Tesla skeptics are quick to point out that the popular electric cars may be susceptible to hackers. While that’s true of most cars in today’s digital world, it is more apparent due to the fact that Tesla’s vehicles are covered in screens and sensors.
Recently, it was revealed that a white hat hacker gained control over every existing Tesla vehicle through a “fleet-wide hack.”
The incident reportedly took place in 2017 but was just brought to light by a story on the Telsa-focused website Electrek. Fortunately, the hacker didn’t try to exploit the vulnerability for malicious purposes. He instead alerted Tesla so that a patch could be rolled out.
Still, the incident raises “what if” questions about the security of Tesla’s vehicles.
Too Good to Be True
White hat hacker Jason Hughes was shocked to discover an escalating series of weaknesses in Tesla’s fleet management systems. Ultimately, he gained access so deep in the system that he could find the location of every existing Tesla vehicle. Moreover, Hughes could remotely activate the cars’ “Summon” feature, causing them to start driving.
Given the gravity of the situation, he immediately reached out to Tesla’s head of software security. He was then asked to prove the validity of the hack by activating the Summon feature of a car located in California. Hughes did so successfully. That landed him an unprecedented $50,000 payday from Tesla’s bug bounty program.
The security team quickly released a patch for the security hole to ensure that nefarious hackers couldn’t exploit it.
The newly reported story clarifies some strange comments that Tesla CEO Elon Musk made during a 2017 event in Rhode Island. He said, “In principle, if someone was able to say hack all the autonomous Teslas, they could say— I mean just as a prank—they could say ‘send them all to Rhode Island’—across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”
It now appears that those comments came shortly after Hughes discovered the fleetwide vulnerability. What consumers didn’t know is that such a “prank” was closer to reality than anyone expected.
Fortunately, the likelihood of such a vulnerability existing today is slim. Tesla has invested heavily in its cybersecurity efforts in recent years to ensure that both its internal networks and its cars are safe.
One method of finding bugs is its Pwn2Own hacking competition. It challenges hackers to find vulnerabilities in the Model 3’s system. Those who find certain weaknesses are rewarded with a brand-new Model 3.
Ultimately, Tesla drivers probably don’t have much to worry about today. Thanks to the fact that white hat hackers are working relentlessly to crack Tesla’s systems, they are safer than ever.
Still, there will always be a seed of doubt. If a vulnerability that lets hackers take control of Tesla’s entire fleet existed once, a similar one could be lurking within billions of lines of code.