After the Jeep Cherokee last week it was the turn of a Tesla S to undergo intrusion into its onboard management system.
See This : Car without driver could be hacked !!!
Edit: see update this article on 7/08 at 15.30 at the end of it
When, in June 2012, I met Eugene Kaspersky, founder and head of the Kaspersky antivirus editor, he had explained that the car would in all logic the next target of choice for hackers, and it would pose serious safety problems.
Three years after this prediction , we are. The latest cars - including high-end models - are mostly connected one way or another (GPS, GSM, various radio equipment ...) and have become true computers on wheels. After the takeover of a Jeep Cherokee last week and the buzz that followed, it was the turn of Tesla suffer the intrusion of hackers in its electronic systems.
But this time is - fortunately - a hack "friendly" or "white hat" for the initiated: the Financial Times, hackers broke into a system the Tesla S to test and demonstrate the potential vulnerabilities of this last. The two computer experts, Kevin Mahaffey, chief technology officer at Lookout, and Mark Rogers, security researcher at Cloudflare, have connected to the car with an Ethernet cable and were able to take control of the large screen of the car, which, remember -the, absolutely centralizes all functions thereof, with the exception of wipers, the opening of the glove compartment and lighting stalks).
A small hand brake suddenly ...
From there, the guys are kindly much fun small car with different commands: while the latter was traveling at low speed (about 8 km / h) they "off" by cutting all screens and music, and - more worryingly - by operating the handbrake, which had the effect of immobilizing the car a little abruptly. Meanwhile they were also able to change the speed displayed on the meter, operate the electric windows and lock the car.
Of course you had to be on board and find a way to connect an Ethernet cable, but one can easily imagine that this is possible with a cable is also potentially the wireless remote as the Tesla S is connected permanently to the GSM network via an integrated chip, and it also features Bluetooth and WiFi for connecting an iPhone to the car and to activate certain commands via the mobile application.
Tesla announced that a security update of repairing this flaw would be made available for download on Thursday. Kevin Mahaffey, one of the "hackers" that led this experiment, however, said that the Tesla S remained "one of connected cars the safest in the market."
Update 7/08 at 15:30
Following this hack, Tesla brought us the following details:
"Our team of experts responsible for security matters works closely with the security research community to ensure the best possible protection of our systems against vulnerabilities by performing rigorous testing and validating and updating the protections in place. To find vulnerabilities, the study of the Lookout company need a physical connection to the vehicle. We have already developed an update that meets all identified vulnerabilities. This patch was deployed to the entire fleet through a remote update (OTA update). "
On the possibility of a remote control socket: it is not possible according to Tesla. Indeed, the researchers worked several months on the subject before actually access some features of the vehicle and they have not managed to do so without connect directly, as explained in detail in this report Lookout . Secondly, concerning the activation of the handbrake, Tesla says that beyond 8 km / h, preventive systems that have made it impossible maneuver. I confirm that I have tried to engage the parking brake on cars with a system like the Tesla (e) and beyond a certain speed, usually very low, this is not possible. Finally, the update has already been deployed (in fact we spoke yesterday for "Thursday"). Tesla says that this reactivity "is quite unique in the automotive industry is that we could do it remotely without a massive recall of our fleet."
See This : Car without driver could be hacked !!!
Edit: see update this article on 7/08 at 15.30 at the end of it
When, in June 2012, I met Eugene Kaspersky, founder and head of the Kaspersky antivirus editor, he had explained that the car would in all logic the next target of choice for hackers, and it would pose serious safety problems.
Three years after this prediction , we are. The latest cars - including high-end models - are mostly connected one way or another (GPS, GSM, various radio equipment ...) and have become true computers on wheels. After the takeover of a Jeep Cherokee last week and the buzz that followed, it was the turn of Tesla suffer the intrusion of hackers in its electronic systems.
But this time is - fortunately - a hack "friendly" or "white hat" for the initiated: the Financial Times, hackers broke into a system the Tesla S to test and demonstrate the potential vulnerabilities of this last. The two computer experts, Kevin Mahaffey, chief technology officer at Lookout, and Mark Rogers, security researcher at Cloudflare, have connected to the car with an Ethernet cable and were able to take control of the large screen of the car, which, remember -the, absolutely centralizes all functions thereof, with the exception of wipers, the opening of the glove compartment and lighting stalks).
A small hand brake suddenly ...
From there, the guys are kindly much fun small car with different commands: while the latter was traveling at low speed (about 8 km / h) they "off" by cutting all screens and music, and - more worryingly - by operating the handbrake, which had the effect of immobilizing the car a little abruptly. Meanwhile they were also able to change the speed displayed on the meter, operate the electric windows and lock the car.
Of course you had to be on board and find a way to connect an Ethernet cable, but one can easily imagine that this is possible with a cable is also potentially the wireless remote as the Tesla S is connected permanently to the GSM network via an integrated chip, and it also features Bluetooth and WiFi for connecting an iPhone to the car and to activate certain commands via the mobile application.
Tesla announced that a security update of repairing this flaw would be made available for download on Thursday. Kevin Mahaffey, one of the "hackers" that led this experiment, however, said that the Tesla S remained "one of connected cars the safest in the market."
Update 7/08 at 15:30
Following this hack, Tesla brought us the following details:
"Our team of experts responsible for security matters works closely with the security research community to ensure the best possible protection of our systems against vulnerabilities by performing rigorous testing and validating and updating the protections in place. To find vulnerabilities, the study of the Lookout company need a physical connection to the vehicle. We have already developed an update that meets all identified vulnerabilities. This patch was deployed to the entire fleet through a remote update (OTA update). "
On the possibility of a remote control socket: it is not possible according to Tesla. Indeed, the researchers worked several months on the subject before actually access some features of the vehicle and they have not managed to do so without connect directly, as explained in detail in this report Lookout . Secondly, concerning the activation of the handbrake, Tesla says that beyond 8 km / h, preventive systems that have made it impossible maneuver. I confirm that I have tried to engage the parking brake on cars with a system like the Tesla (e) and beyond a certain speed, usually very low, this is not possible. Finally, the update has already been deployed (in fact we spoke yesterday for "Thursday"). Tesla says that this reactivity "is quite unique in the automotive industry is that we could do it remotely without a massive recall of our fleet."