Hack Attack Du Jour: Telsa S in Vegas

tesladashIt’s Def Con time, hackers are after everything they can crack. In honor of the hacking conference in Las Vegas, two hackers (aka researchers) say they found a way to slow down a Tesla S and stop it when they had physical access to the car and connect a laptop computer.

Kevin Mahaffey, the chief technology officer at Lookout, and Marc Rogers, a researcher at Cloudflare discovered a way to get into the car controls by hacking into the entertainment system.

In order to accomplish their task, they had to tear down the Telsa until they found the ethernet port for the CAN bus, the computer that controls the car. They also had to use four separate vulnerabilities to get control through the touchsreen. Then they could remove the speedometer, alter the suspension, unlock the doors/trunk, control the windows and shut down the car.

Their hack stops the car if it traveling at less than 5mph or the car will coast to a stop.

When the system discovered the hack to shut off the engine, the car stops. When the car was traveling faster, the screens went blank and the car shifted into neutral.

“Ironically that means it’s the only car that can protect itself against a successful cyber attack,” Rogers told Forbes.

After physical access, they added a remote access trojan (RAT) through a backdoor in Ubuntu operation System. They also found two vulnerabilities in the Webkit browser.

The hack is demonstrated at Def Con where there is a car hacking village.

Tesla Motors already sent out Over-the-Air update Version 6.2 (v2.5.21) to fix the security opening.

Previous hacks leading up to the Def Con conference included the remote Jeep Cherokee hack and the OwnStar OnStar GM hack.

After the Jeep Cherokee remote hack, NHSTA opened an investigation to see if other HARMAN infotainment systems had the same vulnerabilities. FCA recalled the vehicles and issued and update.

Previously, in July, 2014, Qihoo 360 Technology Co. was able remotely control the Tesla’s locks, horn, headlights and moon roof while the car was moving. The Tesla blog noted that Tesla didn’t endorse or provide the car. Telsa offered a prize of $10,000 to those who could successfully hack into a Tesla.