Researchers hack Tesla S

Researchers have succeeded in hacking into a Tesla S, which first required physical access to the car. The vulnerabilities gave them control over the car’s infotainment system, after which they could turn the car off while driving.

Cloudflare researchers Marc Rogers and Lookout Mobile’s Kevin Mahaffey reported their findings in a blog post Thursday. Later they will present the hack at Def Con. Meanwhile, Tesla has solved the security problems with an over the air update. To install the update, users must accept it.

The entire investigation lasted two years, during which the researchers uncovered six vulnerabilities. Initially, physical access was required via a plugged-in network cable behind the dashboard to gain full control over the infotainment system and install a Trojan horse, Wired reports. After that, it was possible to perform any action on the touchscreen in the center of the car remotely. In one case, the researchers were able to turn off the engine while driving. In that case, the handbrake was activated when the speed fell below eight kilometers per hour. At speeds above that, the engine could also be turned off, but the driver still had full control over the steering.

An important part of the research was answering the question: ‘how do we make cars resistant to cyber attacks?’ The researchers indicate in their post that Tesla made some very good design decisions when designing the Model S, even though there are still improvements that can be made.

In an email to Wired, a spokesperson wrote that all discovered vulnerabilities have been solved. The system no longer allows root access to the infotainment system in the way the researchers could. Several other vulnerabilities were also patched at the same time, such as further ‘isolating the browser from the rest of the infotainment system’.