Six vulnerabilities were found, Tesla has already fixed one

Aug 6, 2015 15:06 GMT  ·  By

Kevin Mahaffey, co-founder of cyber-security firm Lookout, and Marc Rogers, security researcher at CloudFare, have managed to hack a Tesla Model S car.

In a report they plan to unveil tomorrow at the DEF CON conference in Las Vegas, the two claim to be able to infiltrate the car's complex electronic and digital systems by plugging into a CAN bus connector they found behind the car's driver-side dashboard.

With this port as an entry point for their connection and leveraging four other separate vulnerabilities together, the two were able not only to start the car but also to open doors, change dashboard data, and even shut down the car in mid ride.

The intrusion's source was through the car's infotainment system, and the two security researchers also loaded a malware string that they were able to use for controlling the car remotely.

During their experiments, the two noted two hidden security features, added by Tesla engineers to protect passengers’ lives.

The car would still allow a driver to control it when hacked at high speeds

When Mr. Mahaffey and Mr. Rogers tried to stop the car in mid ride, the two observed how it would actually go into neutral and allow the driver to slowly come to a stop into an open area.

Only when traveling at speeds of under 5Mph / 8 Kmph would the car completely go unresponsive, but in this case, the hand break would be enough to stop the car at any point.

In a statement for Forbes, Mr. Rogers said that the Tesla Model S is “ironically [...] the only car that can protect itself against a successful cyber attack.”

A total of six vulnerabilities were discovered and reported by the researchers to Tesla, which has already launched a fix for one and is preparing patches for the other.

The first fix was delivered using an "over the air" update system, the same mobile carriers use today to update Android devices. This is a big difference from its competitor, Chrysler, which had to recall around 1.4 million cars, or in some cases, even send the updates on a USB stick via mail.