Honk if You Got Hacked: Three Tesla Security Vulnerabilities Revealed
Here’s the bad news: Some hackers found three separate security vulnerabilities to take over multiple Tesla Model 3’s systems, such as its horn. But there is some good news: The experts in question were “white hat” hackers whose job is revealing security flaws to companies such as Tesla.
What are ‘white hat’ hackers?
Some folks who are talented at bypassing cyber security systems choose to use their powers for good, finding weaknesses and warning manufacturers to protect consumers. And many companies even pay these hackers for the information.
The name ‘white hat’ differentiates these do-gooders from ‘black hat’ hackers who bypass security systems to steal information, ransom the owner, or otherwise achieve their ends through nefarious means.
White hat hackers meet at conventions to compete and test security systems. One such convention is Pwn2Own in Vancouver. This competition offered any team that could hack a Tesla Model 3 infotainment system in 10 minutes a prize of $530,000–plus their own Model 3.
My colleague Peter Corn wrote more extensively on how the Pwn2Own hacking competition actually works.
The P3n2Own competition is not hosted or sponsored by Tesla. But Tesla does offer a $15,000 bounty to any white hat hackers who can identify a software flaw.
Synactiv’s experts hacked a Tesla Model 3 infotainment system for demonstrative purposes
Synactiv is a Paris-based “offensive security” company founded in 2012. Its 100+ employees offer consulting and audits of security systems. Pwn2Own’s Tesla challenge was a perfect way for Synactiv to show off what it can do.
Teslas are far too secure to hack with a single vulnerability. But Synactiv did its research and arrived in Vancouver prepared to exploit three separate security vulnerabilities, bypassing the entertainment system and proving they could gain access to the car–according to TechCrunch.
When presented with a stock Tesla Model 3 infotainment system, Synactiv’s experts first bypassed the regular Bluetooth chipset security, so they could connect with the system and execute whatever code they wanted. But that was just level one.
Secondly, the experts were able to give themselves what amounts to administrator privileges. And finally, they took control of the security gateway, so they could theoretically send commands to the rest of the car. I won’t get too technical on how they accomplished this, but futurism.com summed it up well:
“One of the exploits they used was…to gain access to the Tesla’s Gateway system that manages its energy consumption.” Because they had access to the components this system controls, the hackers could theoretically turn off lights, pop the trunk, activate wipers, and even honk the horn.
Is a Tesla’s electric powertrain vulnerable to hackling?
Even though security experts broke into an isolated Tesla infotainment system at the Vancouver hacking competition, the automaker argues that the vulnerabilities they exploited wouldn’t allow them to steer the car or accelerate/brake.
Because Synactiv went through the car’s infotainment system, their strategy is unable to take over a car that is turned off and to turn it on. But Eloi Benoist-Vanderbeken, a Synacktiv engineer, wasn’t sure about Tesla’s claim that their attack couldn’t compromise steering, acceleration, or braking. “from our understanding of the car architecture we are not sure that this is correct, but we don’t have proof of it.”
Another Synacktiv engineer warned Tesla: “Tesla cars are really well connected to the internet, so they need to take care of security because they are likely to be targeted more than other cars.”
Next, find out whether Tesla engineered its infotainment screens to fail, or see Telegraph’s report on how white hat hackers unlock Teslas in the video below: