Tesla Motors Fixes Security Issue, Thanks Hackers With a Bounty Check

Tesla Inc (TSLA)

As part of its efforts to secure its vehicles from hackers, Tesla Motors Inc recently applied a major security update to software being used in its electric cars. A report in Wired suggest that the electric car manufacturer implemented the new protection to make it difficult for even top-notch hackers to break into its vehicles’ systems.

According to the report, the Palo Alto firm made security updates after researchers at the Chinese firm Tencent exposed a chain of security problems in a Tesla S. The researchers showed the company how they could burrow through the WiFi connection of a Tesla S all the way to its driving systems and remotely activate the moving vehicle’s brakes.

Tesla Motors Inc (NASDAQ:TSLA) Autopilot

What Tesla Did To Block Future Attacks

Rather than fixing any one of the bugs to prevent attacks, the Palo Alto company implemented a more fundamental security feature to protect its network.

The car maker install a new measure that requires any new firmware written to components on the CAN Bus be digitally signed with a cryptographic key only Tesla possesses. The CAN Bus is the internal network of computers that control everything from steering and brakes to windshield wipers.

The new protection makes the future hacking of the company’s vehicles more difficult, according to the report. The company pushed out the new feature, known as code signing, wirelessly in a software update earlier this month. The software was updated in all Tesla S cars and Tesla X SUVs models.

With this upgrade, Tesla’s in-vehicle security systems become less like a malware-prone Windows PC and more like a locked-down iPhone.

“Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust,” Tesla Chief Technical Officer JB Straubel said.

Straubel noted that the company has been working on the code-signing feature for months but accelerated its rollout when the Tencent team reported their attack.

The company’s security team did a quick job and rollout the feature in all Tesla S and X vehicles within 10 days. Straubel also said that the code-signing feature should be considered a standard for the auto industry.

“This is what the world needs to move towards,” Straubel said. “Otherwise the door is thrown wide open anytime anyone finds a new vulnerability.”

Tesla Applauds Chinese Researchers, and Will Pay Them

Earlier this month, Tencent KeenLab team shared its attack technique with Tesla. The company quickly fixed the browser vulnerability and created patches for the Linux kernel flaw.

At the same time, the company’s security team pushed out the code signing upgrade, which was very important. With this protection, any hacker can get deep enough into the vehicles’ systems to rewrite the firmware of the driving components.

“The browser vulnerability is not the real issue,” Straubel said. “We felt it was most relevant to respond to the piece that’s the real risk.”

Acknowledging KeenLabs’ researchers work, Straubel said that Tesla Motors Inc will pay them a monetary reward as part of company’s bug bounty program.

“They did good work, Straubel said, adding that the team helped the company “find something that’s a problem we needed to fix. And that’s what we did.”

All trading carries risk. Views expressed are those of the writers only. Past performance is no guarantee of future results. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate. This website is free for you to use but we may receive commission from the companies we feature on this site.

Leading Social Trading Platform with 0% Commission

Leading Social Trading Platform with 0% Commission

Leading Social Trading Platform with 0% Commission


75% of investors lose money when trading CFDs.

Leading Social Trading Platform with 0% Commission

75% of investors lose money when trading CFDs.

HTML Snippets Powered By : XYZScripts.com