Chinese hackers breach Tesla defences
Chinese hackers have taken over some controls of a moving Tesla from 12 miles away.
Researchers from Keen Security Lab in Shanghai gained access to the motor that moves the driver’s seat, turns on indicators, opens the sunroof and activates window wipers. The attacks also appeared to compromise the touch screen that controls certain Tesla functions.
The team was also able to trigger sudden braking while the car was moving at a slow speed. It has not revealed details of the hack but disclosed flaws to Tesla.
Tesla said the safety issues were addressed within 10 days, adding, ‘We engaged with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind [the] demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.’
Brian Spector, CEO at MIRACL, said, ‘These hacks demonstrate the serious problems around identity verification in today’s connected cars. Having very limited encryption, identity management and data protection within such a powerful computer is extremely dangerous and poses a real and serious threat to everyone using our roads today. Move forwards to the increasing trend for driverless cars, and the potential fallout from this lack of authentication becomes even more frightening.’
He continued, ‘For connected cars to become more secure, relationships must be established within each and every component within a vehicle, to ensure that only a legitimate operator can control the connected devices within a car. Given the huge number of components in connected cars, hackers usually find a pathway by following a ‘weakest link’ scenario which attacks the easiest point of entry to the vehicle. This problem is compounded by the array of parts that comprise a vehicle, and the lack of a security protocol that ensures they will all work together safely and securely.
‘The current security checks often fail because they rely on slow, centralised identity verification services. To connect the components more quickly and autonomously, manufacturers should deploy a distributed trust model which allows for fast pre-authorisation, and removes the roadblock of a centralised service.All of this requires a serious system upgrade and a greater drive for security awareness among manufacturers as well as consumers who use connected cars.’