Hackers say the Tesla nightmare in Netflix's 'Leave the World Behind' could really happen


David Colombo, who found a way to remotely control features on 25 Teslas around the world in 2022, agreed that the over-the-air updates are a potential weakness for Tesla security. — Bloomberg

Netflix's hit streaming movie Leave the World Behind has its share of outlandish, apocalyptic mayhem. But it turns out that one of the movie's most bizarre scenes might actually be possible.

The chart-topping film centres around the Sandford and Scott families, who find themselves sharing a country house outside of New York City. As surreal events befall the group (and society at large), a sense of paranoid distrust steadily grows. Around the one-hour mark, just after "Death to America" pamphlets rain from the sky, the Sandfords decide they'll take their chances with fleeing their vacation home via the expressway to New Jersey.

But they find both lanes blocked - with dozens of smashed-up white Tesla Model 3s. Amanda Sandford, played by Julia Roberts, climbs out of the family Jeep and slowly walks into the mess of banged-up cars and broken glass.

As another vehicle approaches from behind, Amanda notices that the sales sticker on one of the cars includes a dubious but familiar Tesla sales point: "Full Self-Driving Safety Features," it says, "Navigate on Autopilot: automatic driving."

Amanda realises that the oncoming car is going to crash into her Jeep, then books it back to her vehicle, imploring her husband to dive in. She spins the car away and barely avoids the oncoming Tesla, which crashes violently into the wrecked cars she'd just been examining. Six more brand-new Teslas follow, all empty, all speeding, all barely avoided by a swerving Sandford family - and each one crashes mightily into the two-lane jam of wrecked cars.

It's a high-intensity, startling scene, even in the thriller context. It also feels plausible, perhaps especially to San Franciscans who've seen Waymo and Cruise vehicles zipping around the city without drivers for the past few years. But could this actually happen, with Teslas? Hacking experts told SFGATE it'd be incredibly difficult to pull off - but never impossible.

Renaud Feil and David Berard work for the French cybersecurity company Synacktiv; they won US$350,000 (RM1.6mil) at a March conference co-sponsored by Tesla, by showing off ways to hack into a Tesla's entertainment center and its energy management system.

Asked about the Leave the World Behind scene over email, Feil and Berard said, "It's a difficult hack to perform, but it can't be ruled out as impossible." They added that a "rogue Tesla employee" might have the best chance at pulling it off, "and if an employee can do it, a hacker who gained access to the credentials of a Tesla employee could do it as well. No system is fully secured."

Tesla's over-the-air updates, they said, are a "two-sided coin." On one hand, they let the Tesla team send regular security patches and erase vulnerabilities before hackers notice them. Plus, the company's security progress has been impressive in recent years, they said. However, the constant software connection makes cars vulnerable to a well-constructed, large-scale attack - hackers or rogue employees could remove safety features en masse.

David Colombo, who found a way to remotely control features on 25 Teslas around the world in 2022, agreed that the over-the-air updates are a potential weakness for Tesla security. If someone somehow injected malicious firmware in one of the updates, he said, it could spread quietly across the fleet - much like the SolarWinds hack in 2020.

The more salient Tesla-specific feature might be "Smart Summon," which lets owners order an empty car to pick them up in a parking lot or private area. Because high-end Tesla models already have the tech to drive without a passenger, it'd require fewer exploits to turn a fleet into a rampaging horde. Still, it'd be extremely difficult. X user @greentheonly, who has posted about Tesla design and security for years, told SFGATE over email that a hacker would need control of Tesla's servers, over-the-air updates and more - and "the more steps you need, the less likely is the combination for an external attacker."

It turns out, Tesla CEO Elon Musk has made remarks that prefigure Leave the World Behind. He likened a Tesla car to a "laptop on wheels" onstage at a 2017 meeting of the National Governors Association, and said Tesla has engineered its cars' powertrains and braking systems to have their own separate security encryptions.

"I think one of the biggest risks for autonomous vehicles is somebody achieving a fleet-wide hack," he said. "In principle, if somebody was able to hack, say, all of the autonomous Teslas, they could say, I mean just as a prank, they could say, 'Send 'em all to Rhode Island.'

"That would be the end of Tesla," he joked. – SFGate, San Francisco/Tribune News Service

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

The sky's the limit for Bluesky
Two decades of Nintendo's top-selling DS console
ChatGPT's Advanced Voice Mode is coming to web browsers
Elon Musk blasts Australia's planned ban on social media for children
Bitcoin's wild ride toward $100,000
OpenAI considers taking on Google with browser, the Information reports
One tech tip: How to get started with Bluesky
FCC proposes fining Chinese video doorbell manufacturer after security concerns raised
Snap seeks to dismiss New Mexico lawsuit over child safety
Crypto industry jockeys for seats at Trump's promised council

Others Also Read