Tesla fixes security bugs after claims of Model S hack

In that unspecified amount of time, the researchers say they were able to take control over the demo auto using a laptop positioned two parking spaces away.

For starters, the researchers locked the touchscreen controls to show a message proving the Tesla was pwned by Keen Security.

A Chinese security team successfully hacked a Tesla Model S, and demonstrated several security vulnerabilities.

Tesla has closed the security holes and the researchers urged Tesla owners to update to the latest firmware immediately in order to “avoid potential driving safety risks”.

Once remote access to the auto has been established, the hackers are then able to control various features, including the brakes, while the vehicle is moving.

It said the attack could only be triggered when a Tesla web browser was in use and the vehicle was close enough to a malicious WiFi hot spot to connect to it.

In a blog post, Keen said its attack vector impacted multiple models of Tesla.

In a demonstration video, Tencent researchers remotely engaged the brake on a moving Tesla S, turned on its windshield wipers and opened the trunk.

Connected cars are often talked about for their potential vulnerabilities to hackers. And if history is any indication, it might not be the last time hackers pwn smart cars.

In a YouTube clip, the Keen team demonstrates how they can remotely apply the brakes, unlock the auto, manipulate its seats, mirrors, and indicators, and take over the car’s web browser. Earlier this year hackers showed how they could remotely hijack a Jeep Cherokee while it was traveling at 70 miles per hour on the highway, disabling it completely. A Tesla spokesperson told us the hack required specific steps, such as being connected to a “malicious” Wi-Fi hotspot.

In a statement to The Verge, the automaker said that it was able to fix the issue and sent an OTA update (v7.1, 2.36.31) within merely 10 days after the Keene Lab reported it. It affected vehicles including the Model S, that used (then-) up-to-date firmware. According to Keen, the Tesla Product Security Team confirmed the vulnerability and both teams worked together to address and fix the issues. “We commend the research team behind today’s demonstration and plan to reward them under our bug bounty programme, which was set up to encourage this type of research”.