Hackers Remotely Attack Moving Tesla Model S – PC Magazine

Did you think only Jeeps were vulnerable to hacking? Think again.

Chinese security researchers this week revealed multiple security vulnerabilities that allowed them to remotely hack a Tesla Model S sedan.

The electric car maker has already patched the bugs. But researchers from Keen Security Lab, a division of the Chinese Web giant Tencent, demonstrated their attack in a YouTube video posted Monday. The team was able to gain remote control of the unmodified, fully up-to-date car by hacking into an onboard computer system called CAN bus.

As you can see in the video below, the researchers opened a parked Tesla’s sunroof, turned on the steering lights, and moved its seat from their laptop while standing across a parking lot. They also demonstrated how they were able to remotely hack the car’s display to make it inoperable and show the Keen Security Lab logo, as well as open the vehicle’s door.

Next, they showed what they could do while the car was in motion — like remotely start the windshield wipers, fold in the car’s side view mirrors, and open the trunk. Perhaps most concerning, the researchers were able to manipulate the car’s brake system from 12 miles away, halting the car with the press of a button.

Achieving the hack took “several months on in-depth research,” the team said. They verified the attack vector on multiple versions of the Model S and assume the problem affects other Tesla models as well. Keen Security Lab said it notified the automaker, which confirmed the vulnerabilities and quickly fixed them.

In a statement to PCMag on Wednesday, a Tesla spokesperson downplayed the severity of this attack, but said the company quickly deployed an over-the-air software update to address it, and users will not have to take action.

“The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot,” the spokesperson said. “Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”

Further, in keeping with its bug bounty program, Tesla plans to reward Keen Security Lab for its research.