Hackers hijack Tesla Model S from afar, while the cars are moving

Chinese researchers control brakes, lights and mirrors with wireless attack

Keen Security Lab senior researcher Sen Nie (left) with director Samuel Lv
Keen Security Lab senior researcher Sen Nie (left) with director Samuel Lv

Video Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion.

Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks against a Tesla Model S P85 and 75D and say their efforts will work on multiple Tesla models.

The Shanghai, China-based hacking firm has withheld details of the world-first zero day attacks and privately disclosed the flaws to Tesla.

The firm worked on the attack for several months, eventually gaining access to the motor that moves the driver's seat, turning on indicators, opening the car’s sunroof and activating window wipers.

Keen Security Lab’s attacks also appear to compromise the touch screen that controls many of a Tesla's functions.

“We are able to fold the side mirrors when drivers are changing lanes,” Nie says in the demonstration.

“All attacks are contactless without physically modifying the car.”

The team demonstrate the remote attacks by triggering very sudden braking while director Lv’s model 75D was in motion at slow speed in a car park.

The researchers compromised the Teslas in both parking and driving modes.

Director Lv says this type of research is important as cars become more automated and tech-dependent.

He urged drivers to apply any updates when Telsa makes them available.

A Tesla spokesman told El Reg: "Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."

They continued: "We engaged with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research." ®

Youtube Video


Biting the hand that feeds IT © 1998–2017