Tesla infotainment system vulnerable to remote hacking

Hackers can remotely access and control various functions of a Tesla car, including turning off lights and honking the horn, by exploiting three vulnerabilities, according to researchers.

Security firm Synacktiv's researchers recently discovered vulnerabilities in Tesla's system, which they presented at the Pwn2Own conference in Vancouver. Although the researchers claim that the worst-case scenario caused by these vulnerabilities is to tamper with a driver's system with some disruptive tactics, Tesla informed them that they could not turn on and off the car or steer the wheel. However, according to one of the researchers, Eloi Benoist-Vanderbeken, there may have been a possibility of doing so, given their understanding of the car's architecture. Nonetheless, they await confirmation of their claims once they get their hands on a Tesla.

One vulnerability was exploitable via Bluetooth, while another allowed the researchers to elevate their privileges and gain root access, giving them free rein to execute code in the infotainment system. The last vulnerability enabled them to control the security gateway, a component responsible for sending commands to the car. Despite these vulnerabilities, the researchers commended Tesla for its mature sandboxing system, which isolates components and makes it harder to gain higher privileges by hacking into one of them.

Vincent Dehors, one of the researchers, stated that Tesla's system is not yet at the level of a modern browser running on an iPhone or an Android, but it is not far from it. He also pointed out that Tesla cars are highly connected to the internet, making them more vulnerable to attacks than other cars. The researchers confirmed that Tesla is already working on patches for these vulnerabilities, and updates will soon be released to the cars.