Zhejiang University team scoops 10,600 yuan for hacking into Tesla Model S

'White hat' hackers win contest as US electric car's maker says it's supportive of vulnerability research

PUBLISHED : Thursday, 17 July, 2014, 4:05pm
UPDATED : Tuesday, 24 November, 2015, 12:03pm

Computer hackers at a conference in Beijing have been successful in breaking into the software used in electric cars made by US firm Tesla Motors.

A team from Zhejiang University was awarded 10,600 yuan by the Symposium on Security for Asia Network (SyScan360), a security conference taking place in Beijing this week where attendees had been invited to hack into a Tesla Model S.

[Correction: it was initially reported that the team won US$10,000. However this grand prize was not awarded, as no hack met the specifications set by organisers.]

Organisers said on Friday: "Tesla Software Hack Challenge ended with team “yo”, from ZheJiang University, coming in first overall and winning ¥10,600 RMB in prize money. No team succeeded in the mission of hacking Tesla’s door and engine within the timeframe of the challenge. Therefore no one received the grand prize of $10,000 USD."

Tesla had said it welcomed news of any vulnerabilities discovered as a result of the hacking competition. "We support the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities," the company said on Wednesday.

"We hope that the security researchers will act responsibly and in good faith."

Hackers exploited a "flow design flaw" to gain access to the Tesla car's system, SyScan360 announced on Weibo. The loophole enabled attackers to remotely unlock the vehicle, sound the horn and flash the lights, and open the sunroof while the car was in motion. Organisers say they have reported the vulnerability to Tesla.

Security experts say Tesla, which recently announced plans to make all its technology and patents openly available, is particularly vulnerable to hackers, compared with manufacturers of traditional, non-electric cars.

"These new cars, especially hybrids, have a lot more software in them that has to be updated - these paths haven't really been probed yet by hackers," John Pescatore, director for emerging security trends at the Sans Institute, told Fox News last week.

"I assume for any electric car there's a huge amount of software to optimise and control things."

Pescatore said Tesla's good security reputation is "mainly because no one has pounded on them yet".

Last year, a team of researchers from the US Department of Defence's Defence Advanced Research Projects Agency remotely hacked into Toyota Motor and Ford Motor electric cars and was able to activate the horn and disable the brakes while the vehicle was in motion.