Tesla Model S stopped by hackers, firmware fix rolled out

According to Wired, security analysts, Kevin Mahaffey and Marc Rogers, discovered this flaw and several others after two years of research into the Model S' architecture.

In order to stop the car completely, the pair plugged a laptop into a network access port located behind the Model S' dashboard. Using their physical access to the car's computer systems, they were able to install a remote access Trojan. With the trojan in place, they were then able to remotely stop the engine while another person was in control of the car.

The researchers say that the Model S deals with a sudden loss of engine power via one of two methods. If the initial speed is under 8km/h, the car engages the handbrake to bring the vehicle to a sudden, jarring halt.

At higher starting speeds, the car will instead shift into neutral, while the steering and brakes remain functional so that the driver could stop the car safely. In either case, even with the engine shut off, the car's airbags remain active.

Speaking to the magazine, Rogers praised the startup car maker: "This is a directly contrasting story to the Jeep story ... Tesla had actually thought about the ramifications about what might happen and had designed the car to handle it gracefully and be safe ... in such a way that catastrophic [failure] would not happen."

Rogers and Mahaffey also found a number of other bugs, including one which could enable remote access of the car if the driver visited a malicious website with the Model S' built-in web browser. The pair will present the findings of their study on Friday at the Def Con security conference in Las Vegas, Nevada.

The two have also been working closely with Tesla, and the car company has begun rolling out an over-the-air software update to fix the security flaws they found.

In email to Wired, a Tesla spokeswoman confirmed some details about the latest software upgrade: "Tesla has taken a number of different measures to address the effects of all six vulnerabilities reported by [Mahaffey and Rogers]. In particular, the path that the team used to achieve root (superuser) privileges on the infotainment system has been closed off at several different points. In particular, the browser has been further isolated from the rest of the infotainment system using several different layered methods."