Tesla patches Model S after Chinese hack

Tencent hackers were able to take control of parts of the car from 19km away

Tesla has udpated its Model S firmware to avoid a hack demostrated by security researchers at Tencent. 

The electric carmaker rolled out the patch quickly after researchers at the Chinese tech giant successfully remotely targeted a vehicle. Tencent's security team, Keen Labs, had passed the details of the vulnerabilities to Tesla before taking the hack public.

Researchers were able to take control of the Tesla car by hacking its CAN bus, letting them control the sunroof, run lights off and on, open the doors, engage the brakes and locks, and fiddle with the main display from 19km away. 

"As far as we know, this is the first case of remote attack which compromises CAN Bus [the car's command system for things like remote locking] to achieve remote controls on Tesla cars," the researches said in a blog post. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."

The hack appeared to make use of flaws in a web browser. "I've said it a bunch, don't put browsers in cars," said security researcher Charlie Miller, now at Uber, over Twitter. "Huge attack surface and not really that useful."

Tesla said it had updated the cars' firmware within ten days of getting the Keen report, rolling it out over the air.

"The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot," the company said in a statement. "Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."

The Keen Labs researchers said Tesla owners should keep their cars updated. "Please do update the firmware of your Tesla car to the latest version to ensure that the issues are fixed and avoid potential driving safety risks."

While it's not the first case of a smart car being hacked, it also certainly won't be the last. "When done right, software can make our cars smarter and safer," said security analyst Graham Cluley in a blog post. "But we need dangerous bugs in the software to be ironed out, and a safe and simple way to update our cars without opening backdoors through which hackers can take advantage."

He added: "I'm in a quandary - should I pay extra for a car that isn't part of the internet of things, or will that make software and safety updates a right pain in the backside to deploy?" 

The research follows months of bad news for Tesla after a driver was killed while his vehicle was in Autopilot mode

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020