0814teslamodels06100617596orig
Security

Researchers demonstrate remote attack against Tesla Model S

Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world -- among other things, it has a bug bounty program. But that doesn't mean the software in its cars is free of security flaws.

Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the breaking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other.

"As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the researchers from Tencent's Keen Security Lab said in a blog post Monday. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."

The blog post is accompanied by a demonstration video in which the researchers show what they can achieve through their attack, which works either while the car is parked or being driven.

First, while the car was parked, the researchers used a laptop to remotely open its sunroof, activate the steering light, reposition the driver's seat, take over the dashboard and central display and unlock the car.

In a second demonstration, they turned on the windshield wipers while the car was being driven at low speed in a parking lot for demonstration purposes. They also showed that they can open the trunk and fold the side-view mirror when the driver is trying to change lanes. While these operations can be distracting to the driver in certain situations, causing a safety risk, the most dangerous thing they were able to do was to engage the car's breaking from 12 miles away.

Such an attack, performed against a car being driven at high speed on a highway, could result in a serious rear-end collision.

The researchers reported all of the vulnerabilities through Tesla's bug bounty program, and the company is working on patches. Fortunately, Tesla cars can receive firmware updates remotely and Tesla car owners are advised to make sure that their vehicles are always running the latest software version.

Car hacking has become a hot topic in recent years among security researchers, regulators and car manufacturers themselves. As cars become more interconnected, the ways in which they can be remotely hacked will only increase, so it's important that the computers handling critical safety features are isolated and protected.

Tesla did not immediately respond to a request for comment.

IDG Insider

PREVIOUS ARTICLE

« Stanford researchers invent tech workaround to net neutrality fights

NEXT ARTICLE

Triple-helix touted for tech growth »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech

Poll

Do you think your smartphone is making you a workaholic?