Chinese security researchers have once again demonstrated the potential dangers of connected vehicles by remotely hacking a Tesla for the second consecutive year.
Malicious code was run on the Tesla-branded vehicle using the in-car web browser. Once exploited, the researchers were able to put on the brakes remotely, open the doors and trunk, and even blink the lights in time to music from the car’s stereo.
The researchers, from Keen Security Lab in Shanghai, were able to control the vehicle over both WiFi or cellular which demonstrates the concerning possibilities.
They don’t believe Tesla is more vulnerable than other connected cars
In a statement, Tesla said it welcomes this kind of ‘white hat’ research from the community to prevent exploits being used by malicious parties who intend to do harm. To its credit, the researchers informed Tesla of their discovery in June of this year and the company patched the vulnerabilities within two weeks.
Last June, the same team demonstrated their ability to hack a Tesla and remotely engage its brakes.
The researchers are keen to emphasise they don’t believe Tesla is more vulnerable than other connected cars and the hack was complex and would be difficult to replicate. In fact, several other car manufacturers have been subject to hacks over the past few years including Chevy, Mitsubishi, and Chrysler.
A piece of legislation known as the ‘Security and Privacy in Your car’ (SPY) act has been proposed which is considered a major legislative milestone with the potential to protect vehicles communicating with outside infrastructure (V2I) and other cars (V2V) with hack mitigation and data privacy standards.
"Automakers must collaborate with the security community, become educated, and implement a holistic approach,” comments Doug Gilman, Automotive & Transportation Industry Analyst, Frost & Sullivan. “The industry is constantly evolving, and vehicle vulnerabilities are increasing. With no proven vulnerability tracking, all connected vehicles are vulnerable. The hacker needs to be right only once; automakers need to be right 100% of the time."
Are you concerned about the vulnerability of connected cars? Let us know in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.