An electric car isn’t run by mechanical parts, it’s run by computers. As we all know, computers are never truly secure, but the real test is how quickly a company can patch a vulnerability.
Researchers often find ways to tamper with a car’s electronic systems and many large car manufacturers try to hush the researchers and work on resolving the issues later in time.
Tesla is not that kind of company. Tesla has a running track record of excellence in updating their vehicles as vulnerabilities arise. This truly show’s their determination to make sure the Model S, X, and ≡ (3).
Security researchers at the Chinese Internet company Tencent’s Keen Security Lab privately revealed a security bug in Tesla Model S cars that allowed an attacker to achieve remote access to a vehicle’s Controller Area Network (CAN) and take over functions of the vehicle while parked or moving. The Keen researchers were able to remotely open the doors and trunk of an unmodified Model S, and they were also able to take control of its display. Perhaps most notably, the researchers remotely activated the brakes of a moving Model S once the car had been breached by an attack on the car’s built-in Web browser.
Tesla of course has already issued an over-the-air firmware patch to fix the situation.
Previous hacks of Tesla vehicles have required physical access to the car. The Keen attack exploited a bug in Tesla’s Web browser, which required the vehicle to be connected to a malicious Wi-Fi hotspot. This allowed the attackers to stage a “man-in-the-middle” attack, according to researchers. In a statement on the vulnerability, a Tesla spokesman said, “our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.” After Keen brought the vulnerability to Bugcrowd, the company managing Tesla’s bug bounty program, it took just 10 days for Tesla to generate a fix.
Full details of the attack were not revealed. But in a video demonstrating the attack (shown below), researchers exploited the in-car browser of an unmodified vehicle by intercepting a search for the nearest charging station. The exploit then allowed the researchers to gain remote control over Wi-Fi to door locks, seat adjustments, signals, and other controls including the vehicle’s displays. While moving, the researchers were also able to demonstrate remote control of the vehicle’s rear hatch and the brakes, bringing the car to a very sudden stop from a computer 12 miles away.
What are your thoughts on this? Let us know below!