August 10, 2015 - by
Technology has advanced so quickly in the past few years. Sometimes we notice, other times it just happens. Every modern convenience we have has a fully functional computer system running it from Smart TVs and even high-end toasters. Cars are no exception to this.
Nearly everything running in many modern vehicles from the late 2000s onwards is managed and operated by a sophisticated network of on-board computers. Some are even networked to the internet via satellite or Bluetooth wireless technology. As vehicles become more dependent on sophisticated electronic systems they have also become increasingly connected through wireless networks.
Unfortunately, “car hacking” has become a recent phenomenon. Many tech sites and auto publications have shared how easy it is to remotely disable a new car by worming into its infotainment system. Many car companies and other tech companies are working to increase the strength of their digital security. Most recently, security researchers have reportedly discovered a way to take control of one of the most tech-heavy vehicles on the road today: Tesla Model S.
In a report by Financial Times, researchers Kevin Mahaffey and Marc Rogers were able to completely disable a Model S as it drove along at low speed. Wired went into further detail, their writer and experts actually explained how the hackers were able to gain control of the vehicle. They noted an exploit that requires physically plugging a laptop into the Model S dashboard. Once a computer is connected to the vehicle, you are actually able to start and drive the Tesla through laptop commands. Researchers were even able to plant a remote-access Trojan into the car’s software while the laptop was connected, allowing them to remotely cut the car’s motor at a later time.
The problem with this tech was noted to be Tesla’s large center dash touchscreen. It uses an out-of-date browser that potentially allows for an attacker to gain wireless control of the car if the owner navigated the dashboard touchscreen to a malicious web page. It was not reported whether or not researchers specifically tested this vulnerability. However, the researchers found reported six vulnerabilities in the Model S’s software. They have since worked hand-in-hand with Tesla to develop fixes for them. On August 5th, an over-the-air patch was distributed to every Model S to close the loopholes discovered by the researchers.
The researchers stated that they chose to hack the Tesla because of the electric car maker’s reputation for technology. A Tesla spokeswoman emailed recently made a public statement to Popular Mechanics regarding the issue:
“Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards. Lookout’s research was a result of physically being in Model S to test for vulnerabilities. We’ve already developed an update for the vulnerabilities they surfaced which was made available to all Model S customers through an OTA update that has been to deployed to all vehicles. “
At the very least, Tesla was able to push out the fix over-the-air— other car companies end up requiring owners to bring their cars to a dealership, or download the fix to a thumb drive. Hacking into vehicles has been in the news for a couple of years now: Car and Driver even ran a feature on the various ways cars could be hacked in 2011, two hackers released a car-hacking code publicly in 2013 and demonstrated how it worked.
Hacking into cars is part of this strange future-world we live in here, and it doesn’t take much. Believe it or not, however, old-school methods of car theft deterrent may be more effective than any technological overhaul. Remember the 90s when people used to put those ridiculous locks that hook onto steering wheels? It turns out that because car theft has become increasingly reliant on modern technological means, old-school methods of protecting your car such as these locks make things really inconvenient for thieves. Looking into non-technological means for vehicular security such as these lock/security contraptions are not a perfect solution, but they should keep you generally on guard while manufacturers and other agencies develop consumer-ready cybersecurity for your vehicle.