In a highly technical presentation at the Defcon hackers conference in Las Vegas Friday, computer security experts Marc Rogers and Kevin Mahaffey revealed how they were able to hack into a Tesla Model S and remotely control several of its functions, including killing the engine while the car traveled at low speed.
Mahaffey, co-founder of Lookout Mobile Security and CloudFlare researcher Rogers were able to unlock the car’s doors, open the trunk, darken screens displaying speed and other information and kill the engine by issuing commands from an iPhone.
On Thursday, Tesla Motors issued an over-the-air update to every Model S in the world after the hackers alerted the company to the car’s vulnerabilities.
“The reason we hacked the Model S is that it is the most connected car in the world,” Rogers said during the presentation, held to an overflow crowd at the Paris hotel and casino. “It’s a data center on wheels. We wanted to see how well it did.”
Despite being able to compromise the car’s systems, Rogers and Mahaffey were impressed at the how well the Tesla had been designed to thwart a malicious attack and how difficult it had been to breach the car’s security.
“We found it was designed very, very well,” Mahaffey said. “It’s important to realize all of the ways we didn’t get in: It was failure, failure, failure.”
Added Roberts, “This is a phenomenal design, more like the way airplanes are designed than cars. It took a lot of thinking outside the box” to hack the car’s systems.
Using a colleague’s Model S, the pair began by removing portions of the dashboard to gain access to the electronics. “Ripping the console off your friend’s $100,000 car gives you pause,” Rogers joked.
Once inside, they discovered ways to access several key electronic pathways, partly via an obsolete web browser with several well-documented security flaws. But they were repeatedly rebuffed until they found a breach that, given the sophistication of the car’s engineering, astonished them. When they probed the flaw it yielded instantly.
“This is where I literally cried,” Rogers said. “After months of hunting big game, it cracked in under a second.”
The pair drove the Model S to an empty parking lot, where, with Mahaffey at the wheel, Rogers pressed a button on his iPhone. The Tesla’s infotainment screens instantly went black, the engine stopped and the car jerked to a halt.
But they also discovered that Tesla had apparently anticipated a malicious hack on the car’s crucial systems: when attacked at speeds over 5 mph, the car shifted to neutral, allowing the driver to coast to a safe stop.”You still retain full control of the car,” Rogers said. “It’s phenomenal.”
Tesla was paying close attention to securing the Model S from computer attacks before Mahaffey’s and Rogers’ hack. The company actively solicits input from the hacking community, offering a “bug bounty” recently increased to $10,000 for identifying security flaws.
Tesla was the only car manufacturer with an official presence at Defcon, planting a Model S in the middle of the conference’s Car Hacking Village, although representatives from other automakers were expected to attend. An estimated 18,000 are expected to attend this year’s conference, which closes Sunday.
“Any piece of technology, given somebody clever enough with enough time, they’re going to find a vulnerability somewhere,” Russ Tekkonen, a Tesla network engineer, told The Hollywood Reporter. “We want to find that out. We’re really pretty happy with where we are now, because so far nobody’s found the really scary type of vulnerability.”
In July, Fiat-Chrysler recalled 1.4 million vehicles after hackers were able to remotely manipulate the engine, brakes and other systems of a Jeep Cherokee through a flaw in its infotainment system.
In an interview with THR after the presentation, Mahaffey said, “We have to assume that hackers are going to get into a car, but that shouldn’t matter— you shouldn’t be able to compromise the car. And Tesla’s done a great job of that. I feel safer in a Tesla Model S than any other connected car on the planet.”