Tesla has always prided itself on being one of the top automakers when it comes to the manufacturing of electric vehicles. Tesla’s trump card is the robust hardware that comes packed in with a constantly-evolving software package. The Californian electric vehicle giant is constantly making progress in not only the electric mobility sector but also the autonomous driving industry as well. While the features that they have brought in have been quite impressive, the question remains whether over-reliance on technology is too risky or not, especially in a field as crucial as automobiles.
Story Of Hacker Who Gained Access To Tesla’s Entire Fleet, Reported to Tesla Which Earned Him $50,000
A bizarre bit of news from 2017 surfaced a few days ago in a report, where a white hat hacker apparently managed to detect a huge vulnerability in the software of the entire Tesla fleet and brought it to the notice of the Tesla head of software security. As part of Tesla’s bug bounty program, the hacker received as much as $50,000, which is way higher than Tesla normally pays.
The Jason Hughes Story
Jason Hughes used to work as a white hat, i.e, an ethical hacker, and was well known in the Tesla root access community by his pseudonym WK057, as part of a group that would try to hack their own Tesla cars. He used his knowledge to tinker with Tesla vehicles and build off-the-grid energy storage systems and electric conversion kits. He made a business out of this hobby, by selling Tesla spare parts and building controllers of his own.
Tesla has a bug reporting system which awards points to ethical hackers who bring software vulnerabilities to their notice, and these points can be encashed by the hackers. It is a neat system where hackers use their skills to eventually help out the company in exchange for monetary benefit. Using his skills of tinkering with the software, Hughes would then point out small bugs in exchange for some extra money on the side.
He started out by hacking into the database of Tesla vehicles to get into the Supercharger network, and it gave him accurate data regarding how many chargers were currently available to be used at every Supercharger across the globe. He shared this data on the Tesla Motors Club forum, and within 20 minutes, he was on a call with the Tesla head of software security and head of the Supercharger network. Since this data was technically accessible only through the Tesla vehicles, the two Tesla employees persuaded Hughes not to share the data, which he agreed to. He went on to report this bug through Tesla’s bug report program and got himself a neat little bounty of $5,000.
Now, with more experience of working with Tesla servers and the knowledge that their software wasn’t entirely secure, Hughes started hunting for more such bug bounties. He started finding small bugs here and there, and after digging deeper, he realized that there could be a link between these bugs. The official white hat term for this is a ‘bug chain’. By understanding the links between these bugs, Hughes went about exploring, gaining access to more and more data. During one such “bug-hunt”, he came across a repository of server images on the network, one of which was the Mothership.
The ‘Mothership’ is the name of Tesla’s home server, through which they communicate with their entire fleet of automobiles. Many times, Tesla uses the data from the autonomous features of one car and then uploads it to the main server so that all vehicles can access it. That way, a car can be ready to be self-driven in an environment it has never explored before, by using data from other Tesla cars in that environment. It’s an ingenious system, and one of Tesla’s important features, but it also means that gaining access to the Mothership pretty much gives you a fair bit of control over the entire Tesla fleet. And that is exactly what Hughes had managed to get.
By downloading and dissecting data from the repository, he was able to reach a developer network connection by using his own Tesla’s VPN. Now, he could send commands to any Tesla vehicle, and it would seem like the commands were sent by the Mothership. He just required any particular car’s VIN number, and he could gain access to data such as exact location, battery state, and many other things.
This is when Hughes realized that he had struck gold. He compiled a bug report, and since he was in contact with the head of software security, Aaron Sigel, he emailed the report to him directly.
For a few moments after that, panic ensued among the Tesla software security team, following which, Sigel contacted Hughes immediately. Back then, Tesla vehicles did not have an entire set of autonomous features as they do now. The one major feature they did have was the Summon, which allowed the driver to move his/her car a few feet back and forth. This feature was later upgraded to Smart Summon, where you could autonomously get your car out of a tight parking space.
While talking to Hughes on the phone, Sigel gave him the VIN number of the Tesla closest to him at the time. Using that, Hughes, who was sitting in his home in North Carolina, remotely-accessed the vehicle which was in California, and ‘summoned’ it.
Following this, Tesla rewarded Hughes with a special bounty of $50,000, which was an unprecedented amount for a bug report at the time.
Tesla proceeded to use Hughes’ data to secure this vulnerability, and also patched the bug chain that he had started from.
This is quite an incredible incident. To think that a man sitting across the country would have access to your car, and could control its autonomous features is quite crazy. Considering the fact that Tesla now has a host of new features like the Navigate and Autosteer+ which lets you safely drive your car without intervention from the driver, this kind of hacking definitely asks a lot of questions about software security. Tesla has taken a lot of effort with its software security ever since this episode, and they have ensured that they have a robust system in place now. But if a person manages to find a bug as Hughes did, he could gain access to a whole fleet of vehicles with full self-driving capabilities.