It's a nightmare scenario. You're driving down the highway when suddenly your car takes on a mind of its own. The steering wheel no longer works. You find yourself accelerating to dangerous speeds and the brakes no longer work. Or else, the car suddenly screeches to a halt even though you haven't touched the brakes.
It's all perfectly possible. A team of Chinese hackers from the company Keen Security Lab demonstrated yesterday they could take control of a Tesla Model S--even though they were 12 miles away and the car was not in Autopilot mode. They did it by creating a malicious Wi-Fi hotspot the car unwittingly connected to while Web browsing. Once it connected, the hackers were able to access the car's CAN (controller area network) bus, which oversees the computer systems within the Tesla. Using the CAN bus, they were able to open and close the car's doors, slide the seats forward and back, open the sun roof and trunk, move the side mirrors, and turn the windshield wipers on or off. They could also interfere with the car's braking system.
Being white-hat hackers, the Chinese team immediately shared their findings with Tesla, which deployed a patch over the air that protects Tesla drivers from the vulnerabilities within 10 days. As the company points out, it would have required a particular set of circumstances to hack a Tesla--a specially created malicious hotspot, and a car with its Web browser open as it drives nearby. "Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly," the company told The Guardian.
It isn't just Teslas.
If this story is making you feel smart for not owning a Tesla, get over it. Most modern cars have a CAN bus, and they all appear to be vulnerable to hackers. More than a year ago, Wired reported on a pair of American hackers who were able to take control of a 2014 Jeep Cherokee, exploiting a similar vulnerability, prompting Chrysler to recall 1.4 million Jeeps in order to patch it.
The only way to completely ensure hackers can't attack your vehicle is the same as the only way to completely ensure they can't attack your computer: Keep it off the internet. Goodbye to navigation, entertainment, help finding restaurants and gas stations, and of course your car's Wi-Fi hotspot. Not to mention autonomous driving. Most car owners (like most computer owners) will be unwilling to roll back the clock on advances like these. Even if you are willing to give up these modern conveniences, the car ahead of you in traffic may have them. If that car has a hacker slam on its brakes, you'll still get in a hacking-related accident.
I wish I could say there was a simple solution to all this because as cars get more modern, and more computerized, the opportunities to hack them will continue to grow. And it isn't just cars--with computers controlling everything from home heating and cooling systems to factories to nuclear reactors, not to mention the traffic light systems that tell cars where to go...well, malevolent hackers who really want to do harm have a lot of attractive options.
Then again, people who want to do harm always have a lot of attractive options. We didn't need to be reminded about this but we were anyway on Saturday, when a 28-year-old caused a huge explosion in the middle of Manhattan that thankfully didn't kill anyone--armed with a flip phone, a bunch of BB pellets and a pressure cooker.
Whether you're driving, internet browsing, or just sitting around minding your own business, complete safety is always an illusion. Meantime, Tesla deserves praise for the speed with which it dealt with this particular threat.