Earlier this week, it was reported that a 19-year-old hacker, David Colombo had successfully hacked into 25 Tesla cars, remotely controlling the doors and windows of the car, as well as on the car’s radio, headlights and start the car’s engine.
“Reports that a young German hacker, David Colombo has been able to hack into a number of Tesla cars is sending shockwaves through the automotive industry and taps into our worst fears like our vehicle being taken over by a stranger while we are driving.” Lotem Finkelstein, Head of Threat Intelligence and Research for Check Point Software Technologies said.
“Looking into this in a little more detail, this is not quite at that threat level but worthy of our attention, nonetheless. Colombo was not able to take control of any vehicles in that sense but claimed he was able to control some peripheral devices on 25 poorly maintained Teslas like the volume of the sound system, windows and lights and critically he was not able to execute code on any of the compromised cars and certainly was not able to get into the drive control system. He reported the hack to Tesla and they are investigating. Colombo says this is not an inherent vulnerability in Tesla and that car owners should be able to block his intrusive access.”
“I would challenge this conclusion. Can we really expect users to be familiar with the software configuration of a complex and highly technically advanced product like a modern automobile? Surely cars, of all things need to be secure ‘out of the box’ and secure to the highest standards. It should not be possible for the driver to allow remote access to their vehicle either by a given action or indeed inaction.”
“That said, I can foresee a future where users will need to assume some responsibility for the cyber safety of their vehicles. If, God forbid, a hacker took control of your car and you had an accident, it would not matter whose fault it was that the car was not secured, you would want to do everything in your power to prevent it. Sure, we expect manufacturers to provide a fully secure vehicle but our experience in cyber tells us this is not something that can be 100% guaranteed for ever. In the same way that we expect to be proactive in protecting our laptops and phones, I suspect we will need to take a more hands-on approach to ensuring our cars are protected from cyber-attacks. Indeed, when the lives of ourselves and our families are in danger, users will start to demand a level of personal control over such risks.”
Tesla is currently investigating the matter.