From a distance of 12 miles, hackers from Keen Security Lab used a laptop to manipulate the braking system of a Tesla Model S.
The Keen Security Lab team reported their findings to Tesla before going public. Tesla has since issued an over-the-air software update.
In a video uploaded by Keen Security Lab, a researcher demonstrated how it’s possible to take over the infotainment system, unlock the doors and trunk, fold a side mirror, and activate the brakes while the car is in motion.
It’s important to note that this attack requires the car to be connected to a malicious Wi-Fi hotspot, making a successful attack highly unlikely. With the right tools and determination, however, it wouldn’t be impossible.
It’s nice to see a third-party security team working with a manufacturer to detect and fix vulnerabilities in products.
In a statement, Tesla said:
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.