CHINA TOPIX

12/22/2024 08:03:16 pm

Make CT Your Homepage

Chinese ‘White Hat’ Hackers Take Remote Control of a Tesla Model S

Seized

(Photo : Keen Security Lab) White hat hackers control a Tesla Model S.

Tesla Motors said it responded immediately to a successful attempt by Chinese "white hat" or ethical hackers that remotely seized control of a Tesla Model S sedan by compromising the vehicle's Controller Area Network (CAN) bus.

The successful hack by Keen Security Lab, a subsidiary of Chinese tech and media company Tencent, was the first case of a remote attack that compromised a CAN Bus to achieve remote controls of a Tesla car. The CAN bus is the system that allows the different segments of hardware in the car to interact with one another.

Like Us on Facebook

The white hat team gained control of the test Tesla sedan when the car was connected to a hacked Wi-Fi hotspot. To blame for the CAN bus vulnerability is Tesla's ability to roll-out over-the-air (OTA) updates to its vehicles as if they were mobile phones.

The Chinese team seized control of the Tesla Model S using the car's wireless network. Once inside the Tesla's computer, the white hats were able to control the car's infotainment system, move the car's power-operated seats, lock and unlock the doors, fold the mirrors, pop the trunk and engage the brakes while the car was moving -- a frightening scenario.

Tesla said within just 10 days of receiving the report from the Chinese, it deployed an OTA software update (v7.1, 2.36.31) that addresses the potential security issues. Tesla noted the issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot.

"Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly," said Tesla.

"We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today's demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research."

Real Time Analytics