By Jaikumar Vijayan, Computerworld | August 26th, 2014
Electric carmaker Tesla Motors wants security researchers to hack its vehicles. The Silicon Valley based high-tech carmaker will hire up to 30 full-time hackers whose job will be to find and close vulnerabilities in the sophisticated firmware that controls its cars.
Electric carmaker Tesla Motors wants security researchers to hack its vehicles. In coming months, the Silicon Valley based high-tech carmaker will hire up to 30 full-time hackers whose job will be to find and close vulnerabilities in the sophisticated firmware that controls its cars.
“Our security team is focused on advancing technology to secure connected cars,” a company spokesman said via email. The focus is on “setting new standards for security and creating new capabilities for connected cars that don’t currently exist in the automotive industry. The positions are full time, and we will have internship opportunities as well.”
Tesla’s cars are among the most digitally connected vehicles in the industry with the battery, transmission, engine systems, climate control, door locks and entertainment systems remotely accessible via the Internet.
So the company has a lot at stake in ensuring that the connectivity that allows its vehicles to be remotely managed doesn’t also provide a gateway for malicious hackers.
Security researchers have already shown how malicious attackers can break into a car’s electronic control unit and take control of vital functions including navigation, braking and acceleration.
In 2013, two researchers at the Defense Advanced Research Projects Agency (DARPA) showed how they could take control of a vehicle through the controller area network (CAN) used by devices in a car to communicate with each other. The researchers showed how attackers could send different commands to a car and cause it to brake or accelerate suddenly or jerk its steering wheel in different directions.
In that study, the researchers needed physical access to the CAN bus to carry out the attack. However, researchers have noted that similar attacks can be carried out wirelessly by accessing the CAN bus through Bluetooth connections, compromised Android smartphones and vehicle tracking and navigation systems like OnStar.
Such concerns have begun gaining wider attention with the federal government’s plans to require all vehicle manufacturers in the U.S. to incorporate vehicle-to-vehicle (V2V) communications capabilities in all light vehicles over the next few years.
The goal is to have a standard in place that would allow vehicles to automatically exchange information, such as speed and location data, with each other, with a view to avoiding collisions.
In a notice in the Federal Register this week, the National Highway Safety Traffic Administration (NHSTA) said it was seeking comments on the privacy and security implications of V2V technology.
“Some crash warning V2V applications, like Intersection Movement Assist (IMA) and Left Turn Assist (LTA), rely on V2V-based messages to obtain information to detect and then warn drivers of possible safety risks in situations where other technologies have less capability,” the agency noted.