In this era of connected cars, despite of the benefits that they bring to the car owners, there is also some disadvantage that the car makers need to solve so that they can ensure the car owners that their cars are secured.
A team of security researchers, Kevin Mahaffey and Marc Rogers, gave a presentation on how they hacked into a Tesla Model S at this year’s Def Con hacking conference, control the car and put it to a stop. However, by looking at the steps that they have done, it is proven that it is not easy to hack Tesla’s system. On top of that, Tesla has been fast to fix the security loophole by sending OTA (Over the Air) updates to the car system making Tesla’s car to be the most secured car when compared to other carmakers’ product such as Fiat Chrysler or GM. Fiat Chrysler, for example, took about 18 months to fix a major vulnerability and issued a patch via mailed USB stick.
To hack a Tesla Model S, the team purchased it and started to tear apart its dashboard and centre console. In the end, they found a file called carKeys.tar on an SD card which housed the file system. They encountered a lot of dead ends before they found an Ethernet port which they used to connect to the car’s network and thus Tesla’s VPN (Virtual Private Network).
Through this access, they downloaded and decompiled the car’s firmware and thus it leads them to insecure folder of passwords. The hackers then spoofed the Wi-Fi network at Tesla service center and accessing software which controls all the vehicle functions, QtCarVehicle. Finally, they are able to control the car and put it to a stop.
It seems that Tesla’s biggest concern is the cybersecurity and the company is trying to make their product as secured as possible. The company even started a bug bounty program which rewards independent hackers with $25-$10,000 to inform them about their products’ vulnerability.