Chinese Hackers Take Control of a Tesla Model S’ Vital Functions Remotely
This is only going to make those people who don’t own smartphones and don’t have a Facebook account say “I told you so,” but we can’t argue against the evidence: the more technology gets crammed into our cars, the more exposed they’ll get to hacking attacks.
Does that mean we should revert to using close to zero computing power in our vehicles? Not at all, and even if it did, we’d be very curious to see the first company to come out and say it. Instead, the vehicles must get as much protection against this type of interference as possible.
Tesla was one of the first companies to offer hackers rewards for exposing weaknesses in its cars’ systems, a method that has become pretty widespread among other manufacturers lately. It’s better to have them working for you, rather than against you, we guess.
Up until now, the level at which Teslas have been hacked has been pretty benign. As infuriating as it might be to have someone open the sunroof on a rainy day, it doesn’t pose too great of a safety threat. Except for your hairdo, maybe. But being able to punch the brakes? That’s a completely different story.
When they think of hackers, the greatest fear for the owners of connected cars is that these people might actually take full control of their vehicles. While they’re inside. Overriding important commands such as acceleration, brakes or steering could have potentially catastrophic results for those in the car, but also others around it.
Keen Security Lab, a division of the Chinese internet giant Tencent, has just released a video demonstrating their ability to control various functions of a brand new Tesla Model S 75D. The takeover happened while the vehicle’s driver was looking for the nearest charging point, which presumably opened up an access port into Tesla’s systems.
From here on, the Keen Security Lab researchers were able to fiddle with the car by activating its windshield wipers, opening the hatch while the vehicle was moving or folding the side mirrors during a lane change. All these things can be distracting, but the real scare came at the end of the clip: the Model S was brought to a complete and sudden stop by a guy 12 miles away. Furthermore, the brake lamps did not go off, making this even more dangerous in a real-life scenario.
The researchers have only made their findings public after contacting Tesla and allowing the manufacturer to come up with a solution to this problem. Here is a statement the carmakers sent The Verge on this matter: “Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research”.