An assessment from the research department of Check Point
By Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software
Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software Technologies
The reports about David Colombo, a young German hacker, shake the automotive industry and cause a stir. According to his own statement, he managed to crack a number of Tesla vehicles. This causes fear, because what happens if our vehicle is taken over by a stranger while we are driving at over 100 kilometers per hour? If you take a closer look at this case, it is not as threatening as it seems, but it is still worth our full attention.
One thing is certain: Colombo was not able to control a vehicle while driving. He claimed that he was able to control some peripheral devices on 25 poorly maintained Tesla vehicles, such as the volume of the radio, the windows and the lighting. He reported his findings to Tesla, where the case is now being investigated. Colombo also said that it was not an inherent vulnerability of Tesla, and therefore car owners should be able to prevent unauthorized access. I would question this conclusion. Can we really expect drivers to be able to handle the software configuration of a complex and technically sophisticated product like this connected car?
Cars must be factory safe and meet the highest standards. It should be impossible for the driver to accidentally, through an act or inaction, allow a perhaps dangerous remote access to his vehicle. Nevertheless, I expect that the users of these cars will have to take on a certain responsibility for the IT security of their vehicles in the future. If – and hopefully this will not happen – a hacker takes control of your car and you have an accident, it would not matter to you who is to blame for the fact that your car is not secured. Instead, they would do everything in their power to prevent this from happening in the future.
Of course, we expect manufacturers in particular to offer a completely safe vehicle. However, our experience in the field of IT security shows that this cannot be guaranteed one hundred percent. Just as we have to protect our laptops and phones consciously, we will probably also have to take action ourselves to ensure that our cars are protected against hackers. After all, our own life and that of our family could be in danger and then we even want to have a certain degree of personal control.