Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Does Tesla have any anti "Hacking" software to prevent a hack on the car?

This site may earn commission on affiliate links.
Your question is a bit odd. Tesla has surely designed the Model S with security in mind, but with that being said, whatever Tesla has the capability to do from headquarters or you have the capability to do from your phone, it is possible a hacker could gain access to do the same. Security is a constant battle between trying to provide useful features in our ever increasingly connected world and trying to prevent unauthorized people from accessing those features.
 
Tesla likely has security measures in place that would notify Tesla and the owner of the vehicle immediately if someone was trying to hack into a Tesla. If this doesn't already exist, it should, and would likely be easy to implement. Perhaps something as simple as a weight sensor that makes sure the vehicle can't start unless a user specific password (and/or fingerprint?) is entered, if someone isn't in the seat, assuming it isn't already there? Anything can be hacked. A problem exists if it can be hacked without Tesla or the owner noticing.

This is what I would call the iPhone finger print sensor hack fallacy. When Apple added the fingerprint sensor, people said theifs would go around cutting off people's fingers, or would be able to steal someone's finger print from a cup or whatever and use it to break into their phone. :/ How many incidents of this have there been? Probably close to 0.

Even if someone could use sophisticated techniques to steal a Tesla, it is very likely they would get caught very quickly. If a person is intelligent enough to know how to break into a Tesla without being noticed and disable everything that would allow the vehicle to be found, why are they wasting their time stealing vehicles? Also, the vehicle would basically be worthless, since it could never be taken to a service center. Transferring ownership of a vehicle is not as simple as transferring ownership of a phone.

As for a hacker remotely deactivating a Tesla, I have to believe there are multiple layers of security in place that would make it impossible to do this, and that even if it could be done, Tesla would know it was happening well before it happened, giving them time to notify the owner, and prevent it.
 
Last edited:
If you're thinking along the lines of antivirus software for your car, that's not how these things work. There doesn't have to be a specific "anti hacking software" for it to be secure; the systems just have to be engineered to reject illicit commands.

"Exploits" are ways of bypassing validation in ways the software engineers didn't anticipate or prevent. Thorough and disciplined engineering, combined with review and patching, is what keeps them closed.

Tesla have a (currently) unique advantage here, as when security flaws are found they can deploy patches automatically (unlike Fiat/Chrysler and their now recalled Uconnect platform.)

However, there is some evidence of intrusion detection systems in the Model S; there have been reports here of people being called by Tesla after probing their car's internal network.

IDS generally suck in regular computer networks, but apparently they can work quite well in cars due to the high predictability of normal functions. It would make good sense for Tesla to use something like this to detect penetration attempts to better focus their own security hardening.
 
Not thinking about anything close to antivirus. Unless I'm mistaken, it shouldn't be possible to get "infected files" on a Tesla vehicle, unless you're tinkering with things you shouldn't be tinkering with, which is why it should be easy to detect any type of intrusion. This is one reason I have doubts there will ever be an App Store for Tesla, unless it requires extremely strict developer guidelines, that go well beyond what Apple requires.

I'm thinking about how Tesla is able to detect any activity with a vehicle, that would not be normal, in the same way Tesla can identify a problem/malfunction remotely, and instruct the driver what type of actions are necessary.
 
Last edited:
I found this article, for what it's worth:
Security researchers plan to reveal vulnerabilities in Tesla’s Model S at the Defcon hacking conference next month, according to Forbes. They haven’t given a hint about what weaknesses they’ve uncovered, but have apparently promised their talk will be “epic.” Tesla vehicles are among the most-connected cars out there; the company is known for doling out cool upgrades via software updates. Tesla Model S Digital Weaknesses To Be Exposed By Hackers Next Month - Forbes
 
Tesla likely has security measures in place that would notify Tesla and the owner of the vehicle immediately if someone was trying to hack into a Tesla. If this doesn't already exist, it should, and would likely be easy to implement. Perhaps something as simple as a weight sensor that makes sure the vehicle can't start unless a user specific password (and/or fingerprint?) is entered, if someone isn't in the seat, assuming it isn't already there? Anything can be hacked. A problem exists if it can be hacked without Tesla or the owner noticing.

This is what I would call the iPhone finger print sensor hack fallacy. When Apple added the fingerprint sensor, people said theifs would go around cutting off people's fingers, or would be able to steal someone's finger print from a cup or whatever and use it to break into their phone. :/ How many incidents of this have there been? Probably close to 0.

It isn't a fallacy, it has been proven that touchID could be bypassed and using the known (non harmful) methods has probably been done.

I never like mentioning this, but since it came up... The threat model is different. When you are talking about a small mobile device or something that can remain unlocked or needed for a short period of time you don't need to remove a finger. Removing a finger would change the classification of the crime and something most people can't stomach. Those that can stomach it aren't going to go after just your phone. If someone wants access to the phone they can use the known attacks, force them, knock them out, get them drunk, or something else that doesn't require permanent physical damage. All they need to do is get immediate access to a device that they can make sure stays unlocked as they run away with it. When you are talking about a car you might be able to do the same things, but it is harder or more noticeable. You would need a finger to be able to start the car and you can't keep it running indefinitely. If they add a pulse sensor to the scanner then instead of only physical harm you are adding in kidnapping and most likely physical harm. Also unless the information on the phone is very high value, which isn't in most people's case, the value of a phone is way lower than a $120k+ car. So IMO adding a fingerprint scanner to a car adds a lot more risk to drivers and shouldn't be done. That goes for any biometrics in cars. Most of the time when you see biometrics there are cameras and physical security (somewhere on location) present that can capture any wrong doing, but in a car you would never have that footage going to a remote location to assist in prosecution. Adding biometrics would be bad, adding biometrics that require a human to be present would be worse. As they say, never let them take you to a second location and I think more often than not that would be the case.
 
Reports I read this morning indicate that the supposed hacking requires the hacker to get physical access to your car and tinker with the devices. If that is true, that is quite lame and why is it even called hacking?
 
Reports I read this morning indicate that the supposed hacking requires the hacker to get physical access to your car and tinker with the devices. If that is true, that is quite lame and why is it even called hacking?

There was a webkit vulnerability that was remotely exploitable
http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

As someone that works in security I was bothered to hear that they don't sign their firmware. As advanced as the cars are a simple RSA verification should be easy to accomplish. Not having this means they have to rely on the security of their systems and VPN to keep the firmware safe. They aren't releasing weekly firmware updates so they don't need online signing and the overhead of signing in an air-gapped environment is minimal. With more self-driving functionality coming to the Model S, they really need to fix this because taking over a vehicle will have even more impact. Extreme requirements and strict compliance (PCI, WebTrust, SOX) are in place for other things and there should be strict requirements for online automotive updates as well.
 
from that article:


Regardless of the issues found with the Model S, he still considers it “the most secure car that we’ve seen.”

Correction: Though the researchers contended that Tesla does not sign its firmware updates, Tesla has informed WIRED that it does sign its updates. The story has been updated to reflect this.