What the CTO of Lookout did, is the nightmare of every car owner: he "stole" the remote control of an intelligent car. Why and how, Kevin Mahaffey told at the CeBIT Global Conferences.
A few months ago a Jeep model was hacked, so the company had to recall 1.4 million cars. When Kevin Mahaffey, with his research partner Marc Rogers, managed to hack the Tesla Model S, Tesla sent an update that fixed most of the serious vulnerabilities less than one week later.
The good news: the "white hat hackers" could deliver on the Center Stage of the CeBIT Global Conferences. The bad news: Yes, Smart Cars can actually be taken over by clever hackers and be controlled from a distance.
"We chose Tesla because it comes closest to how cars will look in the near future", Kevin Mahaffey said. "Tesla is not a car anymore, it is a server park on wheels." With his spectacular hack he had adhered strictly to ethical guidelines that should prevent bystanders coming to harm.
In fact, the hackers realized that the Tesla was exceptionally well protected - but still it had vulnerable points. To find them, the hacker first had to take the car apart, so they could see the technology it used.
"We found among other things a USB port, two memory cards and a mysterious unknown port which later turned out to be an Ethernet," Mahaffey said. This enabled the hackers to hijack the firmware of the car during an update process. Finally, they could actually bring the Tesla remotely to a halt.
"We have learned a lot from this hack," Kevin Mahaffey said. "Among other things, that you should build several safety systems not only one." If you only restrict external access, a hacker could do everything as soon as he had overcome this safety barrier. So one must separate the individual systems in a networked car like, for example, on an airplane, where the entertainment system is separate from the flight controls.
The best reaction to the "white hackers" came from Tesla themselves: The company urged the hacker scene to continue trying to hijack the car. Because the only way to get better and develop a really secure Smart Car is to have the hackers continuing their business. On the other hand, other automakers are eager to prohibit any attempts to hack Smart Cars, said Kevin Mahaffey.