Tesla arguably makes the most technologically advanced car on earth — it runs on electricity, is permanently connected to the Internet and can upgrade how it accelerates through a software download.
So, of course, hackers want to break it.
And they did, sort of, according to research to be unveiled at the Def Con hacker conference here this week. Two researchers said they devised a way to force the car to power down and come to a stop, but only after they had physical access to the vehicle and directly connected a laptop to its onboard computer.
The findings are the latest indication of the risks auto makers face as they turn cars into rolling computers. Last month, two other researchers made headlines when they showed how they could remotely hack a Jeep Cherokee as it rolled down a St. Louis-area highway. Fiat Chrysler has since issued a fix for that bug.
Both the Jeep and Tesla hacks take control of the car through the entertainment system.
In Tesla’s case, Kevin Mahaffey, the chief technology officer at Lookout, and Marc Rogers, a researcher at Cloudflare, said they found that Tesla had built in several controls to prevent hacks of the entertainment system from affecting the car’s movement.
But after testing, they figured out how to effectively power down a Model S by hacking the entertainment system. The maneuver brings the car to a sudden stop if it’s traveling less than about 5 miles per hour, the two researchers said. If the car is moving faster, it will gradually coast to a stop.
Tesla said all Model S customers will have access to a patch for the issue by Thursday. The two researchers are presenting their hack on stage Friday.
Palo Alto, Calif.,-based Tesla has shown more interest in cybersecurity than Detroit auto makers. Its top security executive attended Def Con last year with a Model S to recruit young hackers to help make the cars safer. It recently hired Chris Evans, the respected head of security for Google ’s Chrome browser, to lead its security team.
Mahaffey and Rogers acknowledge it’s unlikely hackers would be able to take advantage of the flaws they found to take over a car, since it would require physical access to the inside of the vehicle.
But Mahaffey said that’s likely only temporary consolation. “We assume that bad guys are going to be able to figure out remote access,” he said.