Staying secure with connected cars

From entertainment systems to tyre sensors, modern cars contain a multitude of potential security vulnerabilities. Ben McCluskey looks at how Tesla’s aggressive approach could point the way for other car manufacturers. 


As a tech-first company from Silicon Valley, the concept of ‘Agile’ software development is baked into Tesla’s DNA. Optimising security is part and parcel of the concept. The fundamental principle of Agile is quick delivery of a product that meets the customers’ needs. The product launch is then followed by regular updates containing ‘nice-to-have’ features and bug fixes.

A good example of agile in practice is the Tesla version 8.0 software, rolled out last autumn. This delivered over 200 new features, including temperature monitoring, a new media player and autopilot improvements. The car is no longer a product, it’s an ever-improving service.

Whilst Elon Musk’s brainchild may be evolving quickly it isn’t perfect. Back in September 2016, a research team at Chinese IT firm Tencent hacked into the braking systems of a Tesla Model S using its WiFi connection. However, unlike the uncertainty Fiat Chrysler showed in the wake of 2015’s infamous Jeep hack, Tesla’s over-the-air fix was logical and came within weeks of Tencent cracking the Model S.

So, how has this new breed of tech-led manufacturer improved car security? And in what areas does the entire industry still need to improve according to the specialists?

Third-party collaboration

“Tesla was the first company to realise the value of collaborating with third-party researchers,” said Josh Corman, a founder of I Am the Cavalry, a security non-profit that developed the 5 Star Safety Framework outlining critical capabilities the industry needs to move forward. “Collaboration is key because it increases the volume and variety of problems the manufacturer didn’t (and perhaps couldn’t) catch themselves. This informs and instructs better design principles.” Since the Palo Alto manufacturer launched its coordinated vulnerability disclosure programme, General Motors and Fiat Chrysler Automobiles have followed suit. It’s a big step in the right direction, but more manufacturers must follow suit.

See original article.