Security researchers have identified a number of vulnerabilities that could be exploited to remotely hijack a Tesla Model S. The hack works both while the vehicle is on the move and when it's parked.
"We have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode," security firm Keen Security Lab wrote in a blog post. "We used an unmodified car with the latest firmware to demonstrate the attack."
Keen Lab said the hacks worked on multiple models of Tesla and believed other Tesla models could also be affected. "As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the blog post said. "We have verified the attack vector on multiple varieties of Tesla Model S."
The Security Lab published a video on Monday demonstrating the hack. It appears that the car can be identified and hacked while its owner is searching for nearby charging stations.
While the vehicle was parked, white hat hackers managed to control the sunroof, displays, door locking system, and the position of the seats. When the car was on the road, security experts showed that they could activate the windshield wipers, open the trunk, and fold the side view mirrors. From a distance of 12 miles, hackers can also activate brakes of the Model S, according to this PoC video.
Tesla's response to wireless attack on Tesla Model S
Tesla Motors released a statement saying that the company addressed the vulnerabilities found by Keen Lab within 10 days of being notified. The company also emphasized that the attacks are not fully remote and not as easy to carry out as the researchers have suggested. Keen Lab said that Tesla had a "proactive attitude" towards the vulnerability report.
It is noteworthy that Tesla can release OTA firmware updates to fix the issues. Which means that unlike other automakers the company does not need to recall any vehicles or go through complex procedures.
Here's the complete statement (emphasis is ours):
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.