There is a plethora of technologies available to to prevent, as far as is reasonable, the access to safety critical domains from those that are more benign. Tesla took an alternative route, preferring to implement that separation in hardware, and unlike the technology in compromised Jeep, their approach was considered state-of-the-art at that time. But as subsequent attacks on Tesla vehicles suggested, although separation technologies offer an admirable line of defence, they are no “silver bullet”. The Keen Laboratories hacker team created a malicious Wi-Fi hotspot called ‘Tesla Guest’ to emulate the Wi-Fi at Tesla’s service centres. When a Tesla connected to the hotspot, the browser would push an infected website created by the hacker team. That provided a portal to access relatively trivial functions, but the more safety critical systems such as braking also fell under their control once they had replaced the gateway software with their own.
Tesla’s quick response was admirable, and the principle of separation is undoubtedly sound. But as their experience shows, it is only one part of the story. What is required, then, is a multi-faceted approach that will minimize the vulnerable attack surface, maximize the separation of the outward facing attack vector from the safety applications it serves, and ensure that application code and any operating systems it runs on are developed with security as a priority.