In the midst of all the hype surrounding next-gen automobile capabilities featured on Tesla vehicles, the company receives its share of bad press when something goes wrong with a sci-fi Tesla feature. Last week was no different, when one Shanghai-based Internet security firm demonstrated vulnerabilities in the Tesla software and performed unauthorized remote control on Tesla cars.
What is startling about these latest exploits is the range of actions that hackers managed to trigger remotely, some while the car was in motion, and one from 12 miles distant.
Here’s what the white hat hackers at Keen Security were able to achieve:
- On the research car when parked up, they remotely operated the sunroof, the indicator lights and adjusted the position and vertical tilt of the car seat.
The team claimed they had researched several Tesla models and, to demonstrate that claim, they exploited a brand new Tesla S75D to which they had not previously had physical access.
- While parked up and switched off, with the driver searching for the nearest charging station, the team remotely took control of the system using a laptop and planted a hacked message on the display consoles to prove the point. The driver was unable to regain use of the screens. Then they the unlocked the driver’s door remotely, from the laptop.
The more alarming exploits were demonstrated on the vehicle while it was in motion.
- From a laptop inside the car, the security researcher was able to switch on the windscreen wipers. Then indicator control was hacked during a lane change maneuver and the researcher was able to fold the wing mirror closed.
A vivid visual came next, again while the car was in motion.
- From the laptop, the researcher was able to unlock the trunk, which flew open in an abrupt and startling manner when viewed from inside the vehicle.
The final demonstration was the most unsettling. While the previous exploits were amusing and in the parlor game category, none of them could be considered life threatening to other road users.
- From an office 12 miles away, the researcher was able to remotely activate the emergency stop brake on a moving car. The effect was quite dramatic on the occupants. It was a fitting finale to an extremely interesting demonstration.
Connected cars loaded with automated functionality have already become a commonplace in the world of automobile research and development. Drivers are relieved of mundane tasks that otherwise keep drivers engaged in a traditional car, which means that Tesla drivers are not always in full control of their machines. The recent exploits therefore pose extremely high-risk to Tesla passengers. The security research firm, Keen Security, published a blog article and video detailing their exploits.
It should be noted that it took the Keen Security team many months of focused investigation to uncover the secrets for these contactless remote access exploits. However, it’s not the first time such exploits have been discovered.
Last year, a Tesla was exploited via its entertainment system and there were previous exploits before that. The general consensus is that the Tesla software is now very difficult to crack and that can only be a good thing. Tesla has already updated the firmware and owners are urged to download it as a matter of urgency. Not that your average computer geek will be easily able to uncover exploits. The guys at Keen Security are the crème de la crème of geekdom in that they dedicate 12 hours a day to their chosen career and insist that they work only on the side of the angels.
The best solution for now: Update the Tesla software with (some) patches to these vulnerabilities.