The Tesla Model S can be vulnerable to wireless attacks, and this has been demonstrated by researchers from Keen Security Lab, a division of the Chinese internet giant Tencent. Tesla’s product security team confirmed the vulnerability, which was later patched via an over-the-air software update.

Tesla Model S
Image source: Wikimedia Commons

Vulnerability affecting the Model S

Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu and director Samuel Lv performed the hacks on a Tesla Model S P85 and 75D and said that their methods would work on multiple Tesla models. The hacking firm withheld the details of the first-world zero-day attacks and helped the EV firm resolve the issues before disclosing them to the world.

Many vehicle systems are controlled by the CAN bus, and the vulnerability targeted this. The control system requires the car to be connected to a malicious WiFi hotspot to take control and works via the in-car web browser. Though the set of circumstances required to compromise the car is quite narrow, for a determined attacker, it presents a clear opportunity to cause significant harm, notes The Verge.

There is a video demonstration in which researchers are seen using the mapping search function of the car to find the nearest charging point. They take over both the infotainment and instrument cluster screens and remotely unlock the doors. The researchers could open the trunk, activate the brakes and fold a side mirror while the vehicle was in motion. Also they were able to remotely open the sunroof, activate the signal lamps and move the power seats as well.

Tesla was quick to address it

In a statement to The Verge, Tesla said it took quick action to address the potential security issues, and within just 10 days of receiving this report, it developed an over-the-air software update (v7.1,2.36.31). Usage of the web browser triggers the issue demonstrated by Keen when the car is physically near and connected to a malicious WiFi hotspot.

“We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research,” Tesla said in the statement.

Tesla said its realistic estimate was that customers faced very low risk, but that did not stop it from responding quickly.

Photo by harry_nl