There were several interesting tidbits of information about Tesla that came out of Elon Musk’s talk at the National Governors Association this weekend, like removing the possibility of a solar roof option on the Model 3 and announcing that 2 or 3 more Tesla Gigafactories are coming to the US.
But Musk also made some interesting comments on Tesla’s approach to cyber security that received less attention.
Home Solar Power
The increasing connectivity in vehicles has made them more subject to hacking in recent years and there’s no more connected vehicle on the road today than Tesla’s.
At the National Governors Association this weekend, Musk gave some more interesting insights into Tesla’s security effort and especially related to once their vehicles become fully autonomous:
“I think one of the biggest concern for autonomous vehicles is somebody achieving a fleet-wide hack.”
He followed with an interesting example of what someone could do with that kind of access:
“In principles, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ [laugh] – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”
And that’s like a best case scenario.
Musk continued with what Tesla is doing to try to prevent that:
“We gotta make super sure that a fleet-wide is basically impossible and that if people are in the car, that they have override authority on whatever the car is doing. If the car is doing something wacky, you can press a button that no amount of software can override and ensure that you gain control of the vehicle and cut the link to the servers.”
Then even if someone gains access to the car, Tesla has already implemented some features to prevent taking over important sub-systems. Musk added:
“Within the car, there are multiple sub-systems that have specialized encryption, like the powertrain for example. Even if someone gains access to the car, they cannot take control of the powertrain or braking system.”
That’s something that came to light last year when a Chinese whitehat hacker group, the Keen Security Lab at Tencent (a Chinese conglomerate that later became a major Tesla shareholder), managed to remotely hack the Tesla Model S through a malicious wifi hotspot.
Once gaining access, the hackers were able to upload their own software to take control of the vehicle, but Tesla pushed a fix with code signing to add a cryptographic key to change onboard software. Tesla CTO JB Straubel said at the time:
“Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust. This is what the world needs to move towards. Otherwise the door is thrown wide open anytime anyone finds a new vulnerability.”
Musk added that it has become his top concern from a security standpoint and he believes that it will become a growing concern in the future. The CEO added that Tesla has been building a software expertise that is giving them a lead in that regard. He even warned other car companies that it could become a problem.
Here’s the relevant part of his talk at the National Governors Association: