Security contest techies say they hacked Tesla Model S

Jul 19, 2014 by Nancy Owano weblog
Tesla Model S

The good news: Tomorrow's cars are computers on wheels. The bad news: Tomorrow's cars are computers on wheels. Ma Jie, writing in Bloomberg News, reported this week that the Tesla Model S sedan was the target of a hacking contest in Beijing and apparently the hackers won.

Chief executive Elon Musk said that he would investigate and take immediate action to rectify any legitimate vulnerability to hackers. The hacks were carried out at the SyScan 360 conference in Beijing, (SyScan stands for Symposium on Security for Asia Network.) Qihoo 360 Technology Co. found ways to remotely control the Tesla car's locks, horn, headlights and skylight while the car was in motion, said Bloomberg News. Qihoo 360 Technology is a Beijing-based Internet security company. "After conducting a series of security tests, we found the Tesla car can be remotely unlocked, the horn honked, the lights flashed, or the sun roof opened while it's running," Qihoo 360 Technology said on its official microblogging Weibo account.

The SyScan site noted on its site that it is "one of the best known Internet security conferences in Asia," having held more than 22 conferences since 2004. In December 2012, "SyScan came to Beijing, China, for the very first time, jointly organized with Qihoo 360, the largest internet security company in China to hold SyScan360." Dan Goodin, security editor at Ars Technica, reported on Thursday that SyScan 360 organizers had promised $10,000 as part of a hacking competition involving the Tesla car. "As of press time," he said, "no other information was available about the specifics of the reported hacks." Seth Rosenblatt of CNET reported that "Qihoo 360 said it reported the hack to Tesla and offered to work with the automaker to fix the vulnerability."

Musk said in June that the automaker's patents will be "open source" and available at no charge as it seeks to expand adoption of battery-powered cars.

Earlier this year, Tesla announced it will sell its battery-powered Model S sedan in China and began China deliveries this year.

In a statement, Tesla said, "While Tesla is not associated with the conference and is not a sponsor of the competition, we support the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities." the company said in a statement. "We hope that the security researchers will act responsibly and in good faith."

Explore further: Musk donates $1 million for new Tesla museum

More information: www.chicagotribune.com/classif… cked,0,7108232.story

add to favorites email to friend print save as pdf

Related Stories

The race is on to power the next generation of electric cars

Jul 16, 2014

A major shift from gasoline-powered to affordable electric vehicles feels tantalizingly close, but the battery technology that could make it happen still needs to catch up to its own hype. Although luxury-car maker Tesla ...

US closes investigation of Tesla battery fires

Mar 28, 2014

The U.S. government's auto safety watchdog has closed an investigation into Tesla electric car battery fires after the company said it would install more shields beneath the cars.

Recommended for you

Should the Japanese give nuclear power another chance?

22 hours ago

On September 9, 2014, the Japan Times reported an increasing number of suicides coming from the survivors of the March 2011 disaster. In Minami Soma Hospital, which is located 23 km away from the power plant, ...

UK wind power share shows record rise

Oct 24, 2014

The United Kingdom wind power production has been enjoying an upward trajectory, and on Tuesday wind power achieved a significant energy production milestone, reported Brooks Hays for UPI. High winds from Hurricane Gonzalo were the force behind wind turbines outproducing nuclear power ...

Global boom in hydropower expected this decade

Oct 24, 2014

An unprecedented boom in hydropower dam construction is underway, primarily in developing countries and emerging economies. While this is expected to double the global electricity production from hydropower, it could reduce ...

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

antialias_physorg
4.3 / 5 (3) Jul 19, 2014
Why would any car even feature ANY kind of remotely accessible system? Plugging in a cable during maintenance is not so much of a hardship.
lordjorma
not rated yet Jul 19, 2014
Not sure but sounds like they actually hacked the locking system not the actual car itself.
axemaster
not rated yet Jul 19, 2014
Why would any car even feature ANY kind of remotely accessible system? Plugging in a cable during maintenance is not so much of a hardship.

This is what I have to wonder as well. I've made wireless microcontroller based systems, and they had the capability for self programming, but for actual reprogramming I forced it to rely on IrDA - i.e. near physical contact at a certain spot on the device. You couldn't just mass-reprogram them from anywhere nearby. That's why wireless reprogramming / access is so dangerous - you don't even have to be in the same building, so there's no limits.
antialias_physorg
not rated yet Jul 19, 2014
Not sure but sounds like they actually hacked the locking system not the actual car itself.

Good point. The security system/door lock as entry point would explain a path to gain control over locks, horn and headlights (though I fail to see how the sun roof is connected with that). So this is not an EV specific issue but simply an issue of manufacturer X using a not so secure lock protocol.

And I have to redact my earlier statement: Having a keyless lock (as on most cars) IS a remotely accessible system that does add considerable convenience.
TheGhostofOtto1923
not rated yet Jul 19, 2014
Many sci fi writers have dealt with this including

"Robopocalypse is a science fiction book by Daniel H. Wilson published in 2011. With a PhD in robotics from Carnegie Mellon University, the author based the robots in the novel on work in robotics research. Sources like Robert Crais and Booklist have compared the book to the works of Michael Crichton and Robert Heinlein. It became a bestseller on the New York Times list."

"a computer scientist accidentally unleashes a supremely intelligent sentient A.I. named Archos. Archos becomes self-aware and immediately starts planning the elimination of human civilization in an attempt to preserve Earth's biodiversity. Over a gradual period of time, Archos infects all penetrable networked electronic devices, such as cars, airplanes, smart homes, elevators, and other robots, with a "precursor virus..." etc

-Then it starts wrecking planes and sending cars full of people off cliffs. But then we win because we're HUMAN dammit.
Teslaliving
not rated yet Jul 20, 2014
No details anywhere on the "hack". Did they merely guess the username/password of some owner and then use the documented API to control (some very basic) functions of the car? I'd guess that of the 40,000 owners most have a poor password scheme. Many email addresses can be found on the tesla-specific forums and then it would just take some dictionary work to get past the poor passwords. Lots of press for this supposed hack.

Blog: http://teslalivin...ress.com
Twitter: @Teslaliving