Researchers have managed to remotely slam on the brakes of a Tesla Model S from 12 miles away, pop the trunk and fold in the side mirror, all while the car was moving.
Keen Security Lab – a division of the Chinese internet giant Tencent – on Monday posted the results of several months’ worth of research into wireless attacks on several varieties of the car model.
You can see the demonstration here:
The attack gains access to the car’s network, which is called the CAN (Controller Area Network) bus.
First, the researchers had to compromise a nearby Wi-Fi hotspot to get control via the in-car web browser.
As the video shows, a researcher uses the car’s mapping search function to find the nearest charging station. Then, the researchers took over both the infotainment and instrument cluster screens and remotely unlocked the doors.
They also remotely opened the sunroof, moved the power seats, and switched on the turn signals.
If you’ve been reading about remote car takeovers over the past year, the vulnerable spot in the car – the CAN bus – should ring a bell.
Last year, automotive cybersecurity researchers Charlie Miller and Chris Valasek remotely hijacked the digital systems of a Jeep Cherokee from 10 miles away, including its brakes, accelerator, radio, horn and windshield wipers.
They too pulled it off via the CAN bus, physically plugging into the diagnostic port of the Jeep to send phony messages to the network.
Last year’s hack was carried out from Miller’s living room. It was pretty tame: the Jeep was creeping along at a speed of only 5 mph.
More recently, in July, the pair upped the ante. They took on a Jeep that had been patched for the flaw they found a year ago, and in spite of the software fix, they still managed to spin the wheel 90 degrees: this time, while the car was going at the far more hair-raising speed of 60 mph.
Miller and Valasek also managed to control the Jeep’s gas pedal and the brakes.
As Keen Lab’s video shows, the Chinese researchers similarly managed to achieve remote control on Tesla cars both in parking and driving mode.
Keen Lab contacted Tesla before going live with its findings. Tesla confirmed the vulnerability and, working with Keen, has since patched it.
The researchers are advising Tesla owners to update their cars’ firmware in order to protect against any potential threats the vulnerability may pose, regardless of how remote the possibility is.
Tesla sent this statement to The Verge:
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.
4 comments on “Hackers take over Tesla Model S while car is moving”
Can an end user disable this CAN? Or is that illegal in the US? What about the UK, where I live?
If you disable it, does the car still work?
The CAN bus is required for the vehicle to operate. The CAN bus is not the problem here, any more than the data bus in your PC is a problem. It’s the ability to access it inappropriately that needs to be fixed.
“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update”…
Oh, look: another attack vector!!!
who would thumb this down, it’s completely true, another attack vector