Tesla Motors has issued a security update for its Model S after cybersecurity researchers discovered a flaw in the car's software that made it possible for hackers to control the vehicle. By accessing just a little bit of data from the car, researchers were able to manipulate stereo settings or even turn off a Model S remotely.
Kevin Mahaffey, co-founder and chief technology officer of the security company Lookout, and Marc Rogers, principal researcher for CloudFare, discovered that the Model S was using an out-of-date browser that included a four-year-old Apple WebKit vulnerability, enabling a hacker to either start or shut down the car by using an Apple iPhone. The researchers, who plan to present their findings Friday at the Defcon hacking conference in Las Vegas, informed the company about the flaws and worked with J.B. Straubel, Tesla's chief technology officer, to resolve the issue. Tesla, the tech-forward electric-car company owned by entrepreneur Elon Musk, issued an over-the-air software update to fix the problem Wednesday.
“This is something that seemed completely natural, in the DNA of how you build a connected product,” Straubel told National Public Radio. “This is not a new concept in any way, shape or form.”
Compare that instant fix to the approach Fiat Chrysler Automobiles used when a video produced by Wired magazine revealed that it's also possible for outsiders to take full control of a Jeep -- even stop the vehicle in the middle of a highway. The car company, which was repreatedly warned about the security vulnerabilities before it went public, announced it would mail out USB flash drives to owners of the affected vehicles. The approach was immediately criticized as an example of the car industry's lack of foresight on security issues.
“If you have a good patch process, it can solve a lot of problems,” Mahaffey told Wired. “If you look at a modern car, it's running a lot of ... software and it needs to be patched as frequently or sometimes even more frequently than a PC, and if you have to bring your car into a dealership ... evey week or every month, that's just a pain in the a-- ... I think every car in the world should have an over-the-air process if they're connected to the Internet.”