Skip to main content
  1. Home
  2. Cars
  3. News

Tesla issues software patch after hackers take control of a Model S

By

Tesla Model S
Six significant security flaws with the Tesla Model S let hackers take control of the vehicle, a team of American researchers has found.

Kevin Mahaffey, the chief technology officer of cybersecurity firm Lookout, and Marc Rogers, the principal security researcher at Cloudflare, explain that they chose to hack into a Tesla because the Silicon Valley-based company seemingly understands software better than most car makers. The results they obtained were surprising.

Recommended Videos

“The handbrake comes on, lurching it to a stop.”

“We shut the car down when it was driving initially at a low speed of five miles per hour. All the screens go black, the music turns off, and the handbrake comes on, lurching it to a stop,” said Rogers in an interview with the
Related
Financial Times.

Whether a hacker can turn off the electric sedan at speeds higher than five miles per hour was not disclosed. The researchers will release full details about the hack, including precisely how the S was hacked and a full list of the security flaws, during the Def Con conference that will open its doors in Las Vegas, Nevada, today.

Mahaffey and Rogers spent about two years studying the architecture of the Model S. Wired reports that the researchers managed to start and drive the car using software commands by simply plugging a laptop into a network cable behind the dashboard. They also managed to shut down the engine using a remote-access Trojan that they physically installed on the network. Finally, they noted that the infotainment system uses an outdated browser with an Apple WebKit vulnerability that hackers can potentially use to remotely take control of the car.

Tesla has not issued an official response, but it quickly designed an over-the-air patch that has already been sent to Model S owners.

“Tesla has taken a number of different measures to address the effects of all six vulnerabilities reported by [the researchers]. In particular, the path that the team used to achieve root (superuser) privileges on the infotainment system has been closed off at several different points,” said a company spokeswoman.

The news comes a mere weeks after two software engineers remotely hacked a late-model Jeep Cherokee. The hack exposed a serious security flaw with the Harman-designed Uconnect infotainment system that equips about 1.4 million Chrysler, Dodge, Jeep and Ram vehicles built between the 2013 and 2015 model years.

Harman stresses that only Fiat-Chrysler’s Uconnect software can be hacked because it’s about five-years old and it lacks the security features found in its more modern counterpart. However, the National Highway Traffic Safety Administration (NHTSA) is taking a closer look at about 2.8 million cars, trucks, and vans equipped with a Harman-designed infotainment system because it’s worried that all of the company’s infotainment systems could suffer from similar vulnerabilities.

Editors' Recommendations

Topics
Ronan Glon
Ronan Glon
Contributor
Ronan Glon is an American automotive and tech journalist based in southern France. As a long-time contributor to Digital…
Tesla recalls 363,000 of its vehicles over safety issue
Beta of Tesla's FSD in a car.

Tesla has issued a voluntary recall for 362,758 of its electric vehicles in the U.S. to fix an issue with its Full Self-Driving (FSD Beta) software. If not addressed, the vehicles are at risk of causing an accident.

According to the National Highway Traffic Safety Administration (NHTSA), the recall affects Model S, Model X, Model 3, and Model Y vehicles from 2016 through 2023 model years that have Tesla’s driver-assistance FSD software.

Read more
Samsung brings the Galaxy S23’s new software to older phones
Android 13 logo on the Samsung Galaxy S23 Ultra.

Samsung this week announced that it will be rolling out its latest One UI 5.1 software to current Galaxy devices, including the Galaxy S22, Galaxy Z Fold 4, and Galaxy Z Flip 4 lineups. The company debuted the Android 13-powered One UI 5.1 update on the Galaxy S23 Ultra this month, and it's bringing those extra features to general users.

“One UI 5.1 is the up-to-date example of Samsung’s commitment to providing Galaxy users with the latest innovations as soon as possible,”  Samsung's Janghyun Yoon said in a blog post. “Over the past several weeks, we have worked closely with our service providers and carrier partners to bring One UI 5.1 to current Galaxy smartphones and tablets around the world within a few short weeks of the Galaxy S23 series announcement.”

Read more
Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more