As part of its efforts to secure its vehicles from hackers, Tesla Motors Inc recently applied a major security update to software being used in its electric cars. A report in Wired suggest that the electric car manufacturer implemented the new protection to make it difficult for even top-notch hackers to break into its vehicles’ systems.
According to the report, the Palo Alto firm made security updates after researchers at the Chinese firm Tencent exposed a chain of security problems in a Tesla S. The researchers showed the company how they could burrow through the WiFi connection of a Tesla S all the way to its driving systems and remotely activate the moving vehicle’s brakes.
What Tesla Did To Block Future Attacks
Rather than fixing any one of the bugs to prevent attacks, the Palo Alto company implemented a more fundamental security feature to protect its network.
The car maker install a new measure that requires any new firmware written to components on the CAN Bus be digitally signed with a cryptographic key only Tesla possesses. The CAN Bus is the internal network of computers that control everything from steering and brakes to windshield wipers.
The new protection makes the future hacking of the company’s vehicles more difficult, according to the report. The company pushed out the new feature, known as code signing, wirelessly in a software update earlier this month. The software was updated in all Tesla S cars and Tesla X SUVs models.
With this upgrade, Tesla’s in-vehicle security systems become less like a malware-prone Windows PC and more like a locked-down iPhone.
“Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust,” Tesla Chief Technical Officer JB Straubel said.
Straubel noted that the company has been working on the code-signing feature for months but accelerated its rollout when the Tencent team reported their attack.
The company’s security team did a quick job and rollout the feature in all Tesla S and X vehicles within 10 days. Straubel also said that the code-signing feature should be considered a standard for the auto industry.
“This is what the world needs to move towards,” Straubel said. “Otherwise the door is thrown wide open anytime anyone finds a new vulnerability.”
Tesla Applauds Chinese Researchers, and Will Pay Them
Earlier this month, Tencent KeenLab team shared its attack technique with Tesla. The company quickly fixed the browser vulnerability and created patches for the Linux kernel flaw.
At the same time, the company’s security team pushed out the code signing upgrade, which was very important. With this protection, any hacker can get deep enough into the vehicles’ systems to rewrite the firmware of the driving components.
“The browser vulnerability is not the real issue,” Straubel said. “We felt it was most relevant to respond to the piece that’s the real risk.”
Acknowledging KeenLabs’ researchers work, Straubel said that Tesla Motors Inc will pay them a monetary reward as part of company’s bug bounty program.
“They did good work, Straubel said, adding that the team helped the company “find something that’s a problem we needed to fix. And that’s what we did.”