During a recent webinar hosted in partnership with TechSolent we discussed the cyber security concerns within the maritime sector, specifically relating to operational technology (OT). It was raised that if connected cars can be hacked via their OT, why can’t ships? Many of the attendees shared a light bulb moment as they processed the truth and simplicity of the point; that cyber criminals could effectively take over anything connected via its OT. At the end of the webinar, there were even a few (nervous) jokes about driving home safely in their connected cars.
The very next morning a top story in the cyber press: Tesla was hacked twice at Pwn2Own Exploit Contest.
The fact that Tesla’s newest electric car was successfully hacked has generated some scare stories in the wider press, with headlines such as “Tesla cybersecurity measures fail” and “Tesla gets hacked”.
However, Tesla have taken a brave step in being transparent and authentic about their technology.
At a time when many car manufacturers hide details of their tech systems, Tesla took a wildly different approach – they sponsored a hacking contest, inviting the best in the world to find cyber security vulnerabilities in their newest model and its OT systems.
They gave the ethical hackers deep access into subsystems controlling the vehicle’s safety and other components, and in less than two minute hackers were able to open the front trunk or door of a Tesla Model 3 while the car was in motion. They were also able to break into Tesla’s infotainment system and from there gain access to other subsystems
What a great way to test security pre-launch. With cyber vulnerabilities identified via ethical hacking, Tesla are now planning to issue fixes to their OT.
Not only is that a smart way of testing new tech, Tesla’s open and honest approach demonstrates how seriously they take cyber security, instilling brand confidence with consumers and reinforcing the message that they go above and beyond the norm to ensure their vehicles are as secure as they possibly can be.
Kudos to Tesla. Hopefully other manufacturers in the automotive sector will follow suit to make connected cars more resistant to car hacking, and safer for both owners and road users.
Here at Infosec Partners we provide a range of cyber testing services, including penetration testing, where we break in to your system, testing how good your defences are against intruders and working with you to close those gaps. Get in touch if you would like more information.