September 20, 2016 by

Tesla Releases Patch after Hackers Remotely Hijack Moving Car

Tesla has rushed to release a patch within 10 days of Chinese white hat hackers’ (security researchers) discovery of vulnerabilities within the Model S’ control system that allowed for an intruder to remotely breach the system.

Chinese security researchers have successfully demonstrated their hacking prowess by remotely connecting to a Tesla Model S when the vehicle was both dormant and in motion.

The researchers from Keen Security Lab, a unit of China’s Tencent Holdings Ltd., published a video with an accompanying blog that revealed the hack. In it, the researchers remotely infiltrated the Model S’ controller area network bus, the unit responsible for intra-auto computer communication. Once they gained access, the researchers were able to manipulate and later safety controls, the breaking systems and the door locks.

The hackers were able to target and successfully compromise the popular electric car from up to 12 miles away, while the cars were still in motion.

Related article: Electric Carmaker Issues Patches for Vulnerabilities Discovered by Hackers

As all white-hat researchers do responsibly, the hacking trio of researchers withheld details of the vulnerability and their zero-day exploit to privately disclose the flaws to Tesla.

In their blog, the researchers wrote:

As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.

For its part, Tesla released a statement to reveal that a patch was developed and deployed within 10 days of receiving the vulnerability report from the security researchers. The carmakers insisted that the exploit was only triggered when its web browser was used, while underlining that the car required to be physically within the range of and connected to a malicious Wi-Fi hotspot.

Altogether, Tesla assessed the realistic risk posed to its customers was “very low,” while adding that it the threat estimate did not stopping the company and its security team from “responding quickly.”

Tesla is at an advantage when compared to most other carmakers, when releasing a patch. The company can directly push security patches and updates OTA (over-the-air) to its cars’ computer systems, wherever they are.

Image credit: Unsplash.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Detroit Auto Industry’s First Bug Bounty Launched

Fiat Chrysler has launched the first-ever bug bounty program for an automaker out of Detroit,...

Read more arrow_forward