Chinese researchers from Keen Security Lab of Tencent announced that they could chain multiple vulnerabilities together, which allowed them to remotely hack the Tesla Model S P85 and 75D from as far as 12 miles away.
The researchers said:
As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.
The researchers released video proof of remotely hacking the Tesla vehicles while they were parked and while they were being driven. The attacks were carried out on unmodified Tesla cars that had the latest firmware version.
If you have eight minutes to spare, I highly recommend you watch it.
As the researchers stated, the remote hacks likely work on all Tesla models, but on the parked Model S P85, the researchers remotely opened the sunroof, turned on the turn signal, and changed the position of the driver’s seat.
But then Samuel Lv, director of Keen Security Lab, brought in a “brand-new Tesla Model S 75D” to see what the hackers could do.
For starters, the researchers locked the touchscreen controls to show a message proving the Tesla was pwned by Keen Security. Then they removed the keys from the parked 75D from the immediate area and instead used a laptop to remotely unlock the door.
Then the researchers remotely hacked the car while it was being driven. While the Tesla was moving, the researchers controlled the windshield wipers, popped open the trunk and changed the position of the side view mirrors. This was done by researcher Sen Nie with a laptop via the passenger seat.
To prove the brakes could be remotely controlled, the researchers had a colleague in an office about 12 miles away hit the brakes while the Tesla was being driven.
Tesla has closed the security holes, and the researchers urged Tesla owners to update to the latest firmware immediately to “avoid potential driving safety risks.”
Tesla has released the following statement:
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engaged with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.