A remote vulnerability for Tesla’s Model S has been demonstrated by researchers from Keen Security Lab, a division of the Chinese internet giant Tencent. The vulnerability was confirmed by Tesla’s product security team and has already been patched via an over-the-air software update, as Keen worked with Tesla to fix the flaw before going public.
The vulnerability compromises the CAN bus that controls many vehicle system in the car. It requires the car to be connected to a malicious wifi hotspot to take control and works via the in-car web browser. It’s an admittedly narrow set of circumstances required to compromise the car, but would present a clear opportunity for a determined attacker to cause significant harm.
In a video demonstration, a researcher uses the car’s mapping search function to find the nearest charging point. At that point, the researchers take over both the infotainment and instrument cluster screens and remotely unlock the doors. They were also able to open the trunk, fold a side mirror, and activate the brakes while the vehicle was in motion. Researchers were also able to remotely open the sunroof, move the power seats, and activate the signal lamps.
The Keen team said that Tesla had a “proactive attitude” towards its vulnerability report. It’s noteworthy that Tesla was able to turn around and deploy a fix within 10 days, while other automakers have required much more complex procedures to update cars following the exposure of major vulnerabilities.
SOURCE: THE VERGE
Also published on Medium.