Last week, a team of Chinese hackers named KeenLab posted a video to YouTube demonstrating their ability to remotely hack into Tesla cars and take control. Tesla detailed its response to the security vulnerability to Wired on Tuesday, and the electric car company says everything is pretty much fine.
Essentially, Tesla made its software as secure as Apple products, by requiring any new firmware to be code-signed. Now, as is true with Apple, no one but Tesla holds the key.
Without a code-signed system, hackers were able to control everything from the windshield wipers to the brakes. Self-driving cars, which rely on computer systems to navigate and drive, would be exceptional targets for malicious hackers. If a hacker can take over any part of the car’s control system, he or she could unleash havoc. Anyone driving a “self-driving car” would be vulnerable, and could, at any moment, find themselves driving a hacker-controlled car. All the safety statistics that Elon Musk loves to tout about his autonomous software would go out the window, fast.
Now, though, unless someone acquires the secret, cryptographic key, no one will be sneaking into Tesla’s software. Any firmware installations, which KeenLab employed to gain access to the cars’ infotainment systems, must be validated with this key. Anything unvalidated will fail, and hackers will thereby be locked out.
The security update went above and beyond. Tesla could’ve merely patched the specific vulnerability, but instead opted to roll out the cryptographic validation security suite. (KeenLab, because it’s a reputable organization and not a bad hacker squad, showed Tesla exactly what it had done, and were rewarded with a paycheck, or “bounty.”) Tesla had been working on the suite for months, Tesla CTO JB Straubel told Wired, but the KeenLab exposé made it quicken its pace. “Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust,” he told Wired’s Andy Greenberg. Other car companies with dreams of autonomy would do well to follow suit.
Here’s the original KeenLab video, to demonstrate what could’ve been: