vehicles and have safety implications for drivers.

Kevin Mahaffey, chief technology officer of Lookout, and Marc Rogers, principal security researcher at Cloudflare, said they decided to try to hack a Tesla because the company has a better reputation for understanding software than most automakers.

But the so-called “white hat” hackers, who probe internet-connected devices to try to push companies to improve security, still found vulnerabilities.

The hack on the Tesla car, to be detailed on at the cyber security conference Def Con in Las Vegas on Friday, is the latest in a series of vulnerabilities discovered in connected cars. One high-profile case led Fiat Chrysler to recall 1.4m Jeep Cherokees last month.

The hackers had to physically access the Tesla first, which made it more difficult than many other hacks. Once they were connected through an Ethernet cable, they were later able to access the systems from afar.

This allowed them to take control of the screens. They were able to manipulate the speedometer to show the wrong speed, lower and raise the windows, lock and unlock the car and turn the car on or off.

“We shut the car down when it was driving initially at a low speed of five miles per hour. All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop,” said Mr Rogers.

But when the researchers experimented with hacking the car at a higher speed, Tesla safety measures ensured they could not put the handbrake on. Instead, all the screens went blank, the car dropped to neutral and the driver maintained full control of the steering, giving them the opportunity to drive to the side of the road.

FT News Podcast

Cyber security threat shocks car industry

Cyber Crime
© Dreamstime

Murad Ahmed asked Andy Sharman, the FT’s motor industry correspondent how carmakers are dealing with the cyber security threat.

Tesla is issuing a patch to fix the flaws that all drivers will have by Thursday. The company said drivers will be able to download the updates via WiFi or a cellular connection.

This was another key safety feature that earned Tesla praise from the security researchers. Many carmakers did not have the ability to automatically send software updates to cars without drivers having to take the car to a dealership or mechanic.

Mr Mahaffey called on every car company to create an “over the air update” process, to install strong separation between the internet-connected entertainment network and the systems that control driving and ensure strong security on each element of the car.

He warned that “the internet is a hostile place for the uninitiated”, such as carmakers that have little experience with online security.

“They tend to look at their peers and they all do what each other is doing,” he said. “If no one has done a great job with security they are jumping off a cliff swiftly to their doom.”

Copyright The Financial Times Limited 2024. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section

Follow the topics in this article

Comments