A team of security researchers discovered a horrific vulnerability in the Tesla car program. This allowed them to take advantage of the car’s software and control it from a distance.
Researchers Ralph Philip Weinmann and Benedikt Schmotzle found that they could penetrate the touch-based infotainment system to manipulate various driving settings, move the chair, and even more seriously open the doors and trunk of the car and operate it remotely, by flying a drone that emits a “WiFi” signal that connects to a component of the car, according to “Interesting Engineering”.
Fortunately, the two of the so-called “white hats” had good intentions, the team noticed the interesting flaw, and had already reached out to Tesla, giving the carmaker time to fix the vulnerabilities before it was announced.
The team consisted of Ralf-Philipp Weinmann of Kunnamon, Inc., and Benedikt Schmotzle of Comsecuris GmbH. They called their exploits TBONE, with the hope of sharing what they discovered at last year’s PWN2OWN contest.
When that contest didn’t take place due to COVID-19 closures, Weinmann and Schmotzle instead decided to directly contact Tesla to inform the company of these vulnerabilities, and then publish their findings online.
Before publishing the information, though, Tesla had the time to address the vulnerabilities, which can no longer pose a problem for the company’s EVs.
What’s fascinating about this discovery is that everything could be done remotely, which is why Weinmann and Schmotzle used a drone to remotely access the Teslas — the duo didn’t even have to see the vehicles to hack into them, let alone be near them.
Explaining their motivation, the researchers said, “Our mission is to bring the power of cloud computing and simulation to test embedded automotive systems, at scale.”
This kind of infiltration or piracy is permissible, and these hackers usually carry out these actions in order to seek prizes by companies who can penetrate their systems to find out the gaps in them, hence their name “white hats”.
It is not surprising that people find vulnerabilities in systems, especially when they are new or if they perform software updates.
Firms that release new software greatly welcome this information, and a number of bug bounty programs are widely circulated, encouraging hackers and tech enthusiasts to try to hack or discover vulnerabilities in systems to get paid for submitting the information they discover.
In 2019, Tesla introduced one of its Model 3 cars to anyone who could compromise their vehicle’s systems.
Sources:
- https://kunnamon.io/tbone/