It's time for Battlestar Tesla.
With the first-ever reports of hackers exploiting security vulnerabilities in Tesla's electric cars -- demonstrating the ability to remotely manipulate brakes, door locks and displays -- the car company's engineers could learn a lesson from the fictional "Battlestar Galactica."
In the franchise's 2003 reboot -- which kicked off with intelligent machines almost wiping the human race out of existence -- the titular battlestar was the only human military ship to survive because it did not have networked computers and wasn't susceptible to a remotely activated virus that rendered every other battleship helpless.
Tesla's a company built on technological innovation, and networking is in its DNA. It released its first car -- a muscular and beautiful $90,000 roadster that could hit 60 mph in less than four seconds -- in 2011, a time when electric cars were awkward-looking boxes with poor range and the acceleration of a farm tractor.
Tesla improved the batteries that powered the company's cars, and today the Model S has a range up to 310 miles, which can get its drivers further than a full tank can get most gas-powered cars.
Tesla is well-known for treating its cars like computer hardware, issuing software patches through network connections and squeezing more performance out of its vehicles by tweaking lines of code.
But perhaps it's time to take some of those systems offline -- and keep them offline -- to ensure driver safety and reassure owners they're not going to be stopped dead on a highway's fast lane with a train of cars doing 75 mph bearing down on them.
On Sept. 19, researchers from a Chinese technology company revealed security vulnerabilities in Tesla's software that can allow hackers to gain control of several Tesla systems while the car is parked or driving (video below). In addition to controlling the brakes, which is the most potentially deadly hack, the researchers demonstrated how they could remotely manipulate the car's trunk, dashboard display systems, sunroof and door locks.
The video posted by the researchers from Keen Security Lab show them using a laptop to remotely activate the car's wipers, move the driver's seat, reposition side view mirrors and unlock the car.
“We have verified the attack vector on multiple varieties of Tesla Model S," the researchers wrote. "It is reasonable to assume that other Tesla models are affected.”
Tesla, which is security-conscious for obvious reasons, runs a "bug bounty program" that gives up to $10,000 to white-hat hackers who find and report vulnerabilities. The Chinese researchers informed the car company of the vulnerabilities through that bounty program, reports PC World, helping the company and earning some money for their efforts.
It took a day for Tesla to patch the vulnerabilities.
“Our realistic estimate is that the risk to our customers was very low,” a Tesla spokesperson wrote in a statement on Sept. 20. “But this did not stop us from responding quickly."
But as any security expert would attest, no system is impervious to successful attacks, no matter how well-designed.
Tesla is still recovering from the bad press it received when a man using the Model S autopilot feature was killed on May 6. There were complicating factors -- the man was watching a movie and wasn't paying attention to the road, witnesses told The Guardian. But the Model S's sensors failed, according to the company, and didn't properly register a semitrailer until it was too late to avoid a collision.
Stories like that can kill technology in its infancy by making people even more reluctant to trust it, no matter how safe the statistics say the tech is. If a hacker gets a driver killed by remotely activating a Tesla's braking system, the results could be catastrophic.
Casey Ellis, who runs the bug-bounty company that counts Tesla as one of its clients, said he was amazed at how quickly the car company fixed the vulnerabilities the Chinese researchers discovered.
"The over-the-air fixes means the risk from these vulnerabilities has been reduced to pretty close to zero across the user base," Ellis said.
Maybe this time. But there's no guarantee the next flaw will be discovered by benevolent researchers, and the wrong person could do enormous damage with security vulnerabilities that allow them to remotely manipulate a car.
Tesla can limit that potential damage by shutting down network access to critical systems like brakes while its cars are moving. It can work on solutions that could isolate functions like door locks and windshield wipers so they're responsive only to the driver.
And if securing its cars means sacrificing a handful of features, that's still better than being responsible for lost lives and the resulting fallout.