Real World Attack – Tesla
This issue arose after the attackers reviewed the architecture for two years. Due to the labor and equipment intensity, this was not an easy hack (Heisler, 2015). With the physical nature of the attack, this would be applicable only in limited circumstances.
This is a physical attack on the vehicle. The attackers presented this at DefCON 2015 (Pagliery, 2015). The attack is basic enough. The attacker has to have a location not proximate to others. The attack surface was behind the dash of the vehicle. The attacker had to plug their laptop into a port behind the driver’s side dash. While the dash has been removed, revealing the port, the attacker could plant a Trojan. As an additional point of interest, the infotainment system was using as out of date browser (Zetter, 2015).
When successful, the attacker is able to shut down the vehicle and force it to stop (Ward, 2015; Masunaga, 2015). They were able to open the doors, make the display present faulty information, or pop the trunk (Pagliery, 2015). On a positive note, Tesla quickly reacted and patched the issue. These were effectuated with an OTA patch (Hall, 2015; Heisler, 2015).
Hall, G. (2015, August 7). Tesla issues fotware patch to guard against vehicle hack. Retrieved from http://www.bizjournals.com/sanjose/news/2015/08/07/tesla-issues-software-patch-to-guard-against.html
Heisler, Y. (2015, August 14). Want to hack a car? Don’t try hacking a tesla. Retrieved from http://bgr.com/2015/08/14/tesla-hacking-model-s/
Masunaga, S. (2015, August 6). Researchers hack a telsa model s, bring car to stop. Retrieved from http://www.latimes.com/business/la-fi-hy-telsa-hack-20150806-story.html
Pagliery, J. (2015, August 6). Tesla fixes bug after hackers hijack model s. Retrieved from http://money.cnn.com/2015/08/06/technology/tesla-hack/index.html
Ward, M. (2015, August 6). Warning after security experts hack tesla car. Retrieved from http://www.bbc.com/news/technology-33802344
Zetter, K. (2015, August 6). Researchers hacked a model S, but tesla’s already released a patch. Retrieved from http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/
About Charles Parker, II
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s
background includes work in the banking, medical, automotive, and staffing industries.
Mr. Parker has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.