In a high-stakes event like the Pwn2Own Hacking Competition, hackers from Synacktiv seized the opportunity to reveal cybersecurity vulnerabilities in Tesla’s Model 3.
Tesla was surprisingly a willing participant in this test to uncover the extent of modern car vulnerabilities. The results were telling: while Tesla’s Model 3 showcased certain vulnerabilities, it underscored a broader issue—modern cars, including Teslas, are generally susceptible to hacking.
Synacktiv managed to compromise the Model 3’s infotainment system via Bluetooth, gaining access to the highest level of internal code. With the exception of the Autopilot system, virtually every other aspect was vulnerable to remote disruption. While these disruptions may seem minor in terms of road safety, they set a worrying precedent for the future of connected cars. Although Tesla’s willingness to participate should be commended for advancing automotive cybersecurity awareness, the company has faced privacy breaches and lawsuits related to data security, raising concerns among consumers.
The expanding complexity of vehicles, transitioning from traditional mechanical systems to intricate electrical systems, raises new cybersecurity considerations. As technology continues to evolve, cybersecurity is becoming a defining factor for the auto industry. Dustin Childs, Head of Threat Awareness at Trend Micro, predicts significant developments in automotive security in the next five to ten years. While consumers should not panic about these issues, Childs emphasizes that cybersecurity will play a crucial role as manufacturers introduce new infotainment and tech features at a rapid pace.
One of the primary concerns is the potential for malicious actors to disrupt vehicle movement, particularly as vehicles increasingly feature advanced driver-assistance systems and semi-autonomous capabilities. The shift from hydraulically connected controls to computer-operated drive-by-wire systems could make vehicles more vulnerable to remote attacks. Navigation system infiltration also poses risks, including stalking and targeted theft. Moreover, personal data and information are constantly at risk in connected vehicles.
There are also gray-area reasons for hacking vehicle infotainment systems, such as bypassing subscription-based features or enabling custom functions. These virtual intrusions present challenges for automakers striving to create secure vehicles that are both mechanically and technologically sound.
Childs highlights that external connections like Bluetooth, WiFi, and charging ports are often the entry points for infiltrations. Ensuring that the right systems communicate correctly and preventing unauthorized access is crucial.
While manufacturers are taking cybersecurity seriously and employing dedicated teams, it’s a complex problem with no easy solution. As technology advances and vehicles become more connected, the importance of cybersecurity will continue to grow. The National Highway Traffic Safety Administration (NHTSA) has already recorded cybersecurity recalls affecting millions of vehicles, and the agency has issued guidelines for automotive cybersecurity best practices.
Despite the challenges, automakers are rolling out personalized tech features to remain competitive. However, these features may also present entry points for hackers. Childs encourages consumers not to be deterred by fear but to remain vigilant and aware of the evolving landscape of automotive cybersecurity. The profitability of cyberattacks on cars remains limited at present, but as technology evolves, the threat may become more significant.