Tesla patches Model S after Chinese hack

Tencent hackers were able to take control of parts of the car from 19km away

Tesla has udpated its Model S firmware to avoid a hack demostrated by security researchers at Tencent. 

The electric carmaker rolled out the patch quickly after researchers at the Chinese tech giant successfully remotely targeted a vehicle. Tencent's security team, Keen Labs, had passed the details of the vulnerabilities to Tesla before taking the hack public.

Advertisement - Article continues below

Researchers were able to take control of the Tesla car by hacking its CAN bus, letting them control the sunroof, run lights off and on, open the doors, engage the brakes and locks, and fiddle with the main display from 19km away. 

"As far as we know, this is the first case of remote attack which compromises CAN Bus [the car's command system for things like remote locking] to achieve remote controls on Tesla cars," the researches said in a blog post. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."

The hack appeared to make use of flaws in a web browser. "I've said it a bunch, don't put browsers in cars," said security researcher Charlie Miller, now at Uber, over Twitter. "Huge attack surface and not really that useful."

Advertisement
Advertisement - Article continues below

Tesla said it had updated the cars' firmware within ten days of getting the Keen report, rolling it out over the air.

Advertisement - Article continues below

"The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot," the company said in a statement. "Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."

The Keen Labs researchers said Tesla owners should keep their cars updated. "Please do update the firmware of your Tesla car to the latest version to ensure that the issues are fixed and avoid potential driving safety risks."

While it's not the first case of a smart car being hacked, it also certainly won't be the last. "When done right, software can make our cars smarter and safer," said security analyst Graham Cluley in a blog post. "But we need dangerous bugs in the software to be ironed out, and a safe and simple way to update our cars without opening backdoors through which hackers can take advantage."

Advertisement - Article continues below

He added: "I'm in a quandary - should I pay extra for a car that isn't part of the internet of things, or will that make software and safety updates a right pain in the backside to deploy?" 

The research follows months of bad news for Tesla after a driver was killed while his vehicle was in Autopilot mode

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020