Tesla Motors Inc is going to be hacked. At the Defcon event in Las Vegas on August 6 Elon Musk has agreed to open the Model S up to a range of hackers, and some of them are promising that they’re ready to show off exploits in the firm’s software that have never been seen before.
Lookout co-founder Kevin Mahaffey says that he has found six vulnerabilities in the software of the Model S that will allow the car to be hacked remotely or on site. Five of these, says Mr. Mahaffey, have yet to be fixed by the firm. Mahaffey promises to show off “intimate understanding of how the many interconnected systems in a Tesla Model S work and most importantly how they can be hacked.”
Tesla Motors gets hacked
There’s not info out there yet on the nature of the hacks that Mr. Mahaffey will reveal at Defcon 2015, but there’s little chance that any of them will be truly dangerous. His blog post mentions ways of getting data from the Model S rather than taking control of the car’s basic functions in order to cause chaos.
The hacks will allow users to “get a good understanding of the data that this connected car collects and what Tesla does with this telemetry.” He says that he will also be giving out a tool that will allow users to see that data for themselves.
Mahaffey isn’t taking the flack for Tesla Model S owners who try to hack their own car. In his post he wrote, “With great access comes great responsibility – In other words we are not responsible for any Tesla Model S bricked by over enthusiastic attendees of this talk.”
Tesla Motors is well known for its constant software updates, so none of the hacks are likely to be left open for very long. The firm’s connected cars use a wireless network in order to deliver over the air updates to owners. Updates aren’t just there to get rid of bugs and exploits, however, they can also be used to add new features to the car.
Elon Musk has put together software updates that increase the speed of acceleration in the Model S P85D, and one that adds a suite of software help to kill the “range anxiety” that many prospective Model S buyers reckon they’ll feel if they shell out for the EV.
A history of Model S hacks
This isn’t the first time that the Tesla Motors Model S has been opened up to those looking to hack it. At the SyScan conference which took place in Beijing from 16-17 July 2014, a Model S was on show and those attending the event were given free range to hack the car. The event offered a $10,000 prize to the first person to hack the car.
One team was able to take control of the car’s headlights, the horn and the door locks, though it appears that they did so by working through the Tesla Motors mobile app. That app is not able to control the core functions of the car, but the team was able to open the doors while the car was driving, something that could actually be a problem.
Charlie Miller, a car-hacking expert, said that most people weren’t aware that wireless networks could be used to control “physical aspects of our cars, like locks, speedometer, even braking and turning.” He added that the car world was “trying to figure out how to deal with this in light of the fact that we don’t know how to secure computers.”
There have been many other hacks of Tesla Motors software, though none of them have revealed any serious problems in the firm’s core Model S design. In April of this year the firm’s website was hacked by a group that called itself Autismsquad.
The hack was harmless, and was brought on by a flaw in AT&T procedures rather than any problem in Tesla Motors’ code. After the attack Tesla said “Our corporate network, cars and customer database remained secure throughout the incident.”
Most hacks in the Tesla Motors Model S have been used to get more data out of the car so that owners can find out how it works and how to make it better.
Tesla responded to some of those hacks with grace. After the SyScan conference revealed problems in the car’s software, the firm said it was in favor of “providing an environment in which responsible security researchers can help identify potential vulnerabilities,” so long as those involved acted in “good faith.”
Tesla Motors got in touch with some users who hacked their own cars and told that the hack could be considered a kind of spying, and would void their warranty if done again.
Tesla Motors warns of security failure
In their yearly reports public firms have to reveal the biggest risks that face their business to those that hold shares. One of the risks listed by Tesla Motors was hacking by those that get their hands on the car. “If our vehicle owners customize our vehicles or change the charging infrastructure with aftermarket products, the vehicle may not operate properly, which could harm our business,” the firm’s report reads.
Tesla tries to reduce that risk by keeping tabs on the software in the cars it sells. That’s why some owners were warned to stop messing with hidden parts of the software that the Model S runs on. It also delivers constant updates in order to make sure that any issues in older software are cleared up, even if the car is years old.
Other cars, like all devices, are open to hacking, but Tesla Motors has promised that it will allow its cars to drive themselves later on this Summer. When Model S Autopilot arrives, drivers may be more fearful about an attempt to hack their car.
Tesla Motors also started a program in June to shore up the security of its website. The program, which runs through a crowd-sourcing security site called Bugcrowd, offers bounties of between $25 and $1000 for hacks on its site.
So far Tesla has rewarded 27 users for finding issues on its site, but the firm doesn’t offer anything similar for the Model S, at least not anything that’s open to the public. There are whispers, however, that Tesla is putting more into the Defcon event next week than the firm has admitted to the media.
Defcon hacks a Tesla
The Defcon Tesla Motors hack hasn’t been sponsored by the firm, but Elon Musk’s team will have to watch the event closely. Mr. Mahaffey’s blog post, which said that one of the Model S exploits has already been fixed, makes it seem as if he has already been in touch with Tesla Motors regarding the software failures.
Back in April a Tesla Motors spokesperson said, “We do plan to have a presence at the conference (and Model S will be on display) as part of our recruiting efforts. Members of Tesla’s security look forward to attending to talk about the security of our cars the work the team does.”
Fans of pushing the Model S beyond its factory-set limits will be eager to see what the teams come up with, and Tesla Motors’ security team will be making sure that nothing that could cause danger to drivers will be brought to light at the event.