Are Teslas Secure? How Hackers Can Attack Connected Cars
Whatsapp Pinterest
Advertisement

It seems like everything is connected to the internet these days, from kettles to doorbells. Even cars are increasingly manufactured with some degree of internet connectivity. But no cars are quite as internet-connected as Teslas.

In general, Teslas are very secure vehicles. However, whenever any kind of device is connected to the internet, even a car, it will introduce some security vulnerabilities. To show you the different ways in which security issues can affect connected cars, we’ll share some examples of how people have tried and sometimes succeeded at hacking Teslas.

Vulnerabilities in Tesla Key Fobs

tesla-model-s

Of all the ways that criminals use technology to hack or steal cars 5 Ways Criminals Use Technology to Hack and Steal Cars 5 Ways Criminals Use Technology to Hack and Steal Cars One million cars are stolen every year in the US. Here are some of the common tactics you need to be aware of to stay safe and secure. Read More , one security aspect you might not consider is a key fob. Teslas have a keyless entry system. This uses a small device attached to a key ring which you carry on your person. When you approach your Tesla, it detects the key fob and unlocks the doors for you.

Cloning Attacks on Tesla Key Fobs

There have been security issues with Tesla key fobs. In 2018, researchers from the Belgium university KU Leuven announced they were able to copy a Tesla key fob.

They could wirelessly read signals from a nearby key fob, then clone a copy of it. That meant it was possible for hackers to stand near to Tesla owners and copy their keys without them knowing, then steal the car. Tesla swiftly fixed the issue with a new type of key fob which removed the vulnerability.

However, one year later in 2019, the same researchers discovered another security flaw in the new fobs. This time, the hacker had to be closer to the fob than previously and the attack took a little longer. But it could still be performed wirelessly without the target knowing.

Although Tesla had introduced more encryption in the new fobs, this was not enough to prevent the hack. The good news is that Tesla was able to patch this issue with a software update soon after news of the new hack broke.

Repeater Attacks on Tesla Key Fobs

It’s worth noting that as far as we’re aware, no one has ever used the cloning vulnerability to actually steal a Tesla. However, hackers can also perform other attacks on key fobs, such as a repeater attack.

Here, a hacker picks up the presence of a key fob from inside a Tesla owner’s house when their car is parked outside and amplifies it. This is the method that thieves likely used in a much-circulated video (above) purporting to show two people stealing a Tesla in the UK.

Hacking Tesla’s Autopilot Feature

One of the most scary ideas people have when they think about the security of internet-connected cars How Secure Are Internet-Connected, Self Driving Cars? How Secure Are Internet-Connected, Self Driving Cars? Are self driving cars safe? Could Internet-connected automobiles be used to cause accidents, or even assassinate dissenters? Google hopes not, but a recent experiment shows there is still a long way to go. Read More is what happens if a hacker takes control of a vehicle. Tesla’s Autopilot feature allows the car to perform some self-driving maneuvers such as cruising or changing lanes on the highway.

But in 2019, a group of Chinese hackers were able to manipulate the Autopilot feature. In a nightmare scenario for drivers, the hackers were able to take control and direct the car into oncoming traffic.

To perform the hack, the team used small, brightly colored stickers attached to the road surface. This created a “false lane” which the Tesla’s systems read as a real driving lane and followed. This all took place on a test track, but theoretically the same system could be used in the real world to direct a car into the oncoming traffic lane.

The trick here is that this hack requires changes to the outside environment around the car. It doesn’t actually target the car itself. Plus, drivers should still be attentive when using Autopilot and be ready to take control of the vehicle from the automated systems.

That means it’s not very likely to be a problem in most scenarios. Tesla thought so too, putting out a statement saying that the vulnerability was “not a realistic concern.”

Hacking a Tesla’s Entertainment System

Are Teslas Secure? How Hackers Can Attack Connected Cars tesla touchscreen

A less serious hack on Teslas was demonstrated by Team Fluoroacetate at the security event Pwn2Own in 2019. The team were able to use a bug in the car’s web browser to access the car’s firmware and run their own code. They were then able to show a message on the Tesla entertainment system.

