{"id":6082,"date":"2015-08-11T06:24:43","date_gmt":"2015-08-11T10:24:43","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=6082"},"modified":"2019-11-22T10:13:20","modified_gmt":"2019-11-22T10:13:20","slug":"tesla-model-s-being-hacked-and-patched-blazing-fast","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/tesla-model-s-being-hacked-and-patched-blazing-fast\/6082\/","title":{"rendered":"Tesla Model S being hacked and patched blazing-fast"},"content":{"rendered":"<p>If hacking were high fashion, this season\u2019s hot trend would be car hacking. Shortly after researchers <a href=\"https:\/\/twitter.com\/0xcharlie\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Charlie Miller<\/a> and <a href=\"https:\/\/twitter.com\/nudehaberdasher\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Chris Valasek<\/a> revealed <a href=\"https:\/\/www.kaspersky.co.uk\/blog\/blackhat-jeep-cherokee-hack-explained\/\" target=\"_blank\" rel=\"noopener\">details on Jeep Cherokee\u2019s breach<\/a>, another team managed to take over a Tesla S Model electric car.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BlackHat?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#BlackHat<\/a> 2015: The full story of how that Jeep was hacked <a href=\"https:\/\/t.co\/y0d6k8UE4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/y0d6k8UE4n<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/bhUSA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#bhUSA<\/a> <a href=\"http:\/\/t.co\/SWulPz4Et7\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/SWulPz4Et7<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/629651596876644352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Co-founder and CTO of mobile security firm Lookout <a href=\"https:\/\/twitter.com\/dropalltables\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kevin Mahaffey<\/a> and his partner <a href=\"https:\/\/twitter.com\/marcwrogers\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Marc Rogers<\/a>, principal security researcher for CloudFlare, found six vulnerabilities in the car\u2019s systems and collaborated with the Tesla Company for several weeks to create fixes.<\/p>\n<p>Though the patches have been revealed, the incident is already notorious. Security holes allowed a criminal take a PC, physically connect it to the Ethernet network inside of a car and use a software command to dash away \u2014 also time to say \u201cgoodbye\u201d to your $100,000 vehicle. Alternatively, malefactors could infect the system with a Trojan, which would let them cut an engine remotely, with a person driving the car.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/08\/05195028\/tesla-hack-2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-6084\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/08\/05195028\/tesla-hack-2-1024x757.jpg\" alt=\"tesla-hack-2\" width=\"1024\" height=\"757\"><\/a><\/p>\n<p>Testing potential threats, researchers gained full control of the entertainment system. They could open and closed windows, lock and unlock doors, raise and lower the suspension and cut power to the car.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>#Tesla Model S being #hacked and #patched blazing-fast<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FqYB5&amp;text=%23Tesla+Model+S+being+%23hacked+and+%23patched+blazing-fast\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Still, Tesla did not make the same mistakes <a href=\"https:\/\/www.kaspersky.com\/blog\/remote-car-hack\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Chrysler did<\/a>. Its cars are equipped with a system that activates the hand brake if a power is cut in a moving vehicle.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">ICYMI, researchers hacked a Model S, but Tesla\u2019s already released a patch <a href=\"http:\/\/t.co\/4fSC2tJSo8\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/4fSC2tJSo8<\/a><\/p>\n<p>\u2014 WIRED (@WIRED) <a href=\"https:\/\/twitter.com\/WIRED\/status\/629427989558751232?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 6, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>At the speed less than 8 km\/h (~4 mph) the car would lurch until it stops; for higher speeds the company has taken special precautions. During the test on high speeds, the car went neutral while the driver retained control of the steering and brakes and was able to pull the car over. The airbags also remained fully functional.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How the Jeep hack reveals Tesla\u2019s biggest advantage <a href=\"http:\/\/t.co\/Cs2e6USvvJ\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/Cs2e6USvvJ<\/a><\/p>\n<p>\u2014 TIME (@TIME) <a href=\"https:\/\/twitter.com\/TIME\/status\/629711607392829440?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In the similar situation Chrysler had to <a href=\"http:\/\/arstechnica.com\/security\/2015\/07\/fiat-chrysler-recalls-1-4-million-cars-over-remote-hack-vulnerability\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">recall 1.4 million cars<\/a> for emergency security patches while Tesla Motors got away with over-the-air patching. Ironically, some car companies provide security patches quicker, than many <a href=\"https:\/\/www.kaspersky.co.uk\/blog\/critical-android-mms-vulnerability\/\" target=\"_blank\" rel=\"noopener\">manufacturers of our smartphones<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The over-the-air patch from Tesla went to all cars yesterday. Drivers just have to click yes to accept update \u2013 <a href=\"http:\/\/t.co\/byVxGnrhnY\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/byVxGnrhnY<\/a><\/p>\n<p>\u2014 Kim Zetter (@KimZetter) <a href=\"https:\/\/twitter.com\/KimZetter\/status\/629310400861831168?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 6, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><i>\u201cIf you have a good patch process, it can solve a lot of problems. If you look at a modern car, it\u2019s running a lot of software and it needs to be patched as frequently or sometimes even more frequently than a PC, and if you have to bring your car into a dealership every week or every month, that\u2019s just a pain in the ass. I think every car in the world should have [an OTA process] if they\u2019re connected to the internet,\u201d<\/i> \u2014 <a href=\"http:\/\/www.wired.com\/2015\/08\/researchers-hacked-model-s-teslas-already\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">commented Mahaffey to Wired<\/a>.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/08\/05195026\/tesla-hack-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-6085\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/08\/05195026\/tesla-hack-1-1024x672.jpg\" alt=\"tesla-hack-1\" width=\"1024\" height=\"672\"><\/a><\/p>\n<p>Mahaffey and Rogers are going to continue their collaboration with Tesla on improving security of its vehicles. It\u2019s also reported that the company has also hired a new respected engineer from Google: <a href=\"https:\/\/twitter.com\/scarybeasts\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Chris Evans<\/a> will be the head of Tesla Motors security team.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers compete at finding security holes in infotainment systems of connected cars and breaking in. The new case proves that Tesla does care a lot about security at wheel.<\/p>\n","protected":false},"author":522,"featured_media":6083,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2026],"tags":[521,629,971,747,1085,1078,78,709,97,529,268],"class_list":{"0":"post-6082","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-car-hacking","10":"tag-cars","11":"tag-connected-devices","12":"tag-def-con","13":"tag-defcon23","14":"tag-exploits","15":"tag-hackers","16":"tag-research","17":"tag-security-2","18":"tag-threats","19":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/tesla-model-s-being-hacked-and-patched-blazing-fast\/6082\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/tesla-model-s-being-hacked-and-patched-blazing-fast\/5097\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/tesla-model-s-being-hacked-and-patched-blazing-fast\/3335\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/car-hacking\/","name":"car hacking"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/6082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=6082"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/6082\/revisions"}],"predecessor-version":[{"id":17879,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/6082\/revisions\/17879"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/6083"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=6082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=6082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=6082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}