Tesla Issues Patches for Vulnerabilities Discovered by Hackers

Tesla has already rolled out a patch to every Model S vehicle on the road in direct response to fixing the vulnerabilities found by security researchers Kevin Mahaffey and Marc Rogers, reports Wired.

Related article:  Security Researchers Hack a Tesla Model S, Expose Vulnerabilities

In stark contrast to the recent recall of 1.4 million cars by Fiat Chrysler after security researchers remarkably demonstrated a hijack to gain complete control of a Jeep Cherokee remotely, Tesla has the capacity and the technology to directly distribute software updates and patches to its vehicles. While Fiat Chrysler vehicle owners were mailed USB sticks to fix their vulnerabilities, Tesla has the means to deliver the patches wirelessly through the internet. When prompted with the option to install a patch, Tesla car owners will simply have to click ‘yes’ on the touch-screen that comes with the car.

“Our over-the-air software updates remotely add new features and functionality to Model S. Similarly to how you receive updates to your smartphone, Model S owners download these updates from Tesla via Wi-Fi or a cellular connection.

“A button will pop up on Model S’s 17-inch touchscreen and an owner can select a time to download the latest version of the software. The ability to receive these features and fixes is free for the life of the vehicle and is one more way that Tesla is redefining auto-ownership,” said a spokesperson in a statement issued by Tesla.

Researchers’ benchmark: Tesla’s tech and cybersecurity

While the Model S hacks clearly underlines the dangers of connected cars, the two researchers who hacked into the luxury vehicle still see reasons for optimism. In fact, the researchers readily profess that the primary goal in dismantling Tesla’s car and finding vulnerabilities was to understand what Tesla did – right or wrong with its vehicles. This information would prove to be useful for the implementation of better cybersecurity among the entire car industry, the duo of researchers say.

“If there are one or two companies that are actually doing it well, then shining the light on them … helps raise the overall bar for the entire industry,” stressed Mahaffey.

For instance, the critical failure of complete loss of power while the vehicle is in motion isn’t as life-threatening as it may sound with other vehicles. Tesla has engineered a way to:

  • Implement the handbrakes if the car is traveling under 5Mph until the car comes to a halt while the driver retains control of the steering.
  • If the car is traveling faster, the gearbox shifts into neutral and the driver will be able to retain steering to find a safe spot to finally stop the car.

Even firmware updates transmitted wirelessly to each individual car is compressed and communicated over a VPN connection. No rogue firmware can be installed from an unauthorized source because the VPN connection is always authenticated mutually between the car and the server.

The researching/hacking duo plan to work with Tesla with the aim to further enhance cybersecurity in the company’s vehicles. Despite the vulnerabilities, Mahaffey proclaims that the Model S by Tesla is “the most secure car that we’ve seen,” and adds that other car manufacturers should follow Tesla’s lead.