Tesla Model S Has Been Hacked

cartechboy writes: First, it was Chrysler last month with its Uconnect system being hacked while being driven down the road. Now, it's Tesla's turn. That's right, the Silicon Valley automaker's very own Model S electric car has been hacked by two white-hat hackers. The duo were able to manipulate the speedometer, lock and unlock the car, and at speeds of less than 5 mph they were able to make all the electronics go blank and shut down the car while engaging the emergency parking brake dragging the car to a stop. Tesla's already issued a software update that owners can download to path the security flaw. Welcome to the new world where cars can be hacked thanks to all their electronics.

FP

[Anonymous Coward]

IoT sucks! Welcome to the future.

Re:"Emergency Parking Brake"Re: FP

[JazzLad]

I use is in emergencies all the time in the winter. Every time I'm in a parking lot after a fresh snow, I urgently need to do 90 and 180 degree turns repeatedly. I assumed that was what it was for as it works perfectly - what do you use it for?

Re:"Emergency Parking Brake"Re: FP

[Maxwell]

Your outrage is misplaced. You can indeed use the emergency brake in an emergency. I have done it. Many others have. It's not great, but it works.

When hydraulic brakes were introduced there was concern that if they failed, the driver would have no way to stop the vehicle. So, regulations were added to require every car with hyrdaulic (or electric) brakes to also have an Emergency brake that was totally manual and not connected to the hydraulic system. This was to satisfy FMVSS 105 (now replaced with FMVSS 135):

" Vehicles shall be capable of stopping under partial failure of the service brake system, inoperative brake power assist unit or brake power unit, antilock failure, variable proportioning valve failure, and with the engine off"

There is a maximum distance and pedal pressure specified.

FMVSS 135 also states:

"Each vehicle shall be manufactured with a parking brake system which, when engaged, shall be capable of holding the vehicle stationary on a specified grade for a specified time. "

I have never seen a passenger vehicle with two separate systems, so the Emergency Brake is also the Parking Brake. Or handbrake if you prefer as it is manual brake.

Why would you NOT use the e-brake in an Emergency? You are barrelling down the highway at 70mph when your oil filter lets go. Your engine overheats and fails within seconds. Do you a) do nothing or b) use the ebrake to slow down and pull over? why would you not want to save your own life?

Re:

[perryizgr8]

Why can't you just use the normal pedal brakes? They are still more powerful and easy to control even without the power assist.

Re:

[drinkypoo]

Why would you NOT use the e-brake in an Emergency?

Because locking my back wheels at 70mph isn't going to end well for me. I'd use the normal brakes (which still work fine without the benefit of servo assist) so at least I'd have partial steering.

Yeah, that wasn't actually a great example. Here's a better one. You're driving down the highway, go to push the brake pedal, and the pedal falls off, the linkage to the master breaks, the plug works out of the master and the piston shoots out, powered by a stout steel spring. What do you do? Yeah, sure, you downshift. That's it?

You or I can reasonably push down the brakes well enough to stop even without servo assistance. At least, I know I can. But in a lot of vehicles, it's very difficult, and not every

Re:

[0100010001010011]

Yeah, that wasn't actually a great example. Here's a better one. You're driving down the highway, go to push the brake pedal, and the pedal falls off, the linkage to the master breaks, the plug works out of the master and the piston shoots out, powered by a stout steel spring. What do you do? Yeah, sure, you downshift. That's it?

You turn the car off and leave it in gear.

Re:

[sjames]

The ebrake will NOT lock your wheels up as long as you have a bit more finesse than an angry gorilla. Press and hold the button in and lift the lever until you feel it begin to grab. Do not yank the lever up like an idiot.

Re:

[sjames]

It *IS* awkward but I have actually done exactly that. The handbrake is preferable for that situation, but the foot operated brake is usable in a pinch.

You can always push it down slowly to stop, and then release it.

This is something everyone should practice in a safe area just in case. It's part of being a safe driver.

Re:

[morgauxo]

What a stupid strawman!

Why would you lock your back wheels? Have you actually ever tried your emergency brake? No car I have ever owned is capable of applying enough stopping power to actually lock the wheels. It only slows them down.

Also.. don't yank up on it. You wouldn't slam your foot brake at that speed would you? Hold the button down on your emergency brake so that it doesn't lock and ease it up just like you would with your foot!

Re:

[Applehu Akbar]

I have actually used the handbrake as a backup brake after a total brake failure (Volkswagen Rabbit, the Segway of cars). Yes, it's an emergency brake.

Re:

[sjames]

Actually, I *HAVE* used the emergency brake in an emergency. I stepped on the brake pedal and nothing happened so I carefully used the emergency brake to come to a safe stop. It sure worked as an emergency brake for me.

Now don't you feel dumb?

Re:

[morgauxo]

Then what would you recommend one do if their brake fluid leaks out?

The emergency brake works via cable. It will pretty much always work. Pop a leak somewhere and the rest of your braking system.. being hydraulic becomes useless quickly. That's why we call it an emergency brake!

The trick is you don't just yank the handle up and set it like you would when you park on a hill. Stay calm. Keep your finger on the button, you don't want it locking!. Ease the handle up carefully. Don't suddenly force it when you

Re:

[dryeo]

My parking brake is foot operated.

Sure...

[Jason Valdron]

What the summary fails to omit is that you first need physical access to the car and since they have the ability to do updates over-the-air, they don't need to recall more than a million vehicles to fix the issue.

Re:

[fche]

"they have the ability to do updates over-the-air"

That facility better be rock-solid, lest it be another way in. (I doubt it's an open & audited protocol.)

Re:Sure...

[sxpert]

it's https over openvpn... I'd say it's good enough

Re:

[Ol Olsoc]

it's https over openvpn... I'd say it's good enough

I wonder if there's a backdoor so that law enforcement can end a chase or make certain you stop for a roadside inspection or whatever.

Re:

[bobbied]

Jeepers man, You've reinvented LO-Jack...

Re:

[Ol Olsoc]

"I wonder if there's a backdoor so that law enforcement can end a chase or make certain you stop for a roadside inspection or whatever."

Microwave burst jamming of electronics works pretty well. The Tesla, for all its advances in construction, is still not close to being a faraday cage like vehicles from the 70s and 80s. Since it's meant to receive microwave transmissions for data uplink, you've got an instant avenue of attack.

Imagine once we get self driving cars. Late on your child support payments? You hop in the car, your smartphone says you are there, and it drives you right to family court - after locking you in of course. Missed a car payment? You wake up in the morning to find your car isn't there - It drove itself back to the dealership. And an awesome way to destroy the competition. I can see teams of hackers at say, Toyota, working their way into creating a bogus Ford update to create a crashocalypse to discredit them

Re:

[internerdj]

So, if it gets a repossession packet, who is liable for damages if the vehicle drives itself back to the dealership and has an accident between the owner's home and the dealership?

Re:

[dryeo]

I thought a Faraday cage has to be grounded to actually work. I know that at home, about the only place I sometimes get cell reception is when my phone is in a little cubbyhole under the dash, surrounded my metal. Pull the phone out and watch it lose the signal.

Re:

[adolf]

No. A Faraday cage need only be continuous, conductive, and with any holes that might exist being smaller than some known (if I could be bothered to look it up) fraction of a wavelength of the signal to be blocked.

Its primary function is to function as a short-circuit to RF fields, not a sink to ground (although grounding it certainly doesn't hurt).

Anecdotes from the real world: I used to have a Faraday bag for my work-provided GPS-tracking cell phone, and it worked fine. Modern wallets are sometimes fun

Re:

[ZeroPly]

No. It's certainly not "good enough". That's laughably optimistic - the Heartbleed bug is still fresh in our memory, and SSL is one of the most used libraries in the world.