This hack isn’t going to help anyone steal your car or cause a crash. However, it does show how any seemingly small part of a car’s software can be a security risk, even the web browser. Tesla says it is working on a software fix for this security issue.

Protecting Your Data When You Sell Your Tesla

Finally, there’s a security issue with Teslas which is not due to a vulnerability as such.

Instead, it’s due to the collection of data that you might not even think about. If you own a Tesla and later decide to sell it, you should be aware of the amount of data about you contained within the car. Just like when you sell an old PC, you should be sure to wipe the hard disk drive before passing it on to the buyer.

When you sell a connected car, you need to get rid of private data before handing it over to someone else.

In 2019 two security researchers purchased a wrecked Tesla Model 3. They were able to access the car’s computer and download all sorts of information about the previous owners. In the computer they found phonebooks with contacts’ numbers and email addresses, plus calendar entries. They were also able to see recent locations entered into the car’s navigation system. There was even video footage recorded by the vehicle’s cameras.

There is a way to delete personal information from a Tesla by performing a factory reset. This should be a reminder to Tesla owners that if their car is ever wrecked or sold, they should perform a factory reset before getting rid of the car. This will prevent anyone from accessing their data.

Connected Cars Come With Security Risks

Overall, cars today are safer than ever before. Teslas have security features which make crashes less likely and protect the people inside if they do occur. But it’s worth thinking about the ways that new technologies can create security risks.

To learn more about the risks of connected cars, see our article on terrifying scenarios that self-driving cars make possible 7 Terrifying Scenarios Self-Driving Cars Make Possible 7 Terrifying Scenarios Self-Driving Cars Make Possible Some of the risks inherent with self-driving cars range from physically dangerous to morally questionable. Here are seven potential dangers lurking in a self-driving future. Read More .

Explore more about: Automotive Technology, Security Breach, Security Risks, Tesla.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Matthias
    October 25, 2019 at 7:15 am

    Unlike to the PC at home, in a car you are dependent on the OS and software the manufacturer brands on the car. Maybe in the future one OS will win the war of systems. (but nowadays not much people ask what systems the car runs)
    On the other hand we cannot ignore the fact that we are on the way to autonomous and ai driving which at least relays on the manufacturer. Our young children would not desire to own a personal car.

  2. dragonmouth
    October 15, 2019 at 11:55 pm

    "The trick here is that this hack requires changes to the outside environment around the car"
    Not really. Since Autopilot was first installed on a Tesla, it has a history of being confused by worn or old lane markings, accidental markings on the road (paint, oil, animal blood), defaced or dirty road signs and various other less than optimum factors.
    There was case in California where Autopilot-controlled car went into a road construction zone with lane changes. The new, temporary lanes were marked with solid white lines. However, the old dotted lines were either not removed or incompletely removed. Unfortunately, Autopilot followed the dotted lines adn drove the car straight into a concrete lane delineator, killing the driver. Obviously the driver either wasn't paying attention or did not have enough time to take control.

    "drivers should still be attentive when using Autopilot and be ready to take control of the vehicle from the automated systems"
    IF drivers are expected to take be be constantly ready to take over, of what use is the Autopilot feature, other than to make money for Tesla???!!!

    Have you ever driven for many hours at night on a road with little traffic? Even while fully engaged in driving (no cruise control) most drivers lose focus after two hours or so and tune out or start falling asleep. A deer jumps out on the road 50 feet in front of your car. At Interstate speed (65 or 70 mph) even if you are fully alert and in control of the car, there is absolutely no way to avoid the impact. Now imagine you have been RIDING for hours in car controlled by Autopilot and all you did was twiddle your thumbs. How long is it going to take for you to gain control of the car? 2 seconds? 3 seconds? By that time you and your car would be in the ditch and you would be unconscious, if not dead.
    A self-driving car with a human backup hit and killed a woman in Arizona when she stepped right in front of it. The car sensors did not detect the woman so the human backup could not take over and stop the vehicle.

    I assume (I know, that is dangerous to do) that some form of Autopilot will be used as the basis for an self-driving car. Unless it will not need a human backup, the "self-driving" car is just figment of someone's imagination.