Tesla’s cars have computers on board, like all modern cars, which means that they are also vulnerable to hackers. Some white hats targeted Tesla recently, and they were able to take activate the windshield wipers and control the steering wheel via a gamepad, in addition to tricking Autopilot. CEO Elon Musk’s response? “Solid work.”
It’s more nuanced than you think. Hear us out.
Tencent Keen Security explained last week how it had discovered the flaws, with the windshield wipers coming on “improperly” in specific situations. More seriously, Tencent said it could control the steering system with a gamepad, “even when the Autopilot system is not activated by the driver.” And then there was this about lane recognition:
Lane Recognition Flaw
Tesla Autopilot recognises lanes and assists control by identifying road traffic markings. Based on the research, we proved that by placing interference stickers on the road, the Autopilot system will capture these information and make an abnormal judgement, which causes the vehicle to enter into the reverse lane.
Here’s a brief vid showing Tencent’s findings:
Musk took it all gamely, replying on Twitter.
Solid work by Keen, as usual
— Elon Musk (@elonmusk) April 1, 2019
Tesla also told Tencent that it had fixed the vulnerabilities in software updates.
Tesla’s feedback on Autowipers:
“This research was demonstrated by displaying an image on a TV that was placed directly in front of the windshield of a car. This is not a real-world situation that drivers would face, nor is it a safety or security issue. Additionally, as we state in our Owners’Manual, the ‘Auto setting [for our windshield wipers] is currently in BETA.’ A customer can also elect to use the manual windshield wiper setting at any time.”
Tesla’s feedback on Lane Recognition:
“In this demonstration the researchers adjusted the physical environment (e.g. placing tape on the road or altering lane lines) around the vehicle to make the car behave differently when Autopilot is in use. This is not a real-world concern given that a driver can easily override Autopilot at any time by using the steering wheel or brakes and should be prepared to do so at all times.”
Tesla’s feedback for the “Control Steering System with a Gamepad” Research：
“The primary vulnerability addressed in this report was fixed by Tesla through a robust security update in 2017, followed by another comprehensive security update in 2018, both of which we released before this group reported this research to us. In the many years that we have had cars on the road, we have never seen a single customer ever affected by any of the research in this report.”
This is a healthy back and forth, and no system is completely invulnerable, despite what companies may claim. It’s also not the first time Tencent has hacked Tesla. Tesla should be solving these things on its own—and its hubris (recently toned down) doesn’t help at all—but this is white hat hacking, meant to help.
White hat hacking is a legit industry, and Musk’s response is a fully professional one, in this context, the equivalent of a hat tip. It might seem glib at first glance, but this kind of (mostly) good faith hacking is common and largely good for the industry, a form of rigorous third-party testing. It can also be very profitable, since companies will pay to know about their vulnerabilities.
And the fact that a Tesla can be hacked isn’t really something to fret about. All computers, save the perpetually air-gapped that have had nothing ever plugged into them, can be hacked. Humanity has not yet created the perfect system with no possible exploits, and the market for zero day vulnerabilities can be tantalizingly huge. So it’s good that someone let Tesla know directly, rather than selling the information to someone who wanted to create a fleet of zombie Teslas.
What anyone would do with a fleet of zombie Teslas, we don’t know. But we’re not supervillains. Yet.
I’ve emailed Tesla to see if they want to add anything else, and will update this post if they respond.