Can Teslas be Hacked?

We live in an age where technology has embedded itself into nearly everything. Cybersecurity threats have become increasingly abundant over recent years, and our transportation system isn’t immune. So, can Teslas be hacked?

Not only can Teslas be hacked, but the company also rewards hackers with a handsome sum of money to discover their vulnerabilities. Tesla isn’t the only car manufacturer to have been associated with hacking, but they are one of the ones doing the most about it.

We live in a world that is very connected. As such, it means that unsavoury characters can connect to the products we own when we least expect it. Fortunately, there are many good hackers out there who are working hard to find security vulnerabilities before the bad guys do. 

Tesla happens to be one of the companies who not only works with these hackers and responds to their threats quickly, but they also regularly reward hackers when they do find vulnerabilities in Tesla systems.

Hacking for a Half a Million

There might not be another company out there that’s more welcoming of hackers. For years, Tesla has offered attractive prizes to people who are able to identify flaws in their vehicles. Their most recent offer? Half a million dollars

Modern Teslas have computers on board—like most other cars in this day and age. As such, this presents a certain risk of being vulnerable to hackers. While Tesla’s certainly aren’t immune to this type of threat, neither are the other trillions of products that contain computers. 

From baby monitors to Amazon Alexa, we live in a world where technology is embedded into most aspects of our life—and issues of hacking have made their way into most of them. Humans have created some pretty cool things, but we’re still working out how to keep them safe. 

Well, Tesla wants to get there. The Tesla Model 3 is considered their most secure model and they want to reward anyone who can prove otherwise. They’re offering $500,000 to anyone who can hack the car.

Pwn2Own 

Pwn2Own has welcomed elite security researchers and hackers since 2007. The event challenges contestants to successfully “pwn” (control) popular products. In 2019, the Samsung Galaxy S10 was notoriously hacked. Twice.

Pwn2Own 2020 just wrapped up in Vancouver and Tesla had more than $1,000,000 worth of cash and prizes on the line, including the brand-new Model 3. While weaknesses were found in Oracle VirtualBox and Adobe Reader products, it appears that no team was lucky enough to be able to successfully hack the Tesla Model 3. Oh well, there’s always the next competition.

How can they be hacked?

Tesla has been in the news over the past couple of years. From using radio and computing equipment to clone the key fob to deconstructing the car to steal the IP, Tesla uses computing technology that makes their cars vulnerable—like many other products and vehicles in today’s society. However, “hacking” a Tesla doesn’t necessarily require high-tech equipment.

Speeding

Recently, McAfee researchers found that they were able to trick a Tesla into speeding, even when the intelligent cruise control feature was engaged. While not technically “hacking” in the traditional sense, the researchers revealed that the vehicles would misread a speed limit—without any high-tech equipment involved.

Simply by placing a sticker or tape to trick the car’s camera system, they were able to make the car misread the speed limit sign. They just slightly changed one of the numbers, but it was still enough for the EyeQ3 camera to activate the Tesla Automatic Cruise Control and cause it to speed. In this case, it made the mistake in thinking the 35 MPH speed limit was actually 85 MPH.

Switching Lanes

McAfee wasn’t the first organization to demonstrate a flaw in Tesla cameras. Last year, a group of cybersecurity hackers from Keen Security Labs in China used stickers (again!) to create a fake lane. The module lane recognition function in the Model S fell for the prank and was tricked into what could have been an opposing lane with oncoming traffic.

Keen is made up of a group of “white hat” hackers—those who are using their hacking skills for good. They’re actually listed in the “Security Researcher Hall of Fame” on Tesla’s website and have been working with the company since 2014 to expose potential vulnerabilities.

In fact, it was keen who was able to remotely hack a Model S using a WiFii hotspot. Within 10 days, Tesla not only responded to the threat by deploying an over the air software update, but also rewarded Keen for their discovery.

Fortunately for drivers, Tesla’s Autopilot is not yet 100% autonomous. So, in a case like this, the driver could hopefully steer the vehicle back into the safe lane after a faulty response by the system.

Not Just Tesla

Cool vehicular technology is, well, cool. But it can also get kind of risky. As cars become increasingly connected, they can also become increasingly compromised. Threats face all areas of the automotive sector.

Just last year, hackers targeted the car sharing service Car2Go and more than 70 vehicles were compromised within a few hours. It’s not just the cars themselves that are at risk, in Vietnam hackers used cars’ computing systems to access information of more than three million Toyota customers. Some of us may also remember the video showing that Jeep Cherokees can be controlled from afar—all thanks to the internet.

Because of their human-less nature, driverless cars pose additional threats. Internet-connected vehicles have been associated with a range of problems over the past couple of years—some involving fatalities.

A 2019 Georgia Tech simulation demonstrated that a future with autonomous and internet-connected cars could cause a lot of problems. Using a simple security breach, the simulation showed that by stalling 20% of the internet-connected cars, Manhattan traffic could be stopped in its tracks. The researchers hoped to show that they didn’t even need to attack all cars, just a small percentage would do enough to have a big impact.

While the study’s city of choice was Manhattan, any large city could be considered to have the same impact. Hacking damage could actually be worse in cities like Boston or Atlanta because of less efficient traffic grids.

Put simply, a relatively easy hack could have the power to shut an entire city down.

Tesla’s Tightening Up

While there are many “white hat” hackers out there working for good, there are “black hat” hackers, too. Malicious apps and programs could theoretically infiltrate the cybersecurity system of a vehicle just like they do a phone or computer. Drivers certainly play a role in staying vigilant and safe, but it’s good that we have companies like Tesla to do most of the leg work.

It’s important to talk about Tesla with all of this because they are leading the way when it comes to not only discovering security breaches, but also addressing them. Their over-the-air software updates are revolutionary and quick. In fact, they’re paving a path for what all cars in the future will need to do to stay safe.

So, well yes, it is possible for a Tesla to be hacked, they’re just one part of a broader risk to modern vehicles—especially when it comes to self-driving cars. Although they are exciting, completely safe models have yet to arrive. Whether reports of hacking or simple measures that trick Teslas, these all demonstrate that modern cars, and the technology they use, can still fall short.