Chinese Hackers Seized Control of the Tesla Model S
But Tesla issued an over-the-air update to protect its cars before the hackers went public.
Tesla's ability to roll over-the-air updates out to its vehicles like they were iPhones is just one of the ways the company is redefining cars—but that advantage can also be a weakness. A group of Chinese hackers recently found a way to seize control of the Tesla Model S using the car's wireless network.
A group of researchers with the Keen Security Lab, a part of Chinese tech and media company Tencent, announced on Monday that they discovered the vulnerability after spending multiple months of "in-depth research" on Tesla vehicles. The group discovered that it was able to take control of the Tesla's Controller Area Network (CAN) bus, the system that allows the different pieces of hardware in the car to interact, when the car was connected to a hacked Wi-Fi hotspot.
Once the hackers remotely made their way into the Tesla's computer, they were able to control the car's infotainment and gauge cluster screens, move the car's power-operated seats, lock and unlock the doors, fold the mirrors, pop the trunk—and worst of all, engage the brakes while the car was rolling.
Unlike the cyber-criminals of the world who might use such information for evil, however, the Keen hackers went to Tesla with their discovery before going public. Tesla employees then confirmed the discovery was a real problem and went to work on a fix, rolling it out to all the afflicted cars in its fleet.
Tesla issued the following statement to The Verge:
"Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research."