Tesla updated its Model S car after the discovery of six flaws that could allow an attacker to take control its entertainment software and hijack the vehicle.
With access to the entertainment software, Kevin Mahaffey, CTO of security startup Lookout, and Marc Rogers, a security researcher at CloudFlare, turned off the engine while a person was driving, changed the speed and map information displayed on the touch screen, opened and closed the trunk and controlled the radio.
The two, who presented their findings Friday at the DEFCON in Las Vegas, also uploaded a remote access application that allowed them to lock and unlock the car using an iPhone.
Mahaffey did say, however, physical access to the car was a requirement to carry out the hack. For their research, he and Rogers plugged a laptop into a Model S Ethernet port and exploited the vulnerabilities until they tapped into the entertainment software. They didn’t provide details on which flaws they used.
Any hacker worth their weight can get into a software program and the assumption is it won’t be long before attackers will be able to remotely attack a car’s entertainment applications, Mahaffey said.
Much like any control system in the manufacturing automation industry, it is impossible to prevent an attack from hitting a car’s computer system, Mahaffey said.
One way to bolster a car’s security is by increasing the protection around individual components, which could stop a hacker from using one compromised system to access another.
Tesla was lacking in this area, Mahaffey said. The automaker’s update should take care of that issue.
On Thursday, a spokeswoman for the Palo Alto, CA-based car maker said it issued a patch for the flaws. The company uses an over-the-air system to update its vehicles’ software.