By Augustin Kurian
Until the late 2000s, electric cars had a reputation for being ugly and slow. This was until a small Silicon Valley startup decided to go ahead and not only challenge the thought but even change it. This was the story of Tesla Motors. The carmaker also promised to make a luxury electric sports car that could go more than 200 miles on a single charge. The result was the Tesla Roadster, a battery electric vehicle (BEV) sports car, high on adrenaline and even cybersecurity.
Roadster was followed by the Model S, a luxury sedan from the automaker with oodles of power under the hood. This was followed by the Model X which continues to be one of the fastest and futuristic SUV ever rolled on world’s tarmac. Then came along the baby sibling, the Model 3, a budget electric sedan for the masses.
It is not only Tesla’s story of making electric cars cool, but also the safety and security of these all-electric connected cars also stood out from the rest— even the ones who came much later to the party. In 2015, automaker Fiat Chrysler had to issue a recall for almost 1.4 million vehicles after researchers Charlie Miller and Chris Valasek of Wired demonstrated a wireless hack on Jeep Grand Cherokee, taking over the controls of the dashboard, steering wheel, powertrain, and even the brakes.
In 2016, while Tesla was showing off its technological prowess Nissan had to shut its proprietary app Nissan Connected EV for its Leaf line-up after it was found that hacker could access the cars’ climate control and other battery-operated features to drain the batteries.
Where every other manufacturer goes wrong?
At a time when cars have become computers on wheels, the situation isn’t all that rosy on the part of security. A study by Ponemon stated that nearly 30 percent of companies in the automotive segment does not have a proper cybersecurity team to handle its technology and security infrastructure, let alone secure smart cars. The state is so dire that many do not even engage a third-party vendor to secure the software in the connected cars.
The study also pointed out that nearly 63 percent of all vehicle manufacturers do not even test half of their software, hardware and other technology deployed in their vehicles. The study sampled 15,900 IT security practitioners and engineers in the automotive industry.
How Tesla does it differently?
According to several cybersecurity experts, Tesla cars are the toughest to hack. “Tesla is on the path to be the most secure car,” David Kennedy, the CEO of TrustedSec, told Tech Insider. “I don’t think that they’re there yet, but I think they’re definitely striving for it.”
He also opined how for Tesla, security is never an afterthought. According to him, Tesla has a newer approach because it is relatively a newer brand. From early this year the company also held its often redundant bug bounty program, which gave white hat hackers opportunities to hack the system of Tesla and take home a brand-new Tesla Model 3. The most recent one was the fifth year the company took a bug bounty program.
“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us,” David Lau, vice president of vehicle software at Tesla, said Monday in a statement. Alike technology companies, even Tesla marks its attendance at hacking conferences. For a car manufacturer, it is relatively a newer phenomenon.
Another reason why Tesla functions more like a technology firm is because Tesla is known to have its own operating system and is more on the lines of being an “iPhone on wheels,” where the company periodically pushes “over-the-air” updates to its customers’ car overnight – these include new features (like raising the ground clearance) and security updates.
It is also quite an obvious sight when Tesla goes out of its way to reward researchers who have found flaws with the cars. Most recently, a video surfaced online when Chinese researchers demonstrated a method by which they could remotely open the trunk, turn on the windshield wipers, and even apply the brakes in a new Model S.
The first thing Tesla did was to update its firmware and released an over-the-air software update within 10 days after the vulnerability was notified. The company also maintained that the risk to customers from the vulnerability was very low.
The company then did the most obvious thing you would expect Tesla to do. “We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research,” the company says in a statement.
Here is the thing: breaches, vulnerabilities, and cyber-attacks have grown exponentially. The automotive segment isn’t any different. In present-day cars, automobile design and architecture include several software and applications at the core–making it imperative for manufacturers to consider security by default–not as an afterthought. Automakers must understand that the first step toward securing their car must begin with making cybersecurity imperative, and eventually, they’ll catch up with Tesla.
Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.
