Hackers Gain Control of Tesla EVs

Two cybersecurity experts say they discovered six "significant" flaws that could allow a hacker to take control of a Tesla Model S electric sedan, the Financial Times reports.

One of the vulnerabilities enabled a hacker to turn off the car's powertrain. Tesla says it issued a software patch that Model S owners could download today to fix the problems.

The "white hat" Tesla hackers are Kevin Mahaffey, chief technology offer for Lookout Inc., and Marc Rogers, principal security researcher at CloudFlare Inc. They reported their work this week during Def Con, the cybersecurity conference in Las Vegas.

Unlike last month's wireless hack of a Jeep Cherokee SUV, the Model S attack was possible only if the hacker had prior physical access to the car. Mahaffey and Rogers say they first had to connect to the vehicle's controls through an ethernet cable. They were then able to access the car's control system wirelessly.

After gaining access to the Tesla's electronic controls, the hackers could black out the car's huge control screen, raise and lower the windows, lock and unlock the doors and trick the speedometer into indicating the wrong speed.

Mahaffey and Rogers say they also could shut down the powertrain and apply the parking brake at speeds up to 5 mph. At higher speeds, they were still able to cut power to the Model S's propulsion motor but couldn't activate the brake. The car automatically shifted into neutral, enabling the driver to coast to a stop.

The researchers say they decided to test the Tesla because the company is relatively sophisticated in the auto industry about software. They also praised the company's ability to wirelessly download security patches, a capability they say all carmakers should add.