Chinese Hackers (Lab Research Types) Seized Control Of The Tesla Model S
Tesla's ability to roll over-the-air updates out to its vehicles like they were iPhones is just one of the ways the company is redefining cars—but that advantage can also be a weakness. A group of Chinese hackers recently found a way to seize control of the Tesla Model S using the car's wireless network.
A group of researchers with the Keen Security Lab, a part of Chinese tech and media company Tencent, announced on Monday that they discovered the vulnerability after spending multiple months of "in-depth research" on Tesla vehicles. The group discovered that it was able to take control of the Tesla's Controller Area Network (CAN) bus, the system that allows the different pieces of hardware in the car to interact, when the car was connected to a hacked Wi-Fi hotspot.
Once the hackers remotely made their way into the Tesla's computer, they were able to control the car's infotainment and gauge cluster screens, move the car's power-operated seats, lock and unlock the doors, fold the mirrors, pop the trunk—and worst of all, engage the brakes while the car was rolling.
Unlike the cyber-criminals of the world who might use such information for evil, however, the Keen hackers went to Tesla with their discovery before going public. Tesla employees then confirmed the discovery was a real problem and went to work on a fix, rolling it out to all the afflicted cars in its fleet.
Tesla issued the following statement to The Verge (Verge as per its website:The Verge was founded in 2011 in partnership with Vox Media, and covers the intersection of technology, science, art, and culture. Its mission is to offer in-depth reporting and long-form feature stories, breaking news coverage, product information, and community content in a unified and cohesive manner. The site is powered by Vox Media's Chorus platform, a modern media stack built for web-native news in the 21st century.)
"Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research."
YouTube video made by the Keen Lab researchers demoing the various hacks they pulled off; 08:05, audio is Chinese, but English close captioning.
Thanks for that Jack. Sadly, this could well be the new reality. A potential "good" thing might be that the (malicious) hackers might divert their attention to cars and leave Windoze alone........Yeah! Right!
That is scary !