Hackers remotely controlled: brakes, door locks, mirrors, seat and sunroof then passed findings to the manufacturer.
Car hacked while on the move
A Tesla Model S P85 has been hacked by scientists miles away and forced to brake, Keen Security Lab claimed. It was not a malicious act, however. The lab in China – which conducted various experiments and recorded its efforts on video – later passed its findings to the manufacturer to help eliminate the vulnerabilities.
Furthermore, scientists in the vehicle took control of various other systems via a laptop computer. They switched on the windscreen wipers, activated the windscreen washers, folded the off-side mirror when the driver indicated and opened the tailgate. Opening the tailgate enabled an item on the parcel shelf to escape.
Cars hacked while parked
The Model S P85 proved vulnerable when parked, too. Scientists opened the sunroof, switched on the indicators and moved the electric seat – all remotely from a distance. A Model S 75D also fell victim. The scientists remotely unlocked its doors and instructed screens in the cabin to show the Keen Security Lab logo.
Multiple vehicles vulnerable
The company blog said: “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.” Scientists told owners: “Update the firmware of your Tesla car to the latest version to ensure that the issues are fixed and avoid potential safety risks”.
Keen Security Lab Director, Samuel Lv, said: “The car has been indispensable in your daily life. In the next few years, a large number of connected cars will appear on the road. Will there be security issues after cars connect to the internet?”, he pondered.
Area of weakness
The Controller Area Network – or CAN bus – enabled the scientists to take control. CAN bus is a concept that helps computers in vehicles interface with external devices such as smartphones. The lab's video suggested that vehicles have to load a web browser to (say) search for the location of a charge station to be vulnerable.
Security improved to prevent repetition
Tesla took steps to make its software more secure. Keen Security Lab said it: “Appreciates the proactive attitude and efforts of Tesla Security Team, lead by Chris Evans, on responding to our vulnerability report and taking actions to fix issues efficiently”.
The motor manufacturer explained: “The issue demonstrated is only triggered when the web browser is used - and also required the car to be physically near to, and connected to, a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”