The only that that's good enough is a mechanical switch that disables all changes to the firmware and operating software. If you want to get updates, you go to the car, flip the toggle switch by the ODBC port, and run the updates. As soon as you're done, you flip the switch off. With that switch in the off position, the car is capable of

Re:

[masterofthumbs]

If an update goes out that inadvertently breaks every Tesla, a patch can be quickly distributed without having to wait. Assume they don't have OTA update capabilities. How does a user get a new update? If they have to go to the dealership, this can be difficult as states do not allow for Tesla dealerships to exist so you would have to drive a long distance just for software update. Any bugs in the latest update will now require you to go back to get version X.X.1 for that simple patch. Instead, lets let the

Re:

[Ol Olsoc]

What the summary fails to omit is that you first need physical access to the car and since they have the ability to do updates over-the-air, they don't need to recall more than a million vehicles to fix the issue.

Oh thank God. I have no idea why everyone doesn't do this wirelessly - cuz on the air updates are perfectly secure.

Should be pretty secure

[sjbe]

Oh thank God. I have no idea why everyone doesn't do this wirelessly - cuz on the air updates are perfectly secure.

Unless someone has physical access to the car they should be very secure as long as the encryption algorithms used are secure. Key distribution isn't a problem because Tesla can load up the car with a cryptographic key during manufacturing. Hell they could even put in a stack of one time pads if they wanted. Key distribution is usually the big problem but it's not (or shouldn't be) an issue here.

While they could always make an error somewhere along the way, it should be reasonably straightforward to make

Re:

[Ol Olsoc]

Oh thank God. I have no idea why everyone doesn't do this wirelessly - cuz on the air updates are perfectly secure.

Unless someone has physical access to the car they should be very secure as long as the encryption algorithms used are secure.

"Should" is the operative word here." As long as" is another.

Because people are trusting their life to a system that has consistently proven that it is not secure. It should be, but isn't. As long as no one discovers exploits, it should be safe.

We trust our lives to a lot of things

[sjbe]

Because people are trusting their life to a system that has consistently proven that it is not secure

You know what else I'm trusting my life to? You not turning your steering wheel a quarter turn left when we pass each other on the road. I'm trusting that you will actually stop at a stop sign. I'm trusting that my airbag will not malfunction. I'm trusting the ignition to actually work. I'm trusting that you are capable of driving competently unimpaired by alcohol. We trust our lives to a lot of things that have consistently proven to not be secure and this bit of hacking is no where near the top of the danger list. Sure, let's be concerned about it but let's not blow it out of proportion either.

Re:

[Kokuyo]

You need to be upvoted all the way to mars. Seriously, common sense is a rare thing on the net.

Re:

[VAXcat]

Back when cars only had a single hydraulic circuit to run the front and read brakes, the handbrake WAS an emergency brake (although back then it was also usually activated by a pedal). Now that modern cars (since around 1964 or so) have dual circuit hydraulics, a single leak or hose failure is no longer an emergency, and the handbrake is no longer relaly an emergency use item.

Re:

[sjames]

That is not actually true. People do still sometimes experience sudden and total brake failure.

Re:

[kheldan]

WIth regards to 'the ability to do updates OTA':
I've said it before, and I'll say it again: If there is any sort of wireless access to the vehicles' systems, there needs to be a hardwired, unimpeachable switch available to the operator of the vehicle, that turns off that transceiver, preventing it from operating. When a vehicle leaves the factory, ostensibly it's doing so in a 100% operable, fully tested state. If there are updates to the firmware or software after that, the manufacturer should inform the

Re:

[vux984]

and since they have the ability to do updates over-the-air

Then so can the hacker, if not today, then one day?

they don't need to recall more than a million vehicles to fix the issue.

Because there aren't that many. Have they even made 100,000 of them yet?

Re:

[avgjoe62]

I have no idea why this was modded down. It is a very valid question.

Why are drive train components accessible on any car over-the-air? I understand the need for a GPS or entertainment system to access the outside world, but why do the components of the power train or braking systems need to be accessible? Physical separation can't be all that hard and would be so much safer.

Re:

[Iniamyen]

It has to do with the standards laid out for interoperability (I don't know if it's the OBD standard but it's something agreed upon by the players in the industry.) Basically in order to make everything as plug and play as possible it all has to be able to talk to each other, which by definition makes it less secure. There's no such standard/requirement in, say, avionics, which is why you have physically separate networks for the different systems on an airplane.

