Tesla Software Vulnerability and Hack Cases

January 19th, 2020 | Comments Closed | Blog

If you have a Tesla car and find a drone surveying your parking area, remain cautious. Some intruder with ill intentions might be trying to hack into your Tesla car. For Tesla, the security experts Benedikt Schmotzle and Ralf-Philipp Weinmann claim so. The two found zero-click security issues in Tesla’s open-source software mechanism known as ConnMan. Their findings discovered that it wasn’t 100% secure because cyber hackers could easily manipulate the system using Wi-Fi.

For example, your phone and computer can be easily protected with Netgaurd VPN. VPN hides IP, removes all your online traces, and encrypts data. Therefore, hackers cannot hack your device even through an insecure network. But alas, Tesla cannot be protected through a VPN. Only a software update can protect a Tesla from being hacked. But before you update the software to fix the vulnerability, you need to find it.

Tesla’sTesla’s Zero-click Vulnerabilities

The researcher’s zero-click vulnerabilities, “TBONE,” were unveiled during the hacking contest “Pwn2Own,” which was planned to take place in Vancouver in 2020. But then, all those plans never came to pass because of the pandemic. The Tesla company is known as a popular electric firm and not only a huge automobile for its production of self-driven vehicles. Therefore, it supports such hacking competitions and bug bounty programs to make its technology more secure for consumers. Weinmann and Schmotzle Stated that finding out vulnerabilities would give a chance to the attackers to change seat positions, close and open the doors and trunk, to control both the steering and acceleration mode. This means that they can do anything that a driver does while away. But then, even after having illegal access to all these control features, the hacker could access other features but would not access drive features. Therefore, the hacker will not drive your car to its destination.

Tesla Software Vulnerability and Hack Cases

Tesla Software Vulnerability and Hack Cases

What the researchers found out was not proven using an actual car; therefore, the in-house emulator worked – “KunnaEmu” – to carry out such attacks. However, they were confident about its accuracy and thus revealed their findings at the Teslas bug bounty in 2020. Tesla did a wonderful job on it and later unveiled a path update v2020.44 towards November. Therefore, the group worked together with CERT-Bund (German CERT) to ensure that the car company finds solutions to these vulnerabilities in the shortest time possible. Even the most advanced and secured programs have been faced with unexpected vulnerabilities. Tesla is not an exception.

Who Hacked Tesla Security?

A German teenager hacked Tesla and successfully managed to access more than twenty-five electric vehicles, which were products of Tesla. These vehicles were found in more than ten regions around the globe. The cyber security expert had a confirmation with one of the drivers, who permitted him to honk the car remotely. The hacker applied Tesla’s bug bounty program to raise the alarm to the car giant found in Texas, but Tesla remained reluctant and took more time before responding. Therefore, It revealed the state of Tesla’s vulnerability to his followers on Twitter and told the press via interviews.

Tesla Security Software

Tesla Security Software

Elon Musk became more relieved when the hacker concluded that he could gain some access to the Tesla but could not take full control of the cars. Instead, it only allowed him to do minor controls like locking and unlocking car doors and windows, which would not cause major damage. The teenager added that he could also interfere with the car’s security systems and switch the music system in the car on and off.

On the other hand, he could get online and play YouTube videos on the breached electric vehicles. This security fault enabled the hacker to switch the car lights on and off, which was a great risk if done during the night. While performing all these remotely, the distance between him and the cars was not as near as you think. The hacker also had a way to find out if someone was in the car and access information on the exact location of the car. According to the hacker, the Tesla hacked IP allows him to open the doors in the affected vehicles.

The security vulnerability was later found in another software used by the tesla managements magazine that was known to be operated by “just a few owners.” The cyber expert stated that he exposed his claims on Twitter as there was no other way he could inform the Tesla management of their vulnerabilities. The hacker claimed that the Tesla owner was the one to blame for the shortcomings of the Tesla electric vehicles. He also encourages carmakers to appreciate the internet as it helps them find any loopholes to be rectified. Any connection to the internet attracts hackers who can find their way in and access your information. Coffee machines, cars, and refrigerators – are vulnerable equipment and could be a target to hackers or user errors when you connect them to the internet.

Tesla electric cars are just like ordinary computers, and in the coming future, they will serve almost the same purpose and similar maintenance as ordinary computers. Even though Tesla has not revealed any antivirus software for their cars, it would help if users would protect their mobile devices as hackers may find loopholes through those devices to find the area of weakness in your car. The Tesla company has since increased to $15,000 per reported case. The positive relationship between the hackers and the security personnel made them work together in hacking conferences. In the past years, Tesla participated by bringing its electric cars to the Pwn2Own hacking competition.

Conclusion

The good news is that soon the Tesla company shall unveil a two-factor authentication to all users to keep them safer from hackers.