Cars manufacturer Tesla is well protected against hacking, according to two researchers who eventually painstakingly did manage to hack a Tesla Model S. Marc Rogers of CloudFlare and Kevin Mahaffey of Lookout Mobile found a total of six vulnerabilities in the Tesla, as they leave today via a blog posting know. The two researchers will present their findings this week at the Def Con conference presenting in Las Vegas.
For the study, about two years confiscated, they had to get the car literally falling apart. Through the vulnerabilities they had full control of the infotainment system of the vehicle. They then installed malware was remotely controlled and which they could carry out all actions that could also be implemented through the touchschreen or smartphone app of the Tesla. Thus it was possible to switch from the car while it was driving, so the examiner opposite Forbes know.
In addition to the required physical access to the researchers discovered that it was possible to attack the remote infotainment system. The system used a vulnerable browser, with a four year old WebKit vulnerability, reports Wired . This allows an attacker would the car remotely attacks as a Tesla user from the car a malicious website would visit. In this case it would also be possible to start the engine remotely or turn off.
However, the researchers discovered that Tesla had introduced a security measure. In case the engine is switched off when the car is driving, the brake is activated and stop the car if the speed falls below 8 km per hour. The researchers reported the problems to Tesla, which has delivered an update. Unlike Chrysler, which because of security issues had to recall 1.4 million cars so that they could be updated using a USB stick, Tesla updates brings "over-the-air" and require customers to bring their vehicle back to the dealer. However, they must accept the update, because there is no automatic installation location.
No comments:
Post a Comment