DAVID GREENE, HOST:
If you own a late-model Jeep Cherokee, can't really blame you for feeling uneasy these days. After all, there was that article in Wired magazine last month. It described how a driver lost control of his Cherokee when two hackers remotely took over the car's computers. Now, in fairness to Jeep, hackers pose a threat to many cars as the industry turns its vehicles onto computers on wheels. NPR's Aarti Shahani tells us how one company, the electric car manufacturer Tesla, was hacked and responded in a pretty surprising way.
AARTI SHAHANI, BYLINE: Meet the two hackers.
KEVIN MAHAFFEY: Kevin Mahaffey, the CTO and founder of Lookout.
MARC ROGERS: I'm Marc Rogers, the principal security researcher at CloudFlare.
SHAHANI: We're in Las Vegas, in town for DefCon, a conference where hackers exchange tricks of the trade. These two were white hats, people who break into networks to look for flaws and get them fixed. Rogers begins to explain the Tesla hack.
ROGERS: So the Tesla has a cable for maintenance people to be able to access it and do things.
SHAHANI: That cable is hidden in a secret panel, to the left of the driver or under the touchscreen.
ROGERS: You have to pop it open.
SHAHANI: Find the cable, and plug it in.
ROGERS: It doesn't immediately give you access to anything. You have to do a few special things.
SHAHANI: As in poke holes in the software, and look for bugs. They found a view. The first gave them access to the car's network. The second got computers on the network to leak information, like..
ROGERS: How accounts hang together or maybe about how computers talk to each other.
SHAHANI: With a fuller picture of how things work, they were able to convince Tesla headquarters that their laptop was the car.
ROGERS: So then we spoke to Tesla as the car and essentially requested permission for more information.
SHAHANI: Tesla's networks handed over data. The hackers tore it apart, analyzed it and got administrative access to the car.
ROGERS: And once we had that foothold, we then took over all the computers in the car.
SHAHANI: Rogers and Mahaffey then built themselves a backdoor, a way to control from afar. And with that backdoor, they brought a real life Model S to a grinding halt. Listen to this recording they made.
Mahaffey got into the Model S and put on some music.
(SOUNDBITE OF MUSIC)
SHAHANI: He drove slowly through a parking lot until Rogers sent a command through his iPhone to shut down the car.
The Tesla stopped dead in its tracks - the stereo too. If you happen to own a Tesla, this might not be music to your ears. Two guys could break in and own it - hacker speak for take over. But the reason it's good news is because unlike other automakers, Tesla actually has a system in place to fix bugs, regular software updates.
JB STRAUBEL: This is something that sort of seemed like it was completely natural in the DNA of how you build a connected product.
SHAHANI: That's JB Straubel, Tesla cofounder and chief technology officer.
STRAUBEL: This is not a new concept in any way, shape or form.
SHAHANI: Not new for Tesla. The company does something called over-the-air updates, kind of like Apple does for iPhones. Every three months or so, every car gets a free software upgrade. No need to go to a mechanic for it. Straubel says the original intent wasn't security. That's more a nice side effect.
STRAUBEL: It was built to give people content that they wanted to use. And it's still the main function, whether that content is streaming music or streaming maps.
SHAHANI: The two hackers emailed Tesla about the bugs they found. Straubel and his team invited them in for a meeting and got details - better Tesla knows before the bad guys do. And by today, Tesla is sending over-the-air updates to all Model S customers with a patch. Aarti Shahani, NPR News, Las Vegas.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.