Earlier this month, we reported on a Chinese whitehat hacker group, the Keen Security Lab at Tencent, managing to remotely hack the Tesla Model S through a malicious wifi hotspot. It is believed to be the first remote hack of a Tesla vehicle.
The hackers reported the vulnerability to Tesla before going public and the automaker pushed an update fairly quickly, but now they released more details on the fix and it shows how serious Tesla is when it comes to security.
Following the publication of the hack by Keen Security Lab, Andy Greenberg, Wired’s top security reporter, talked to Tesla CTO JB Straubel who released more details about the situation and the scope of the update.
As described by Greenberg, the hacker found a vulnerability in the Model S’ browser, which is based on the open source browser framework WebKit. They then created a malicious wifi hotspot called ‘Tesla Guest’ to look like the wifi at Tesla’s service centers and when a Tesla would connect to it, the browser would push an infected website created by the hacker team.
That’s when another vulnerability found by the team in the Tesla’s Linux operating system allowed them to gain access to the instrument cluster.
From there, they can do a lot of things, but they can’t access dangerous functions like the activating a braking event like they demonstrated in their video:
That’s because Tesla’s head unit is separated from its CAN bus with a gateway. To complete their hack, the team replaced the gateway software with their own and that’s how they managed to take control.
Now about Tesla’s fix.
The automaker quickly responded by patching the two vulnerabilities in the Linux operating system and the web browser with an over-the-air- update, but they also went a step further.
Tesla added code signing, which consists of digitally signing the code with a cryptographic key only Tesla possesses, in order to only allow its own software to be installed on the system. Tesla CTO JB Straubel told Greenberg:
“Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust. This is what the world needs to move towards. Otherwise the door is thrown wide open anytime anyone finds a new vulnerability.”
He added that Tesla had been working on adding the feature for months, but the hack from Keen Lab pushed them to release it sooner as well as to release the patches for the two other vulnerabilities. They reportedly pushed it in just 10 days after the hackers reported it. Straubel added:
“They did good work. They helped us find something that’s a problem we needed to fix. And that’s what we did.”
Indeed, they did. There’s often a misperception among the old guard in the auto industry that these whitehat hackers, who can more accurately be described as security researchers, are not beneficial to the automakers. For example, this automotive reporter who called me “Baghdad Bob” for writing that Keen Lab’s work “made every Tesla on the road a little bit safer”:
Of course, it did. The vulnerabilities were there and now they are not. That’s why Straubel confirmed that Tesla will be rewarding the team with a bounty for their effort. As long as security researchers find those exploits before anyone with malicious intentions, the vehicles will keep getting safer.