Article Image

IPFS News Link • Business/ Commerce

Tesla Responds to Chinese Hack With a Major Security Upgrade

• https://www.wired.com

Hacking any system as complex as a car requires digging up not just one vulnerability but a series of exploitable bugs that create a path through the target's maze of defenses. So when researchers at the Chinese firm Tencent revealed they could burrow through the Wifi connection of a Tesla S all the way to its driving systems and remotely activate the moving vehicle's brakes, they exposed a chain of security problems.

Tesla could have reacted by fixing any one of the bugs to block the attack. Instead, it went further, implementing a more fundamental security feature that will make the next hack of its vehicles more difficult for even sophisticated hackers to pull off.

Tesla added a measure that requires any new firmware written to components on the CAN Bus—the internal network of computers that control everything from steering and brakes to windshield wipers—be digitally signed with a cryptographic key only Tesla possesses. The new protection, known as code signing, was pushed out wirelessly in a software update earlier this month to all Tesla S cars and Tesla X SUVs. It amounts to far tighter control over who can reprogram sensitive components. The upgrade makes Tesla's in-vehicle security systems less like a malware-prone Windows PC and more like a locked-down iPhone.

"Cryptographic validation of firmware updates is something we've wanted to do for a while to make things even more robust," says Tesla's chief technical officer JB Straubel. Straubel notes that Tesla has been working on the code-signing feature for months but accelerated its rollout when the Tencent hackers reported their attack. The Tesla security team pushed the fix to all Tesla S and X vehicles within ten days. The feature, he says, should be considered a standard for the auto industry, hardening cars' internal networks even against hackers who have found an initial foothold in the form of another software flaw. "This is what the world needs to move towards," Straubel says. "Otherwise the door is thrown wide open anytime anyone finds a new vulnerability."


thelibertyadvisor.com/declare