A remote vulnerability for Tesla’s Model S has been demonstrated by researchers from Keen Security Lab, a division of the Chinese internet giant Tencent. The vulnerability was confirmed by Tesla’s product security team and has already been patched via an over-the-air software update, as Keen worked with Tesla to fix the flaw before going public.
The vulnerability compromises the CAN bus that controls many vehicle system in the car. It requires the car to be connected to a malicious wifi hotspot to take control and works via the in-car web browser. It’s an admittedly narrow set of circumstances required to compromise the car, but would present a clear opportunity for a determined attacker to cause significant harm.
In a video demonstration, a researcher uses the car’s mapping search function to find the nearest charging point. At that point, the researchers take over both the infotainment and instrument cluster screens and remotely unlock the doors. They were also able to open the trunk, fold a side mirror, and activate the brakes while the vehicle was in motion. Researchers were also able to remotely open the sunroof, move the power seats, and activate the signal lamps.
Tesla issued this statement to The Verge:
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.
The Keen team said that Tesla had a "proactive attitude" towards its vulnerability report. It’s noteworthy that Tesla was able to turn around and deploy a fix within 10 days, while other automakers have required much more complex procedures to update cars following the exposure of major vulnerabilities.