According to new research uncovered by security specialists, Pen Test Partners, who were investigating the systems within Tesla vehicles, found that if hackers could attach an ELM327 Bluetooth module to the interface, they would have the ability to analyse the traffic and read CAN messages. If left in, a hacker could also potentially shut the car down.
Experts Comments:
Martin Jartelius, CSO at Outpost24:
“Firstly, not only car manufacturers but all manufacturers should ensure that they address security – the more critical the asset the more important this is.
Electric cars are – compared to equally equipped cars – not more exposed. But compared to an older car with no computers at all, we have moved away from being in a state of actually being unhackable. Those obviously had their own problems. Of course, a fully equipped modern car with a range of different vendors involved in the manufacture of complex digital components also adds more risk.
For end users, the only thing you can do is make the choice of a vendor you expect to be around for a few years, who have a decent policy for providing updates for a long period of time. It would be worthless to have a car you can no longer drive due to a lack of future critical patches.”
Hugo van den Toorn, Manager Offensive Security at Outpost24:
“These kinds of attacks will – as far as I have seen – all require physical access to the vehicle or the keys. This makes car hacking something in line with physical theft/break-in in a car. I don’t think security should be only something for car manufacturers to be considered, but for any manufacturer. Especially when creating something ‘smart’, such as self-driving cars, smart appliances and other technology closely integrated into our daily (physical) lives.”
“Any car is prone to these attacks. But certainly smart (like most electric) cars are certainly a more appealing and interesting attack platform for hackers.”
“Lock them, keep the keys inside on a safe distance from the front door to prevent cloning/relaying attacks and make sure to remove any suspicious hardware sticking out of your car.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.