I’d hate to be labeled a “car guy” now mentioning my new electric car in the lede of two newsletters in a row, but I couldn’t resist.
I’d been reading headlines for years about how electric cars (most notably Tesla) were vulnerable to a range of security vulnerabilities, even some that could allow bad actors to steal the car if they were close enough to the car’s keys. While I don’t own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars.
I’ve bemoaned before about everything being “smart” now, but there’s no escaping it if you want to convert to an electric vehicle. They’re all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor public charging stations and communicate with the dealer about any electrical failures.
A whole new slew of electric car-related vulnerabilities came out last week thanks to the Pwn2Own hacking event in Tokyo as part of the Automotive World conference. Car and charging companies were offering a combined $1 million in bug bounty payments for researchers who could find security vulnerabilities in a range of cars and electric car-related products like home chargers.
In all, researchers discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system. Other vulnerabilities were discovered in electric vulnerable hacks whether matters world
