Tesla patches Model S after Chinese hack

Tencent hackers were able to take control of parts of the car from 19km away

Tesla has udpated its Model S firmware to avoid a hack demostrated by security researchers at Tencent. 

The electric carmaker rolled out the patch quickly after researchers at the Chinese tech giant successfully remotely targeted a vehicle. Tencent's security team, Keen Labs, had passed the details of the vulnerabilities to Tesla before taking the hack public.

Researchers were able to take control of the Tesla car by hacking its CAN bus, letting them control the sunroof, run lights off and on, open the doors, engage the brakes and locks, and fiddle with the main display from 19km away. 

"As far as we know, this is the first case of remote attack which compromises CAN Bus [the car's command system for things like remote locking] to achieve remote controls on Tesla cars," the researches said in a blog post. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."

Advertisement - Article continues below
Advertisement - Article continues below

The hack appeared to make use of flaws in a web browser. "I've said it a bunch, don't put browsers in cars," said security researcher Charlie Miller, now at Uber, over Twitter. "Huge attack surface and not really that useful."

Tesla said it had updated the cars' firmware within ten days of getting the Keen report, rolling it out over the air.

"The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot," the company said in a statement. "Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."

The Keen Labs researchers said Tesla owners should keep their cars updated. "Please do update the firmware of your Tesla car to the latest version to ensure that the issues are fixed and avoid potential driving safety risks."

While it's not the first case of a smart car being hacked, it also certainly won't be the last. "When done right, software can make our cars smarter and safer," said security analyst Graham Cluley in a blog post. "But we need dangerous bugs in the software to be ironed out, and a safe and simple way to update our cars without opening backdoors through which hackers can take advantage."

He added: "I'm in a quandary - should I pay extra for a car that isn't part of the internet of things, or will that make software and safety updates a right pain in the backside to deploy?" 

Advertisement - Article continues below

The research follows months of bad news for Tesla after a driver was killed while his vehicle was in Autopilot mode

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020