2016 has been a trying year for Tesla. There was a fatal crash by a driver using Tesla’s autopilot. The company was drawn into a controversy about whether or not it covered up suspension problems. It became the target of a Wall Street short seller. And perhaps most ominously, hackers were able to take control of a Tesla Model S from 12 miles away. (In particular, their ability to tamper with the car’s brakes is terrifying.)
Andy Greenberg explored Tesla’s response in Wired. He notes that the hacking of something as complex as a car isn’t the result of a single vulnerability but taking advantage of “a series of exploitable bugs that create a path through the target’s maze of defenses.”
Tesla could have stopped the hack by fixing the bugs (indeed, just fixing one would be enough to stop this particular hack), but decided that a more sweeping approach was needed. Greenberg writes:
“Tesla added a measure that requires any new firmware written to components on the CAN Bus—the internal network of computers that control everything from steering and brakes to windshield wipers—be digitally signed with a cryptographic key only Tesla possesses. The new protection, known as code signing, was pushed out wirelessly in a software update earlier this month to all Tesla S cars and Tesla X SUVs. It amounts to far tighter control over who can reprogram sensitive components. The upgrade makes Tesla’s in-vehicle security systems less like a malware-prone Windows PC and more like a locked-down iPhone.”
And yes, you read that last sentence correctly: your car is currently more hackable than your phone. As companies race to create the first fully self-driving car, clearly one of the key struggles for technology in coming years will be ensuring that as computers run more and more of our vehicles, we find ways to keep them under the control of the people we want controlling them.
To read the full article and learn exactly how the Tesla hacking occurred, click here. Below, watch the video from the Chinese group responsible for the hack that forced Tesla to update it’s security systems.
This article was featured in the InsideHook newsletter. Sign up now.