Cyber Attacks in Connected Cars - What Tesla Did Differently to Win

Today, connectivity is at the core of every product, including cars. Increasingly, cars are getting connected to smartphones that allow the user to do more with their cars even when they are not around them. A Gartner research estimates there will be 250 million connected cars on the road by 2020. As with any other technology, this mushrooming growth will lead to an increase in cyber attacks in connected cars which will be nothing short of a nightmare.

Today's cars, endowed with the power of technology, collect a lot of information about the car's running status health, driving data, etc. They are way "smarter" than their older versions. However, all these features come at a price when it comes to how easily hackers can break into car computer systems. If you think this is something to worry about in the future, let me tell you that we've already had a series of cyber attacks in connected cars in the last two years.

3 Recent Cyber Attacks in Connected Cars

Tesla hacked by Chinese hackers

A group of Chinese security researchers were able to hack a Tesla Model X, second time in a row since last year! The effect of the hack is that they found a way to turn on the brakes remotely and getting the doors and trunk to open and close while blinking the lights in time to music streamed from the car's radio — an effect they dubbed "the unauthorized Xmas show."

This was a complex hack through which they were able to remotely control the car via both Wi-Fi and a cellular connection. Well, the good part of this scary story is that Tesla successfully patched this issue within two weeks of being reported.

Ford Fusion and Toyota Prius Lose Control of their brakes

Charlie Miller and Chris Valasek, two engineers doing consulting work for the Pentagon's Defense Advanced Research Projects Agency, have displayed multiple times on how they've successfully managed to hack Ford and Toyota cars compromising its safety and Sync systems to gain access to safety features, brakes, cruise control, steering, parking assist and also the remote keyless entry system.

In 2015, Charlie Miller and Chris Valasek showed how they could remotely stop a car and disable its brakes when the car was going at a slow speed below five miles per hour. Last year, they managed to gain access to the car's steering and brake systems while in the car by accessing its electronic system.

Fiat Chrysler recalled 1.4 million cars that were hacked

The Jeep Cherokee is probably the only car that had to be recalled for a potential hack. 1.4 million cars including various models of the Dodge, Chrysler, and Jeep were recalled in a response to a potential hack that could affect the brakes, engine, steering, and other safety controls in the cars.

Why are Cyber Attacks in Connected Cars Increasing

‘Imagine the joy of the London Olympics souring if connected cars had driven into east London and ground to a halt,’ says Will Rockall of KPMG cyber security. ‘Vehicles transporting high-value goods could be hijacked remotely, or the fantastical notion of rich individuals being kidnapped or their vehicles caused to crash.’

All this might sound fictional or futuristic but this is real and true even today. The major reason behind this is consumers are becoming increasingly demanding in terms of digital features. Hence manufacturers have started adding communication systems, digital vehicle information systems, onboard Wi-Fi, car control using smartphone apps, etc. As these become more common in cars, the number of cyber attack vulnerabilities will only keep increasing, with serious implications.

How Is Tesla Winning the War Against Cyber Attacks in Connected Cars

Well, if you observed the three incidents we shared in this article you will observe that no manufacturer is safe. Hackers are always on the prowl and they will not leave any stone unturned. Having said that, as a business or a car manufacturer, you can still win and in this case, it was Tesla. The biggest reason being the fact that they found the security issue and patched it within two weeks and pushed a forced update to all of their cars. Compare that with the action taken by Chrysler who took months to release a patch and then shipped this on a USB flash drive to all their customers! How crazy is that! Imagine how many of those might not even reach people's mailboxes, so many of them would never remember to plug it in their cars. The range of issues just goes on. Eventually, they had to recall 1.4 million cars to get this issue fixed. Tesla turned out the winner just because of the way they handled this.

Three key characteristics for Tesla made them a winner (yes, you can still be a winner after being hacked):


The most important characteristic for any business to be able to win against hackers is to be aware of what could be the possibility. Most businesses are not even aware of their vulnerabilities. Using some standard security practices during the development stages can empower teams to be aware of the possible loopholes and figure out ways to either patch them quickly or make it difficult to break into.

Proactive Attitude

The second key characteristic of winners is a proactive attitude. Tesla has repeatedly issued statements that they will always reward hackers who report security vulnerabilities in their cars. Accepting your weakness and having a proactive attitude towards resolving it can only be seen in those who think long term and want to win. They've also launched bug bounty programs that reward hackers based on the issues they report.

Disaster Management

Let's face it. There's no such thing as fully secure. It is a constant race of cat and mouse between hackers and security experts. Thinking that you are not vulnerable is the worst mistake to make. The second big mistake to make is to believe that having a few security systems make you fully secure. It is necessary to have a disaster management mechanism which defines what would be the action plan in case of a security breach. That helps everyone be prepared for a worst-case scenario.

In conclusion, all we'd like to say is that consumers, businesses and security researchers need to work together to be able to fight cyber attacks in connected cars. We all desire these great digital features in our cars but no one wants it at the cost of safety. Even if you are not a car manufacturer, having the right attitude towards security will make you successful in the long run. Like a lot of people say today, the next world war, if at all, would be a cyber war. So, it's better you be prepared to face it.

Published on Sep 6, 2017
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now