Future market

[puddingebola]

Some day there will be a market for a car with no on board computer or electronics. The intro to the first Fallout game features a television commercial for a car called the Corvega, with no electronics and no computer for only $199,999.99. In a world on the verge of nuclear war, or one on the verge of computer security catastrophe, sounds like a steal.

Re:

[Higaran]

I can buy almost any car from the 70's or 80's that's in half way descent condition for less that $10k and it would qualify.

Re:Future market

[sinij]

To protect against cyber threats that would work. To protect against nuclear EMP (since we were talking Fallout)? Not so much. Even 70s and 80s cars use coils and ECUs, and that would get fried. What you need is mechanically injected car with non-electronic control. Some of the early 70s Mercedes would almost work, since they used vacuum to control everything.

Re:

[CrimsonAvenger]

To protect against nuclear EMP (since we were talking Fallout)

EMP and fallout are completely unrelated. Presence of fallout doesn't have any impact on EMP effects, and vice versa.

Re:

[Higaran]

He was talking fallout the game series, not fallout as in nuclear.

EMP and Faraday Cages [Re:Future market]

[Geoffrey.landis]

...To protect against nuclear EMP (since we were talking Fallout)? Not so much. Even 70s and 80s cars use coils and ECUs, and that would get fried...

Maybe... and maybe not. Old cars had thick metal hoods. Modern cars often use plastic for parts that don't need to be mechanically strong, but the old ones put the engines inside a pretty good Faraday cage.

Re:

[Higaran]

The question I have is, if the car is not running, or even if the key is out of the ignition would the car get fried? How much voltage would the EMP generate on the cars electrical systems, vs how much does it actually take to fry a car? I'm sure that would vary depending on the distance the car is from the explosion.

Re:

[drinkypoo]

Maybe... and maybe not. Old cars had thick metal hoods.

Does the thickness really matter? As far as I understand, what's most important is whether there's gaps in the structure. There are cars both old and new which have functional holes in the hood, but virtually all of them (except a few notables, like the Corvette — and of course, more expensive and exotic vehicles) are made with metal bodies.

Re:

[bobbied]

To protect against nuclear EMP (since we were talking Fallout)? Not so much.

Trust me on this... EMP is NOT an issue for your automobile... They tested this with a number of vehicles years ago and found that EMP was not a major issue for the electronics in cars.

EMP affects electronics to varying degrees. I break it down into three groups. First there is the "no noticeable" affect group. This is where an EMP has no noticeable affect on the equipment's operation, for a car this means it keeps running. Second there is the "upset" where the EMP causes the equipment to malfunction t

Re:

[slinches]

I'd say there's some risk for electric cars. How would you charge them when the grid is fried?

Re:

[bobbied]

That's true... But it's not the car being broke, but your ability to refuel it being broke.

Gasoline cars will suffer from the same "how can I refuel it" problem. Without power, the local gas station won't be working for you either... I suppose you could manually pump gasoline out of the ground, or have fuel in storage, but if you are a real preper type, you've thought of all that..

Re:

[james_shoemaker]

from the 80's it would likely have electronic ignition, but from the early 70's you might be able to experience the joy of tuning breaker point ignition.

Re:

[bws111]

If you're going for that level of paranoid, don't forget the bulletproof glass, armor plating, etc.

Re:

[puddingebola]

Excellent idea.

Re:

[bws111]

Nope. Those things protect you from accidents. Causing an accident or otherwise messing with the car by hacking is not an accident, it is a criminal act

Re:

[Bob the Super Hamste]

So your saying that my '68 midget will be worth a fortune then, or it will be once I replace the Lucas parts.

Re:

[puddingebola]

Correct, this is what I am saying.

Re:

[bobbied]

Some day there will be a market for a car with no on board computer or electronics.

Not going to happen, both the EPA and the CAFE standards have seen to that. There is ZERO chance you can meet the emission and mileage standards for any vehicle which doesn't include some kind of engine and drive train control electronics.

Unless, of course, you are talking about a future time w/o the Federal Government being around... In which case, buying cars will be the least of your worries...

Old cars and custom cars still exist

[sjbe]

Not going to happen, both the EPA and the CAFE standards have seen to that. There is ZERO chance you can meet the emission and mileage standards for any vehicle which doesn't include some kind of engine and drive train control electronics.

Those only apply to new cars. Old cars are still on the road and probably always will be. Plus you are able to build vehicles yourself that do not meet emissions standards. Not exactly difficult to source an engine and a chassis.

Re:

[drinkypoo]

Some day there will be a market for a car with no on board computer or electronics.

You could definitely do it with relatively little modification to an elderly diesel UNIMOG (or similar) with a hydraulic system, replacing the battery with an accumulator and the starter motor with a hydraulic one. A low-pressure branch of the hydraulic system could operate your "accessories", by which I mean blower fan and windshield wipers. Probably though you would be better off using a 94-98 Cummins motor from a Dodge pickup than the original OM-whatever, or even an OM617 swap. This is because they norm

Re:

[McGruber]

Some day there will be a market for a car with no on board computer or electronics.

Here you go: Hemmings: Ford Model T for Sale [hemmings.com]

Re:

[puddingebola]

Do these come in turquoise?

Re:

[savuporo]

That would be glow plug engine then ?

Re:

[Higaran]

There are too many environmental protection laws now, with out sensors and other various electronics there would be no way to get those type of cars qualified under the various exhaust rules. I'm not sure you could even get such a vehicle qualified under an off road only provision either, because I know that lawn mowers, atv's and the such also have some kind of rules as to how much they pollute.

Re:

[bobbied]

You don't get out of jail free by using diesel. Modern diesel engines on the road today are cuck full of electronic controls used to meet the EPA's standards.

Re:

[Bob the Super Hamste]

There is a market and it is pretty much saturated with about 80 years worth of vehicles. Depending on what you like really nice once can be had for less than $10,000 and it goes up from there. I have a car that if it were restored to be a concourse car it might fetch $12,000 but that would require sinking in many times that amount into it.

Re:

[Viol8]

"ure gas mileage sucks, but it's a fucking TANK in construction and will eat up most any other modern vehicle that decides to get in a collision with it."

Keep believing that myth if you like. Lots of people think it because the bodywork of older cars was stronger than today, however the core structure (usually a chassis but applies to monocoques) was a damn site weaker. And thats before we get onto lack of collapsable steering column, intrustion of engine block, no airbag etc.

So in a low speed bump with a n

But.... BUT!!!

[jmd_akbar]

Didn't they have to physically "break" the car before they got access into it? Your post is clearly a scare tactic.

I want my Cat connected to the IoT

[sinij]

I want my Cat connected to the IoT. Somebody please hack it so it stops leaving hairballs everywhere.

Still not up to Lucas level of electronic security

[Bob the Super Hamste]

Tesla's efforts still won't provide the level of electronic security from remote hacks that old Lucas equipment did.

Re:

[VAXcat]

But it won't require as much replacement wiring smoke as the Lucas electronics did. http://www3.telus.net/bc_trium... [telus.net]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[BESTouff]

Mod parent up ! I peed my pants reading that post, congrats.

Re:

[c]

Yes, but are you willing to take the risk of hackers changing the radio to a country and western station?

Re:

[Khyber]

"as a college grad with more debt than a south american country"

Spotted the Economics Major!

Re:

[nsuccorso]

Fear not, my friend. In just 5 years (10 at the outside) you will automagically own a self-driving car! So sayeth the eager nerds who have no trouble reconciling a world which doesn't even have the collective will to maintain basic infrastructure with a complete sea-change in personal transportation! Future not available in all areas! Personal fates may vary!

Re:

[sinij]

Car repairs are only expensive if someone else does it for you, because then you have to pay labor. For example, bad brakes mentioned in the original post: you potentially have low or old brake fluid (very cheap), rusted and sticking calipers (preventable with fluid changes, have to replace or send to get remanufactured), damaged master cylinder (again, preventable with regular fluid changes, but need new part), bad disks/drums and/or callipers (wear and tear part), or bald tires.There is 66% chance that th

Re:

[amiga3D]

Most people today don't know what a ratchet or wrench is much less how to use one. It's not really that complicated and you can learn but it's so much easier to pay someone else to do it. I learned because I had no money to pay anyone. I once spent a cold winter night busting frozen knuckles changing the power steering pump on an old Chevy Malibu. I got the part for 10 bucks used at a junk yard and scrounged change for new power steering fluid. I was in tears by the time I got it on but it was necessit

They had physical access

[sjbe]

Any car or computer can be hacked when you have physical access to the car. Furthermore Tesla has apparently already issued a patch making this pretty much a non-event.

When they get hacked remotely with no physical access (which is conceivable) then we should sit up and pay attention.

Re:

[jbmartin6]

While true that this is a lot less worrisome than a remote attack, the fact that someone with an ethernet cable can bollix up the car it still attention worthy.

Physical access is the concern, not ethernet

[sjbe]

While true that this is a lot less worrisome than a remote attack, the fact that someone with an ethernet cable can bollix up the car it still attention worthy.

If a bad guy has physical access to my car, what they can do with an ethernet cable is frankly the least of my concerns.

Idiot software developers

[kbg]

The only reason why this is happening is because the software developers are morons. In a mission critical system you never give write access from an entertainment module to critical system. The information system should not have the ability to make any changes in the engine software. The best way to enforce this is to use a hardware read only bus that sits between the entertainment system and engine system and only allow traffic to flow from the engine to the info system but not the other way around.

Editor? What editor?

[gstoddart]

Tesla's already issues a software update that owners can download to path the security flaw

Can we stop calling you guys 'editors', and just get on with 'clowns who post story submissions'.

Because it's quite clear you don't actually, you know, edit.

Re:

[swillden]

Tesla's already issues a software update that owners can download to path the security flaw

Can we stop calling you guys 'editors', and just get on with 'clowns who post story submissions'.

Because it's quite clear you don't actually, you know, edit.

They edit, meaning that they modify the text. The thing is that they generally make it worse, not better.

Only going to get worse

[Doghouse13]

OK, so there's a security patch available. So what? "We regret that you crashed at 85mph yesterday - please download our latest patch?" The problem is not the software per se, but the mere fact that there's external access at all. Because there's simply no such thing as "flawless" code. And the internet's been around long enough to show us that, if there's any legitimate way in, people who want to abuse the system will get in as well, and find a way to subvert it. And right now all we're seeing are "white hat" attacks; just wait until the black hat guys start getting creative.

Re:Only going to get worse

[sinij]

We have seen this play out in IT during 80s and 90s. AV and Firewalls for cars are next. Then they will wise up and move cars to a dedicated network with mutual authentication. Until then, we have 'lost decade' of blue-screen-of-death automobiles. Unfortunately, unlike mostly harmless IT crashes, when auto crashes someone going to get hurt.

Welcome to the new world?

[mark-t]

Welcome to the new world where cars can be hacked thanks to all their electronics.

As opposed to the old world where a car that didn't have any sophisticated electronics was trivial for someone to steal?

Re:

[sinij]

Are you saying that the only way to secure a car from theft is to network it? That is nonsense.

Re:

[mark-t]

I'm saying that this so-called "new world" isn't really new... cars have always been hackable.

Re:

[steelfood]

It's another attack vector, on top of all the existing attack vectors.

The attack vector these electronics close is hotwiring under the dash. This kind of attack doesn't happen as much as you think. More likely, people go for the GPS unit or something other item that's left out in the open, or your wheels and other easily-accessible parts. Stealing whole cars is rarer, unless you've got some collector's piece, and stealing whole cars via hotwiring is very rare. For stealing whole cars, there's a lot of low-h

Re:

[mark-t]

stealing whole cars via hotwiring is very rare.

Right... but it didn't used to be. That's my point... there's nothing new under the sun here.

I hear

[Ol Olsoc]

Adblock, Better Privacy and NoScript is coming out for cars - to be released later this year.

Commander Adama was right

[thedavidcathey]

The only way we are safe from the Cylons is to not network all the systems in the ship together.

Car Hacking

[MagickalMyst]

Car hacking is the most ridiculous thing i've ever heard of!

Seriously, why do we need computers in cars? EFI I can understand; some digital sensors, maybe, a and quartz tuned radio with digital display, sure.

But all of this other crap is just asking for trouble. The fact that someone could remotely access, monitor, and even control your vehicle is downright scary.

Emergency/Parking Brake Hack?

[bjwest]

Isn't the emergency/parking brake required to be mechanical? How can you hack a mechanical cable-pulley system?

And this is why it's called an emergency brake here. Unlike the hydraulic braking system, it's supposed to be able to work no matter what. It's also only connected to the rear wheels, so there's less of a chance the idiot who slams it on will lose control.

Tesla's OTA and The Obvious

[WOOFYGOOFY]

Don't look to Tesla to change the OTA acccess their building into their cars any time soon. I'll tell you why.

There's a frightening amount of electricity generated by their cars and mechanics who don't know what they're doing are quite likely to eletrocute themselves.

Then the headline will be:

Another Mechanic Killed By Tesla Car.

To prevent that headline from ever materializing and destroying their market share, they reserve the right and aiblity to remotely brick the car.

If the car is in an accident, it gets bricked and the only result of trying to start the car is a message on the instrument panel which reads (approx) : "Take car to Tesla service station for service".

Mechanics CAN'T work on Tesla cars.

Unfortunately, when you connect a car to the internet or otherwise make it accessible OTA you dramatically increase the attack surface area.

Here's a few characterisitics of the new attack vectors:

*A criminal can effect many cars at once. Previously, a 1:1:1 ratio existed between criminals, cars and some discrete unit of time.

*A criminal can make a criminal event imitate an accident. Previously, if the car blew up Mafiosa-style or was stolen, the criminal event was clearly recognizable as a criminal event. Even cutting the brake lines left tell-tale signs. Obviously, a surreptitious way to access the car's electronics is, well, surreptitious .

*The attack vectors have mutiplied to as many zero-day exploits in as many electronic parts as could be effected by zero day exploits. Previously, even if there was a theoretical way to access the computer that controlled critical systems, it was still a head-under-hood affair involving that system.

*Zero day exploits aren't going away. There is no "recall" that is going to "fix" the problem because the problem is now a changing target. Previously, just as criminals and car thefts (or other crime) were 1:1, so also were defects and defective components. Recalls could fix the componnt and return the car to service. Now the subsystem is known to be fundamentally unfixable.

If we could stop people from exploiting critical computer systems, we would have done it. A car is not going to be special in this regard.

Hack my bicycle.

[ihtoit]

Bring it.

Re:

[sinij]

The last time my 80s era roadster was patched was when it rolled off the production line. 30+ years on the long-term stable release! Beat that with your Tesla.

Why do we need to connect cars to the internet again?

Obsolete technology

[sjbe]

The last time my 80s era roadster was patched was when it rolled off the production line. 30+ years on the long-term stable release! Beat that with your Tesla.

That's like bragging that you haven't patched your 486DX computer in 25 years. It's an obsolete POS and nobody is really impressed. Do you still use a Motorola MicroTAC [wikipedia.org] phone or an Apple IIe too?

Why do we need to connect cars to the internet again?

Because you can do interesting and useful things by connecting to the internet. Up to date weather, traffic, and map data. Streaming media, OTA updates, OTA patches, inter-vehicle communications, and much more. Seriously you can't think of any use for internet connectivity in a vehicle?

Re:

[Bob the Super Hamste]

The simple solution to that is this [google.com].

Re:

[bobbied]

My Tesla was patched last night. No such luck for my Dodge.

There is always bond-o and fiberglass for that Dodge..

Not that kind of patch eh?

Re:

[Sorny]

"My Tesla was patched last night. No such luck for my Dodge."

Don't have a 1GB USB stick and a web browser to update it yourself?
Take it to the dealer, takes about 20 minutes.
Wait until your USB stick shows up in the mail and do it yourself.

Re:

[Translation Error]

I'm sure they'll release a patch for the article soon.

Re:

[Iniamyen]

"Path" and "issues" are words - spellchecker checks out. Asking someone to proofread is like asking them to test/verify their software before releasing it. Completely ridiculous!

Re:

[bobbied]

It's not like it's rocket science.....