Tesla Motors said on Thursday it has sent a software patch to address security flaws in the Model S sedan that could allow hackers to take control of the vehicle. The Financial Times reported that cybersecurity researchers said they had commandeered a Model S and turned it off at low speed, one of six significant flaws they found that could allow hackers to take control of the vehicle. Tesla confirmed elements of the story and said it already has issued a software patch to owners.
Kevin Mahaffey, chief technology officer of cybersecurity firm Lookout, and Marc Rogers, principal security researcher at Cloudflare, said they decided to hack a Tesla car because the electric-vehicle company has a reputation for understanding software that is better than that of most automakers, according to the FT report. "We shut the car down when it was driving initially at a low speed of 5 miles per hour," the newspaper quoted Rogers as saying. "All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop."
Tesla said it had developed and deployed an over-the-air update to Model S owners to address the "vulnerabilities." In a statement, Tesla said the hackers did not turn off the car remotely, but from inside the vehicle. "Our security team works closely with the security research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards," the automaker said.
The hack will be detailed at cybersecurity conference Def Con in Las Vegas on Friday, the FT said. The hack on Tesla follows a similar attack on Fiat Chrysler's Jeep Cherokee last month that prompted the company to recall 1.4 million vehicles in the United States.