Advertisement
Advertisement
Tesla
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
In a Twitter post on Monday, Tesla chief executive Elon Musk acknowledged Tencent Keen Security Lab for exposing flaws in the electric car maker’s Autopilot system. Photo: Agence France-Presse

Tencent-backed hackers who drew praise from Elon Musk once revealed flaws in Apple’s iOS

  • Tencent’s Keen Lab has exposed a number of flaws in the advanced driver-assistance system of Tesla
Tesla

A team of Chinese security researchers managed to trick a Tesla Model S to veer into an opposing lane.

Luckily for Elon Musk, the researchers belonged to Tesla shareholder Tencent Holdings’ security team, who were probing the Palo Alto-based electric car maker for security vulnerabilities.

The findings were made public in a report posted online last week by Tencent Keen Security Lab, which also duped Autopilot to turn on the car’s wipers and allow a wireless gamepad to take control of the steering system.

In a Twitter post on Monday, Tesla chief executive Musk acknowledged the Tencent researchers’ findings. “Solid work by Keen, as usual,” he said.

The Keen Lab report online attached feedback from Tesla. On the lane recognition flaw caused by placing tape on the road, Tesla said: “This is not a real-world concern given that a driver can easily override Autopilot at any time by using the steering wheel or brakes, and should be prepared to do so at all times.”
A Tesla Model S car was used by researchers at Tencent Keen Security Lab to demonstrate flaws in the US company’s Autopilot system. Photo: Agence France-Presse

Keen Lab has been doing security research work on Tesla’s Autopilot system for a few years. Its research findings have been made public at the annual Black Hat computer security conference in the US in the past two years.

Established in January 2016 after it was acquired by Tencent, Keen Lab has been recognised twice in Tesla’s Hall of Fame for Security Research for its previous reports. It is also a frequent winner in so-called global exploit contests.

The group behind Keen Lab previously gained recognition in cybersecurity circles for hacking Apple’s OS X Mavericks Safari system in 20 seconds and Windows 8.1 Adobe Flash in 15 seconds in the annual Pwn2Own computer hacking contest in 2014.

These Chinese hackers have won multiple top prizes in Pwn2Own since 2013. They were also nominated for their research at the 2016 Pwnie Awards, known as the Oscars of the security industry.

These researchers are renowned as so-called white hat or ethical hackers, experts who exploit vulnerabilities in software with the aim of improving its security.

In 2016, Keen Lab was responsible for the world’s first remote attack on a Tesla car. The group successfully unlocked the doors, opened the sunroof and manipulated the brake system without any physical contact with the car.

For that hack and its findings, Keen Lab received a US$40,000 cash award and a note of thanks from Musk.

Keen Lab’s research on advanced driver-assistance systems, such as Autopilot, is an integral part of Tencent’s own connected car initiatives. It is collaborating with Tencent’s partners, including Audi, Tesla and Daimler, to help improve the security of connected cars, according to Yiping Lv, the director of Keen Lab, during Tencent’s global partners event in 2017.

The team is also doing cutting-edge security research on mainstream personal computer and mobile operating systems, applications, cloud computing technologies and Internet of Things devices, among a number of technologies.

White hat hacker Wu Shi, who previously served as Keen Team’s chief scientist, now heads the group.

A Tencent spokeswoman verified details of Wu, without giving further comment about the team.

Before the Tencent acquisition, Wu made his name in the cybersecurity industry by reporting the biggest number of vulnerabilities in the world, according to an article published by Tencent’s cloud unit on its official WeChat account. It said Wu single-handedly revealed 15 flaws in Apple’s iOS, more than twice the number of defects that Apple’s internal team had earlier found.

In 2016, Wu was nominated at the Pwnie Awards for a Lifetime Achievement Award. He was recognised for “setting the bug bounty payday standard since the concept was invented”.

Driven by developments in big data and artificial intelligence as well as China’s own Cybersecurity Law, the mainland’s cybersecurity market is expected to grow 21 per cent this year to 60.2 billion yuan (US$8.9 billion) from a year ago, according to a research note by China Securities in January. Major Chinese technology companies, including security firm Qihoo 360, e-commerce services provider Alibaba Group Holding and internet giant Tencent, have stepped up their investments in this field, the report said. New York-listed Alibaba is the parent company of the South China Morning Post.

Tencent has already recruited some of China’s top hackers, including Yu Yang, also known as “Tombkeeper” and a senior figure in the country’s community of hackers. The Hong Kong-listed company’s security portfolio comprises seven security research groups, including Xuanwu Lab and Yunding Lab.

In the past four years, Qihoo 360 has also built an extensive portfolio of dozens of security firms through mergers and acquisitions, according to the China Securities.

Post