Security experts from Chinese security firm Tencent Keen Security Lab announced on Twitter late Monday night that they had “pwned Tesla Model S remotely” by exploiting multiple flaws in the latest models running the most recent software.
Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks against a Tesla Model S P85 and 75D in a YouTube video once the vehicle is connected to malicious Wi-Fi and uses the car’s web browser. They showed how they could remotely take control of a Tesla’s brakes and apply the brakes from 12 miles away by compromising the CAN bus that controls many vehicle systems in the car.
The researchers were able to operate the door, dashboard screen, trunk, sunroof, lights, windshield wipers, wing mirror and chair – the latter being for any nefarious hacker wanting to make a passenger slightly more comfortable, against their will. Keen Security Lab’s attacks also appear to soft-brick the Tesla’s touch screen which controls much of the car’s functions.
“We have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode,” Keen writes in a blog post.
“We used an unmodified car with the latest firmware to demonstrate the attack.
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars.
“We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”
The Shenzhen, China-based hacking firm has withheld details of the world-first zero day attacks and privately disclosed the flaws to Tesla. Tesla said in a statement, “”Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”
“We engaged with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.”
The team has planned to release details of its hacks in coming days, Keen said on Twitter.