Def Con 23 (2015) wound down on Sunday, but participants and analysts generally agreed this year’s hackers’ gathering was another smashing success. One of the stars of the show was a Tesla Model S displayed prominently in the middle of the conference’s Car Hacking Village. The EV maker was the only auto manufacturer with an official presence at Def Con, although most major automakers did send representatives to the conference.
One of the most hotly anticipated presentations at Def Con 23 was the session given by well-known cybersecurity researchers Kevin Mahaffey and Marc Rogers on how to hack a Tesla Model S. The pair gave a demonstration of a method to remotely unlock the doors of the Model S, start up the EV and drive away. They were even able to control the infotainment systems and give a “kill” command to to shut down the vehicle and bring it to a stop.
Tesla has been working very hard on securing the Model S from computer attacks since the inception of the project. The firm is known for actively soliciting input from the hacking community, and offers a “bug bounty” that was recently boosted to $10,000 for pointing out new security flaws.
Details on the Tesla Model S hack
After they had full access to the Model S electronic systems, they found several ways to access the control network, but all had been anticipated and blocked. After dozens of false starts, the pair finally they came across a breach that the Tesla engineers had not considered.
“This is where I literally cried,” Rogers said, only haof joking. “After months of hunting big game, it cracked in under a second.”
The men then took the Model S to an empty parking lot, where, with Mahaffey driving, Rogers used his iPhone to give commands to the now-hacked Tesla. The vehicle’s screens instantly turned off, the engine stopped and the car came to a sudden stop.
Of interest, the researchers also found out that Tesla had taken some steps to mitigate a malicious hack. For example, when attacked at speeds over 5 mph, the vehicle automatically shifted to neutral, meaning it could just coast before stopping. ”You still retain full control of the car,” Rogers pointed out. “It’s phenomenal.”
Researchers say Tesla has very strong cyber security
Although they were eventually able to access the car’s systems, Rogers and Mahaffey were extremely impressed at how well the Model S security had been designed and how tough it had been to breach the car’s security.
“We found it was designed very, very well,” Mahaffey noted. “It’s important to realize all of the ways we didn’t get in: It was failure, failure, failure.”
Roberts continued to add: “This is a phenomenal design, more like the way airplanes are designed than cars. It took a lot of thinking outside the box” to hack the car’s systems.
Note that the pair had complete access to the electronic systems of a Model S for months, including removing the dashboard so they could fully access all of the electronic systems. Also keep in mind the hack also required physical access to the vehicle’s Ethernet port, so if you keep your Tesla in a locked garage, it can’t be hacked.