image

CNBC

Chinese company hacks Tesla car remotely

But hack requires user to connect to a malicious WiFi hotspot, and then use their web browser

PUBLISHED : Wednesday, 21 September, 2016, 11:35am
UPDATED : Wednesday, 21 September, 2016, 11:35am

A Chinese security team successfully hacked a Tesla Model S, and demonstrated several security vulnerabilities.

And yes, they showed they could control the car remotely, whether the car was parked or in motion.

The Keen Security team at Chinese company Tencent notified Tesla of the hacks, and Tesla issued an update patching the holes in just over a week. The team discussed the hack in a blog post, and in the video above.

The hack required a couple of conditions, of course. The driver would have to connect to a malicious WiFi hotspot, and then use the web browser. This is how the hackers were able to gain access.

The team advised Tesla owners to ensure they have the latest software update, on their post: “PLEASE DO UPDATE THE FIRMWARE OF YOUR TESLA CAR TO THE LATEST VERSION TO ENSURE THAT THE ISSUES ARE FIXED AND AVOID POTENTIAL DRIVING SAFETY RISKS.”

Teslas are certainly not the only cars that can be hacked — Chrysler recalled 1.4 million cars in early 2015 after a team of researchers hacked into and remotely controlled a Jeep. Whereas Tesla updated the software over the air, Chrysler owners had to contact the company for a USB stick with the update on it.

Tesla provided this statement to CNBC:

Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.

We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.