Tesla has patched a security breach in the Model S that could have allowed someone to take control of a car remotely.
The breach was discovered by the Keen Security Lab of Tencent, which announced on Monday: “With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode.” It then reported the breach to Tesla.
The hack worked “provided the Tesla Model S was currently making use of its in-car web browser, and also physically close to and connected with a maliciously modified Wi-Fi hotspot,” TechCrunch reported. “When in motion, the exploit allowed the researchers to control the vehicle’s wiper blades, fold in the driver- and passenger-side rearview mirrors, open the trunk, and even bring the vehicle to a stop.” Tesla says that it has since fixed the problem and allowed owners to update their software.
Keen Security Lab posted a video showing exactly how the hack worked (with the note: “The researchers are experts, do not try what you see”). The video shows a remote user controlling the Model S’s sunroof, seat, and headlamps, opening the doors, and hacking into the car’s displays. In one portion of the video, hackers control parts of the car while it is actually in motion.
The most chilling security breach is shown in the last ninety seconds of the video, when the hackers control the car’s brake system and force it to stop — even though they are twelve miles away from the moving Model S.
In a statement provided by Tesla to TechCrunch, the company said:
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.