Are Teslas Secure? How Hackers Can Attack Connected Cars
It seems like everything is connected to the internet these days, from kettles to doorbells. Even cars are increasingly manufactured with some degree of internet connectivity. But no cars are quite as internet-connected as Teslas.
In general, Teslas are very secure vehicles. However, whenever any kind of device is connected to the internet, even a car, it will introduce some security vulnerabilities. To show you the different ways in which security issues can affect connected cars, we’ll share some examples of how people have tried and sometimes succeeded at hacking Teslas.
Vulnerabilities in Tesla Key Fobs
Of all the ways that criminals use technology to hack or steal cars , one security aspect you might not consider is a key fob. Teslas have a keyless entry system. This uses a small device attached to a key ring which you carry on your person. When you approach your Tesla, it detects the key fob and unlocks the doors for you.
Cloning Attacks on Tesla Key Fobs
There have been security issues with Tesla key fobs. In 2018, researchers from the Belgium university KU Leuven announced they were able to copy a Tesla key fob.
They could wirelessly read signals from a nearby key fob, then clone a copy of it. That meant it was possible for hackers to stand near to Tesla owners and copy their keys without them knowing, then steal the car. Tesla swiftly fixed the issue with a new type of key fob which removed the vulnerability.
However, one year later in 2019, the same researchers discovered another security flaw in the new fobs. This time, the hacker had to be closer to the fob than previously and the attack took a little longer. But it could still be performed wirelessly without the target knowing.
Although Tesla had introduced more encryption in the new fobs, this was not enough to prevent the hack. The good news is that Tesla was able to patch this issue with a software update soon after news of the new hack broke.
Repeater Attacks on Tesla Key Fobs
It’s worth noting that as far as we’re aware, no one has ever used the cloning vulnerability to actually steal a Tesla. However, hackers can also perform other attacks on key fobs, such as a repeater attack.
Here, a hacker picks up the presence of a key fob from inside a Tesla owner’s house when their car is parked outside and amplifies it. This is the method that thieves likely used in a much-circulated video (above) purporting to show two people stealing a Tesla in the UK.
Hacking Tesla’s Autopilot Feature
One of the most scary ideas people have when they think about the security of internet-connected cars is what happens if a hacker takes control of a vehicle. Tesla’s Autopilot feature allows the car to perform some self-driving maneuvers such as cruising or changing lanes on the highway.
But in 2019, a group of Chinese hackers were able to manipulate the Autopilot feature. In a nightmare scenario for drivers, the hackers were able to take control and direct the car into oncoming traffic.
To perform the hack, the team used small, brightly colored stickers attached to the road surface. This created a “false lane” which the Tesla’s systems read as a real driving lane and followed. This all took place on a test track, but theoretically the same system could be used in the real world to direct a car into the oncoming traffic lane.
The trick here is that this hack requires changes to the outside environment around the car. It doesn’t actually target the car itself. Plus, drivers should still be attentive when using Autopilot and be ready to take control of the vehicle from the automated systems.
That means it’s not very likely to be a problem in most scenarios. Tesla thought so too, putting out a statement saying that the vulnerability was “not a realistic concern.”
Hacking a Tesla’s Entertainment System
A less serious hack on Teslas was demonstrated by Team Fluoroacetate at the security event Pwn2Own in 2019. The team were able to use a bug in the car’s web browser to access the car’s firmware and run their own code. They were then able to show a message on the Tesla entertainment system.
This hack isn’t going to help anyone steal your car or cause a crash. However, it does show how any seemingly small part of a car’s software can be a security risk, even the web browser. Tesla says it is working on a software fix for this security issue.
Protecting Your Data When You Sell Your Tesla
Finally, there’s a security issue with Teslas which is not due to a vulnerability as such.
Instead, it’s due to the collection of data that you might not even think about. If you own a Tesla and later decide to sell it, you should be aware of the amount of data about you contained within the car. Just like when you sell an old PC, you should be sure to wipe the hard disk drive before passing it on to the buyer.
When you sell a connected car, you need to get rid of private data before handing it over to someone else.
In 2019 two security researchers purchased a wrecked Tesla Model 3. They were able to access the car’s computer and download all sorts of information about the previous owners. In the computer they found phonebooks with contacts’ numbers and email addresses, plus calendar entries. They were also able to see recent locations entered into the car’s navigation system. There was even video footage recorded by the vehicle’s cameras.
There is a way to delete personal information from a Tesla by performing a factory reset. This should be a reminder to Tesla owners that if their car is ever wrecked or sold, they should perform a factory reset before getting rid of the car. This will prevent anyone from accessing their data.
Connected Cars Come With Security Risks
Overall, cars today are safer than ever before. Teslas have security features which make crashes less likely and protect the people inside if they do occur. But it’s worth thinking about the ways that new technologies can create security risks.
To learn more about the risks of connected cars, see our article on terrifying scenarios that self-driving cars make possible .