A potentially serious security flaw to do with Tesla cars has been discovered by researchers, which allowed them to assume control of the vehicle.

But the American car firm says it has now patched the vulnerability and pointed out that the hack was only possible as the researchers had access to the inside of the car.

Already Patched

The flaw was discovered by Kevin Mahaffey, CTO of cyber security firm Lookout, and Marc Rogers, principal security researcher at Cloudflare.

The car they chose to hack is arguably one of the most advanced in the world, the Tesla Model S salon which is always connected to the Internet. The researchers said they chose Tesla because it tends to understand software better than other car makers. The researchers presented their findings to the cyber security conference Def Con in Las Vegas on Friday.

The researchers said that they managed to take control of the car and turned it off at low speed. Apparently all the screens went blank, music was turned off, and the handbrake was applied when the attack was carried out, bringing the car to a halt.

Lookout’s Mahaffey confirmed in a blog posting that he and Rogers had discovered a total of six flaw in the Tesla car, but said that overall its security was very good.

And there are two bits of good news for Model S owners.

Firstly, the researchers had to be physically inside the vehicle, and secondly, Tesla confirmed that it has already issued a patch after it deployed an over-the-air update to address the vulnerabilities.

“Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating and updating our safeguards,” the car maker was reported as saying.

Car Security

Car makers are nowadays increasingly facing tech security issues with their vehicles, as more and more cars incorporate computer technology into their designs and become connected to the outside world.

Last year a group of hackers and security researchers known as “I Am The Cavalry”, urged attendees of the Def Con security conference in Las Vegas to sign an open letter encouraging carmakers to improve the security systems of their latest cars.

That call came because the security flaws are a very real threat. Last month Fiat and Chrysler recalled over million vehicles in the United States because of a security vulnerability.

And in February, BMW confirmed it had patched a serious security flaw that could have allowed hackers to seize control of some of its cars’ systems. That flaw could have allowed hackers to the open doors of 2.2 million Rolls-Royce, Mini and BMW vehicles. The flaw could also have allowed the hackers to access the onboard vehicle computer system, which manages everything from engines and brakes to air conditioning.

Prior to that in September last year, General Motors ramped up its protection from hackers when it hired a watchdog to maintain mobile system security and guide the company into the future.

And in April 2014, security researcher Nitesh Dhanjani warned that weaknesses in the way Tesla lets drivers control their cars could allow someone to easily open the doors.

In the driving seat about connected cars? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago