Software Flaws Allow Tesla Vehicles to be Hacked

Automakers are hiring more security researchers like David Columbo, who recently remotely hacked into several Tesla vehicles.

While it’s not something automakers want to happen, when the electronic controls of a vehicle can be accessed remotely and controlled from a person or computer that isn’t supposed to have access, most automakers want to know how the hack took place to begin to figure out what they should do about it. In this case, the cars that were accessed are made by Tesla, but this isn’t the first time we’ve heard of unauthorized access being made to vehicles.

A Truth as Old as Computers

Technically, as soon as vehicles were using radio waves to operate the locking and unlocking function of the doors, vehicles were at risk of being accessed without permission. As more systems are being computerized, vehicles are being put into a system where they can be updated through over-the-air updates, and added cloud-based systems are being created, they have become more vulnerable to being hacked. It seems to be easy to understand the more technology we have in our cars, the greater chance there is that these vehicles could be accessed by someone intending to do harm.

Thankful for Technology Specialists and Security Researchers

Because the term “hacker” has a negative connotation, many that are working to aid the automotive industry to find security flaws have taken on new titles. David Columbo (just the right name for someone in the security field) is a security researcher or information technology specialist who happens to only be 19 years old. That hasn’t stopped him from being an expert that has found a flat in some of the systems that are being used for the Tesla vehicles that he hacked into and was able to access.

What Did Columbo Find?

The access that Columbo was able to obtain for the more than 25 Tesla cars he accessed, which were in 13 different countries, had a software flaw that allowed him to gain access to some of the systems. This access gave him control of the doors, windows, starting the vehicle without keys and disabling the security system. He also said he could see if a driver was present in the car, turn on the stereo, and flash the headlights. Unfortunately for the vehicles accessed, he could turn the stereo up and flash the headlights while the driver was operating the vehicle.

Thankfully, Columbo stated he could not actually drive the vehicle remotely, even though he could start the car.

A Smart Move by David

Instead of publicly Tweeting what the specific flaw was, Columbo chose to create a report for Tesla to help the company improve security and avoid future vehicles being hacked the same way. David did tweet about several of the ways he was able to control different systems of the vehicles he gained access to but chose to let the way he accessed these cars to be something he would put in his report.

What he did tell Bloomberg News was that the fault was not in the Tesla software or hardware, but the fault of the owners and a specific third party. Even though asked what the specific flaw was, he kept it under wraps. His Twitter thread has been filled with responses with more than 800 retweets and thousands of likes regarding what he found and how he could control a few of these vehicles.

A Reward Might be In Order

Tesla, like many other automakers, will pay security researchers that find flaws within their systems. This company pays up to $15,000 for researchers to find vulnerabilities in their systems, but mostly when a researcher registers their own vehicle for testing. There’s no telling whether or not David Columbo will be given any reward for finding this flaw.

Currently, Tesla’s security team is looking into the issue he found to figure out what they need to so that customers can be protected and future Tesla models won’t be hacked the same way.

Raising the Classic Question

If reading this makes you think that somehow Tesla is the only company to have security issues in its technology or that it has too much technology, making these vehicles vulnerable to being hacked, you would be wrong. Every automaker is working to find ways to improve security, avoid their vehicles being accessed without permission, and improve the confidence and privacy that owners enjoy in the models they drive every day.

As more research goes into the development of autonomous technology, the question of whether or not we will be able to trust self-driving cars is one that raises its ugly head. As more streets are mapped out electronically, and autonomous vehicles are being tested, we have to wonder if there are hackers out there waiting to take advantage of our reliance on technology.

Going Backward is Not an Option

Thankfully, there are security researchers, like David Columbo, who continue to work to find the flaws in various systems and report them to the automakers rather than simply create chaos for their own amusement. As these experts continue to point out where various systems are vulnerable, we can feel confident in the vehicles that we drive and enjoy every day.

For those thinking we should go back to a time when computers weren’t installed in vehicles, that time is long gone and will not return.

Regulations Wil Slow the Process, but Not Halt It

Many of us are not ready to give up control of our vehicles to allow the car to drive without our intervention. Even though there are some systems already in place that allow drivers to let go of the wheel and take their feet off the pedals for a short period of time, we don’t have autonomous driving technology that’s been approved yet. Regulators will likely slow this process until it can be made extremely safe, but they won’t be able to halt the forward direction of technology being used in vehicles to create a greater level of autonomous driving, which could be vulnerable to being hacked.

Are you ready for the future of driving?