Hackers Prove That Tesla Cars Aren’t Safe From Attack

Internet connected cars are fun to drive, but they can have certain loopholes, making them fall prey to hackers.

GM, Ford, Toyota, Tesla, and a few others have introduced a new generation of electric, Internet-enabled cars. These cars are largely known as safe, but are they really?


Photo: EpicStockMedia / Shutterstock

Tesla owners recently received a wake-up call from their apparent security slumber. At a recent conference in China, it was revealed that Tesla cars can be hacked using basic and simple techniques. From the digitally controlled Powertrain to its LCD screen that operates everything from infotainment to climate control, the Tesla Model S gives more computing power than you could imagine; and this is the reason why this sedan is so tempting for hackers.

In fact, the Syscan +360 Beijing conference promised a bounty of $10,000 to the first one who could hack into Tesla Model S. A hacker group from Qihoo 360 Technology Co. was able to break into the system and play with the infotainment system, honk the horns, open the door locks and sunroof, and operate the headlights – while the car was moving.

There have been no official reports about how Qihoo accomplished this hack, but there is an indication that the hacker group broke into the mobile app of Model S and cracked its six-digit code. The company recently posted on its social networking channel, Sina Weibo, and warned Tesla drivers about it. The post said that the sunroof of the car can open suddenly, and thus the drivers should be careful while driving in rain.

Just Tesla? Should All Car Makers Be Concerned?

The one who leads the race is often the first to face all the difficulties lying ahead. The Tesla Model S is considered ‘hot’ because of the features it provides. Other brands are not far behind- Toyota, BMW, Ford, and other automobile pioneers are on the quest to provide their cars with superior APIs (Application Programming Interface).

4G is on the rise and it provides data access at super-fast speeds. With 4G’s nationwide networks, car manufacturers are heavily investing in projects to integrate our smartphone technology into our cars. Automakers already have the required systems in place – for example, BMW has ConnectedDrive and GM has OnStar.

Server-side Security

The new breed of connected automobiles is linked to the same device ecosystem which communicates with devices like thermostats, fitness trackers, and other products such as baby monitors. The companies dealing with these products have the reputation of using poor encryption techniques and maintaining weak security. This allows hackers to enter the system and siphon data or manipulate the connected devices. A tunnel to the device ecosystem provides hackers a doorway to your smart car too.

In response, Tesla published a statement over on PCWorld.

“We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process.”

This statement raises a strong concern. It shows that these innovative automakers are relying mostly on information security to handle the safety of their vehicles. A compromised phone can only cause the loss of data, but a compromised car can cause physical damages to the driver and their family. Once a hacker gets the control of your car, you’re completely at the mercy of that hacker. Who knows what kind of damages they are capable of inflicting.

Is It All Just Paranoia?

Maybe. But let’s try to analyze the situation and concerns from a logical perspective. Connected cars relying on information security are actually depending on trusted networks and static passwords. We all know what brute-force hacking can do to these security measures. Apart from that, since it requires just a password to control the car through the iPhone, a simple phishing attack can leave the car open to hackers.

And that’s not all; if someone gains temporary access to the email account of the car owner, they can reset the password, thus gaining access to the car. It is thus a good idea to create a separate Gmail account to link to your Tesla profile.

There can also be a threat from malicious apps that can steal the passwords stored in the user’s iPhone. The iPhone application integrated with the Tesla Model S can identify the car’s location, control the built-in media, remotely open the doors, and maneuver the car’s brakes and suspension.

Imagine a hacker getting access to a connected car through this wonderful application. You can’t be comfortable getting into that car.

So, how safe are connected cars? We are yet to find out.