http://nypost.com/2015/08/06/hackers-took-control-of-tesla-electric-car-and-turned-it-off/ Hackers took control of Tesla electric car and turned it off August 6, 2015 | By Reuters
Cybersecurity researchers said they took control of a Tesla Model S car and turned it off at low speed, one of six significant flaws they found that could allow hackers to take control of the vehicles, according to a report. Kevin Mahaffey, chief technology officer of cybersecurity firm Lookout, and Marc Rogers, principal security researcher at Cloudflare, said they decided to hack a Tesla car because the company has a reputation for understanding software more than most automakers, the Financial Times reported. “We shut the car down when it was driving initially at a low speed of five miles per hour,” Rogers told the paper. “All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop.” The hack will be detailed at cybersecurity conference Def Con in Las Vegas on Friday. Tesla is issuing a patch, which all drivers will have by Thursday, to fix the flaws, the FT said. Tesla could not be immediately reached for comment outside regular US business hours. The hack on Tesla follows a similar attack on Fiat Chrysler’s Jeep Cherokee last month that prompted the company to recall 1.4 million vehicles in the US. [© 2015 NYP Holdings] ... http://www.ibtimes.co.uk/tesla-model-s-hacked-researchers-discover-six-security-flaws-popular-electric-car-1514352 Tesla Model S hacked: Researchers discover six security flaws in popular electric car By David Gilbert August 6, 2015 http://www.greencarreports.com/news/1099460_tesla-model-s-hacked-in-low-speed-driving-patch-issued-details-tomorrow Tesla Model S Hacked In Low-Speed Driving; Patch Issued, Details Tomorrow: UPDATED By John Voelcker Aug 6, 2015 Fiat Chrysler Automobiles has come under intense public scrutiny after a pair of hackers took control of a Jeep Cherokee remotely through its Uconnect infotainment system and disabled certain features, including its brakes and transmission. Publicity around that vulnerability quickly led the company to recall 1.4 million vehicles for a fix, under strong pressure from the National Highway Traffic Safety Administration (NHTSA). Now, it's Tesla's turn. According to a report in Britain's Financial Times, two hackers will explain tomorrow at the DefCon conference in Las Vegas how they took control of a Tesla Model S electric car and switched it off while the car was running at low speeds. The article says that a pair of "white-hat" researchers--Kevin Mahaffey, chief technology officer of Lookout, and Marc Rogers, principal security researcher at Cloudflare--identified a collection of six security flaws that permitted the hack. They decided to target Tesla, they said, because of its reputation as a software-centric company--which might mean its software would be less vulnerable than that of legacy automakers. As it turned out, Tesla's Silicon Valley origins were apparently not enough to produce entirely secure vehicle control software. White-hat hackers are those who search for security flaws in order to push companies to fix them and focus more intently on preventing such flaws in the future. They contrast to "black-hat" hackers whose goals are malicious, destructive, and sometimes criminal. Mahaffey and Rogers acknowledged that they first had to gain physical access to the Tesla in order to accomplish their hack, requiring a physical connection via Ethernet cable that then allowed them to access the Model S remotely. According to the FT, the pair was able to "manipulate the speedometer to show the wrong speed, lower and raise the windows, lock and unlock the car and turn the car on or off." At low speeds--5 mph or less--they were able to shut the car down, which turned all the instruments and displays black and engaged the emergency brake--dragging the car to a stop. At speeds higher than that, however, while the screens went blank and the car's electric drive disengaged, the Tesla continued to offer power steering to the driver, who could steer it safely to the roadside. Tesla has already issued a patch, the company said, and all Tesla owners will be able to update their cars by today (Thursday, August 6, 2015). The researchers complimented Tesla for being able to update its control software so quickly via its unique "over-the-air software update" capability, built into all Model S cars since the start of production in June 2012. Vehicles built by conventional carmakers do not offer that ability; they must be brought into the dealer to change their software, with a few makers offering an exception for non-critical updates to infotainment systems that owners can install via USB drive. UPDATE: Green Car Reports reached out to Tesla Motors, which provided the following comment: Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards. Lookout's research was a result of physically being in Model S to test for vulnerabilities. We've already developed an update for the vulnerabilities they surfaced which was made available to all Model S customers through an over-the-air update that has been to deployed to all vehicles. [© 2015 Green Car Reports] For EVLN posts use: http://evdl.org/evln/ http://www.theautochannel.com/news/2015/08/04/138118-nissan-plots-most-electrifying-drive-routes-across-europe.html Nissan Plots 5 of the Most Electrifying Drive Routes Across Europe http://www.treehugger.com/cars/tesla-going-start-uber-competitor-self-driving-electric-cars.html ?Tesla partner with, or create its own Uber with autonomous EVs? http://www.foxsports.com/kansas-city/story/drive-an-electric-car-charge-it-up-while-watching-the-kansas-city-royals-080315 10 L2 EVSE @parking-lot-M Truman Sports Complex KC-MO + EVLN: Plugins get 9hrs in a 2hr parking zone> loophole will be plugged {brucedp.150m.com} -- View this message in context: http://electric-vehicle-discussion-list.413529.n4.nabble.com/EVLN-Tesla-praising-white-hat-hackers-6-security-flaws-turn-off-EV-tp4677114.html Sent from the Electric Vehicle Discussion List mailing list archive at Nabble.com. _______________________________________________ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
