According to USA Today,
“In March, a Tesla Model 3 was hacked.
The duo responsible for uncovering the vulnerability accessed the car’s web browser, executed code on its firmware and displayed a message on the infotainment system before making off with the Model 3 and $375,000.”
That's a wrap! Congrats to @fluoroacetate on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo. pic.twitter.com/Q7Fd7vuEoJ— Zero Day Initiative (@thezdi) March 22, 2019
The hackers didn’t remotely take control of the car or wreak havoc on its door locks or brakes while an innocent driver sat inside. They weren’t even able to break into any other systems in the electric vehicle, and the cash they took came in the form of a check from Tesla themselves.
This was all part of a cybersecurity contest called Pwn2Own, which is an event where Tesla pays serious cash to any person smart enough to find previously unknown bugs in their vehicles and electronics. If the hackers and developers can correct said weakness then it helps Tesla protect the people who drive its vehicles, or at least that’s the hope.
As more and more cars become basically just hi-tech computers on wheels, vehicles — like everything else that connects to the internet — are inherently hackable. That means every smart car, theoretically, could be broken into and controlled on some level by hackers, criminals or worse. Because of these threats auto manufacturers have been moving to using more than just their internal security teams and will continue to crowd source in order to further develop their security for their vehicles.
For Tesla and other manufacturers that means entering cars in third-party testing competitions or implementing other “bug bounty programs” to encourage security researchers to actively locate and report any hot spots on the company’s hardware. At face value, encouraging outsiders to search for flaws may appear counter-intuitive but it does not only give skilled hackers a chance to flex their big brains, but it also helps companies like Tesla, GM and others strengthen car security.
In a recent statement Tesla said, “We believe that in order to design and build inherently secure systems, manufacturers must work closely with the security research community to benefit from their collective expertise”. Tesla used a software update to fix the vulnerability found by the “white hat,” or ethical hackers, which is great for drivers because they won’t have to visit a repair shop or pay fees to get a car’s software updated.
It’s great to see that Tesla is actively trying to improve their systems and are not sitting on their laurels when it comes to security for their electronic vehicles.