Tesla Clears Vulnerabilities

Tuesday, August 1, 2017 @ 02:08 PM gHale


There are vulnerabilities in one of Tesla’s cars that can end up exploited remotely to open the car’s doors and force it to brake while in motion.

What’s more, it is also possible to bypass the code signing/signature checking mechanism Tesla introduced last year to make sure their cars accept only firmware updates signed by the company, said researchers from Tencent’s Keen Security Lab.

RELATED STORIES
Vulnerability in CAN Bus Standard
Pushing for a Cyber Secure Car
Vehicle Security Guidance Releases
Connected Car: Start Thinking Security

Researchers found Zero Days in different car modules, ultimately affecting the car’s CAN bus, which allows all the car’s microcontrollers to communicate with each other, and its Electronic Control Unit (ECU), which controls the car’s electrical system and subsystems.

They showed while the car is in park they can switch the lights on and off, lower and raise windows, car seats, open and close the sunroof panel, and fiddle with the in-vehicle displays. They can also make a moving car brake, open its trunk, and activate its windshield wipers.

They have responsibly disclosed the vulnerabilities to the car maker, and Tesla pushed out the patches in July.

“The reported issues affect multiple models of Tesla motors. Based on Tesla’s report, most of the active Tesla motors have been updated to new firmware with patches via FOTA [Firmware Over-The-Air],” researchers said in a blog post.

Tesla car owners should check whether they have received firmware version 8.1 (17.26.0) or later, and if not, to force the update themselves.



Leave a Reply

You must be logged in to post a comment.