As cars get increasingly connected, hacking becomes a major issue for automakers and consumers alike. Not long ago, two hackers demonstrated how easy it is to remotely hijack a Jeep Cherokee and now the Tesla Model S has been targeted by a similar attack.
Two researchers have discovered that they could plug their laptop into a network cable behind a Model S’ driver’s-side dashboard, allowing them to start the car and drive it using software commands. While at it, they were also able to plant a remote-access Trojan on the car’s network and later used the virus to remotely cut the Model S’ motor while someone else was driving.
The vulnerabilities were discovered by Kevin Mahaffey, co-founder and CTO of mobile security firm Lookout, and Marc Rogers, principal security researcher for CloudFlare, after about two years of digging through the architecture of a Tesla Model S. Both hacks require an initial physical access to the car and control of the car’s infotainment system, which has the ability to start the car or cut power.
Hackers also discovered that the infotainment system was using an out-of-date browser, which included a four-year-old Apple WebKit vulnerability that could allow an attacker to perform a fully remote hack to start the car or cut the motor. Overall, the hackers found six vulnerabilities in the Tesla Model S and worked with the automaker to develop fixes for some of them.
On Wednesday, Tesla Motors distributed a patch to every Model S on the road. “Tesla has taken a number of different measures to address the effects of all six vulnerabilities,” a Tesla spokeswoman told Wired. “In particular, the path that the team used to achieve root (superuser) privileges on the infotainment system has been closed off at several different points,” she added, also noting that the effects of some other vulnerabilities have been mitigated.