- By Ryan Whitwam
The traditional auto industry has been slow to adopt new technology, butTesla is far from traditional. The electric car start up helmed by Elon Musk (also the founder of SpaceX) relies on advanced computer control of the car’s systems, and of course it has that gigantic 17-inch touchscreen center console in the Model S. However, with all that flashy tech comes the potential for vulnerabilities that can be exploited. Tesla isn’t just waiting for someone to release a zero-day hack for its cars — the company showed up at the recent DEF CON gathering in search of people it could hire to hack its cars.
DEF CON is a major event for the security community. Most of the companies recruiting talent at DEF CON aren’t going to be familiar to the general public, which makes Tesla’s presence all the more interesting. Musk and co are looking to bring 20 to 30 more security experts on board in an effort to hunt down potential vulnerabilities before they show up in the wild.
Computers and phones are shipped with nasty security flaws all the time (such as Heartbleed), but the consequences of an un-patched exploit in the wild are limited to the digital realm. If someone gains administrator access to your computer, it can be a serious pain to repair the damage, but that’s nothing compared to what might happen if you car is compromised while it’s in motion. Security flaws are a much bigger deal when you’re speeding down the highway.
Tesla’s vehicles in particular are tempting targets for hackers because they have mobile data connections, which allow the company to push firmware updates to them like smartphones. Tesla used this system to roll out an update last year that raised the suspension height at highway speeds after several fires due to underbody punctures of the battery. That’s exactly the kind of system miscreants who are out to cause mayhem would take advantage of. Some previous hacks are comparatively minor in the grand scheme.
It may be Tesla’s heightened awareness of security that has led it to keep the infotainment system locked down. The dashboard and touchscreen are powered by an Nvidia Tegra 3 ARM chip, which would be able to run Android apps with very little modification, but it would be a daunting task to ensure that none of those packages introduced new vulnerabilities. Musk has mused about creating a virtualized environment for running apps, but nothing has come of that yet.
By showing up at DEF CON and seeking assistance, Tesla is trying to stay ahead of the curve. The company previously hired noted tinkerer and security expert Kristin Paget to lead its bug hunting efforts. This focus on security has helped Tesla avoid any serious issues thus far. In one presentation at DEF CON, a pair of researchers showed that some cars have open WiFi and Bluetooth access points connected to automated parking and brake control systems. That’s a major security no-no.
Consumers are always wary of new technologies, as evidenced by the reaction to those fires last year. If a Tesla vehicle were ever the victim of a serious remote attack, the consequences for the company could be dire. The DEF CON recruitment drive is just the start — some car company is going to be the victim of the first cyber attack on a connected car, and Tesla wants to make sure it’s someone else.