Tesla Releases Urgent Security Patch After Model S System Hack

Security researchers Kevin Mahaffey, chief technology officer of Lookout, and Marc Rogers, principal security researcher at Cloudflare demonstrated the hack to delegates at the cyber security conference Def Con in Las Vegas on Friday.

After physically connecting a computer to the car via an ethernet cable, they were then able to access certain systems in the car, and also install a Trojan horse allowing remote access.

The 'white hat' hackers, who carry out hacks in order to eventually improve security, said that they were motivated to try the hack on Tesla after reports of major security vulnerabilities in cars from Fiat Chrysler and GM. 

"My colleague Marc Rogers and I set out to audit the security of the Tesla Model S because we wanted to shine a light on a car that we hypothesized would have a strong security architecture, given the Tesla’s team’s deep software experience," explained Kevin Mahaffey.

"I really want to thank you guys. You're making the product better and safer," responded Tesla co-founder JB Straubel at the Def Con security conference, where the experts showed the audience how they carried out the hack.

Security expert Samy Kamkar hacked GM's OnStar in-vehicle system.

In contrast to the over-the-air updates issued by Tesla and GM, last month Fiat Chrysler sent a USB stick to the owners of 1.4 million Jeep Chryslers with a software update to fix the cars' software problem, which allows hackers to wirelessly hijack the car. 

The vulnerabilities allowed them to leave behind a Trojan horse and gain access to the instrument cluster above the steering wheel, and the 17-inch touchscreen center information display in the middle of the dashboard, which they hackers were then able to use to remotely open and close the trunk, lock and unlock the doors and even start and stop the car.