Tesla Compromise #2: Here we go again
Technology advances have improved the devices and user experience (UX) in many of the vehicle models being manufactured. These advances have been manifested with the vast improvements with mechanical, electrical, and the infotainment system.
One aspect of this that has garnered attention in the public eye has been the infotainment system within the vehicles. These allow the person to change the temperature, monitor the tire air pressure, call others, received directions, and receive alerts as to the vehicle status. A functionality that has been embraced by vehicle owners continues to be the connectivity. This allows the owner to start the vehicle from their office or living room, check on the car’s status from across the country, or lock/unlock the car’s doors. This newer technology has allowed the consumer to be in more control with their vehicle.
Although this is a clear benefit, there have been risks with this. The recent vehicle attacks have focused on this portion of the attack surface. As a further testament of this, Tesla has had its issues.
Keen Security Lab, a division of Tencent, researched the Tesla vehicle for months. This extended period allowed for the extended testing for the Model S, P85, and 75D. This slow and systemic testing provided time to fully test these models and systems. This testing allowed for the vulnerability and exploit to be elaborated, elucidated, and expounded upon.
This is differentiated from the first attack, which was essentially a physical attack and attempt to breach the vehicle’s system. With the first attack, the third party was required to pull a section of the dash back and connect the laptop to the vehicle with a patch cord, which was plugged into the car. This attack was far from simple or short in duration. The second attack focused more on a common vulnerable point. With many other attacks, the connectivity and WiFi for the vehicle was proven to be vulnerable.
Specifically the Tesla Model S was analyzed at lengths by the Keen Security Lab. This model had a vulnerability that could be exploited remotely. This was tested at 12 miles from the vehicle. This attack focused on the CANbus of the vehicle. Once compromised, the attackers could control many functions of the vehicle. For this to function, the vehicle must be connected to the malicious WiFi hotspot. This is the key and the method of attack. Once the vehicle connects to the hotspot, the attacker enters through this connection with the browser in the infotainment system.
Effectually, once the attack is successful, the attacker is able to control the infotainment system, instrument cluster screens, unlock the doors from a remote location, open the trunk, fold the side mirrors, have the brakes applied while driving, open the sunroof, move the power seats, turn on the signaling lights, move the seats in the vehicle, and windshield wipers. Although this is not a fatal flaw necessarily, this may be rather annoying.
This was not an oversight without a potential fix. This was patched over-the-air (OTA) by Tesla with v7.1, 2.36.31. Tesla recognized that this vulnerability was significant and pushed the patch rather quickly within 10 days. Going forward, Tesla started to use code signing to ensure only authorized software, and updates are accepted and implemented.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Abel, R. (2016, September 21). Hackers crack tesla CAN bus, DoT issues policy for securing connected car. Retrieved from http://www.scmagzineuk.com/researchers-remotely-hack-tesla-firmware-dot-issues-connected-car-guidelines/article/
Antonelli, R. (2016, September 20). Chinese company hacks tesla car remotely. Retrieved from https://www.yahoo.com/news/m/7d421ab3-81ea-3be0-aac7-0b76fb5f2334/Chinese-company-hacks-tesla.html
Baram, M. (2016, September 20). Security researchers hacked a tesla model s, controlling brakes, from 12 miles away. Retrieved from https://news/fastcompany.com/security-researchers-hacked-a-tesla-model-s-controlling-the-brakes-from-12-miles-away-4019631
Constantin, L. (2016, September 20). Update: Researchers show off remote attack against tesla model s. Retrieved from http://www.computerworld.com/article/3121908/security/researchers-show-off-remote-attack-against-tesla-model-s.html
Coren, M.J. (2016, September 23). It will soon be legal to hack your tesla (and every other car) in the US. Retrieved from http://qz.com/788491/it-will-soon-be-legal-to-hack-your-tesla-and-every-other-car-in-the-us/
Ferris, R. (2016, September 20). Chinese company hacks tesla car remotely. Retrieved from http://www.cnbc.com/2016/09/20/chinese-company-hacks-tesla-car-remotely.html
Finkle, J. (2016, September 20). Tesla fixes security bugs after claims of model s hack. Retrieved from https://www.yahoo.com/news/tesla-fixes-security-bugs-claims-212130698.html
Fox-Brewster, T. (2016, September 20). Watch Chinese hackers control tesla’s brakes from 12 miles away. Retrieved from https://www.forbes.com/sites/thomasbrewster/2016/09/20/keen-team-remotely-hack-tesla-cars/#64dedbba3f0c
Golson, J. (2016, September 19). Car hackers demonstrate wireless attack tesla model s. Retrieved from http://www.theverge.com/2016/09/19/12985120/tesla-model-s-hack-vulnerability-keen-labs?yptr=yahoo
Greenberg, A. (2016, September 27). Tesla responds to Chinese hack with a major security upgrade. Retrieved from https://www.wired.com/2016/09/tesla-responds-chinese-hack-major-security-upgrade/
Kovacs, E. (2016, September). Chinese researchers remotely hack tesla model s. Retrieved from http://www.securityweek.com/chinese-researchers-remotely-hack-tesla-model-s
Morrow, S. (2016, September 22). Connected cars-addressing concerns around public safety. Retrieved from http://www.scmagzineuk.com/connectedcars--addressing-concerns-around-public-safety-article/521713/
Reuters. (2016, September 20). Tesla fixes security bugs after claims of model s ‘white hat’ hack. Retrieved from http://fortune.com/2016/09/20/tesla-security-bug-hack/
Reuters, & Beall, A. (2016, September 20). Watch hackers control a tesla model s from 12 miles away: Firm issues fix after discovering dangerous flaw. Retrieved from http://www.dailymail.co.uk/sciencetech/article-3799158/Tesla-fixes-security-bugs-claims-model-S-hack.html
Solon, O. (2016, September 20). Team of hackers take remote control of tesla model s from 12 miles away. Retrieved from https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese-hack-remote-control-brakes
The Telegraph. (2016, September 21). Tesla fixes software bug that allowed Chinese hackers to control car remotely. Retrieved from http://www.telegraph.co.uk/technology/2016/09/21/telsa-fixes-software-bug-that-allowed-chinese-hackers-to-control/
Zorz, Z. (2016, September 20). Chinese researchers hijack tesla cars from afar. Retrieved from https://www.helpnetsecurity.com/2016/09/20/hijack-tesla-cars/
Zorz, Z. (2016, September 28). Tesla introduces code signing to harden their car’s security. Retrieved from https://www.helpnetsecurity.com/2016/09/26/tesla-code-signing/