Several weeks, ago Tesla Motors Inc (NASDAQ:TSLA) suffered a black eye when a Chinese security team proved its Model S electric car could be remotely hacked. Just 10 days later, the Tesla security team responded with a software update. It turns out the release not only fixes the specific vulnerability, it makes hacking Tesla cars fundamentally more difficult going forward.
In a world where all automobiles are increasingly connected, software-controlled and under threat from malware and hackers, Tesla’s move turned an embarrassing incident into a selling point.
Tesla Security Compromised
The problem for TSLA began near the start of September when Chinese security researchers with Keen Security Lab revealed a critical vulnerability in Tesla security.
The team — part of China’s Tencent Holdings (OTCMKTS:TCEHY) — was able to seize control of a Model S remotely, regardless of whether it was in motion or parked. The researchers notified TSLA, which acknowledged the issue and began working on a fix. A blog post then urged Tesla customers to update their cars to the latest firmware, alerting them to the discovery.
The hack allowed the researchers to control multiple functions with the Model S, including opening and closing the sunroof, operating the door locks, turning on the windshield wipers, and most critically, take control of the braking system.
From 12 miles away!
Tesla Responds and Works to Prevent the Next Hack
The fact that Tesla worked with the researchers to verify and quickly patch the security vulnerability in the Model S is one thing. That’s been well-documented and is expected of a company whose products could literally have life-or-death consequences for its customers.
However, a detailed analysis of the Tesla Motors security firmware update by Wired revealed this is much more than just a patch to address the recent hack. Instead, TSLA has added a cryptographic key — or code signing — as a requirement for any firmware that attempts to reprogram key components in both the Model S and Model X. Only Tesla posses the cryptographic key.
As Wired points put, code-signing is popular in the PC and smartphone world. It’s the same technology that prevents iPhone owners from installing apps that weren’t downloaded through Apple Inc.’s (NASDAQ:AAPL) App Store. However, despite the increasingly computer-controlled nature of automobiles, manufacturers in that sector have been lax about implementing similar measures. Many have actually resisted it, because doing so would have ripple effects down their supply chain and to the service level. Without access to the cryptographic key, updating components wouldn’t be possible.
Turning a Hack into a Competitive Advantage
By implementing code signing as a part of Tesla security, the company goes further than addressing the reported hack. It also goes further than simply making the next hack much more difficult.
Because traditional auto manufacturers are reluctant to adopt code signing — despite the fact that many of their cars are subject to the same vulnerabilities the Model S had — TSLA gains another selling feature. Tesla not only sells premium, electric cars with state-of-the-art technology, it employs hardened security to prevent remote attacks the competition remains vulnerable to.
That’s making lemonade out of lemons.
As of this writing, Brad Moon did not hold a position in any of the aforementioned securities.