Tesla Motors has provided a prompt and potent fix to the recently disclosed vulnerability in its Model S vehicles.
Two weeks ago, researchers from the Keen Security Lab published their findings about successfully hacking a Tesla via the Wi-Fi. The hack used a spoofed (fake) Tesla dealership Wi-Fi network, which the Tesla vehicles recognize and auto-connect to it. This spoofed network directed Tesla’s web browser to load a page that installed malicious code, giving the attackers remote access to Tesla’s many systems, including safety and driving controls.
Tesla confirmed the vulnerability and released a major security update that not only addresses the reported issues but also hardens the vehicles’ defenses against future malware attacks. The automaker did address the web browser flaw and the vulnerability in the car’s operating system that allowed the attackers to gain control of the car’s systems. But Tesla also went a step further and rolled out cryptographic validation for software, which means that in order to be installed on the vehicle, software must contain a special encrypted signature key known only to Tesla. Any unauthorized software like malware will not be permitted to install.
This fix is already being rolled out to the affected customers, and will be installed as part of a firmware update.