CATEGORIES
home News

Tesla Issues OTA Security Update After Hackers Wirelessly Engage Model S Brakes From 12 Miles Away

by Paul LillyWednesday, September 21, 2016, 11:04 AM EDT
Tesla Model S

Researchers from Keen Security Lab in China discovered and demonstrated a vulnerability in Tesla's Model S vehicles that could allow a remote hacker to fiddle with various controls, everything from opening the moon roof and adjusting the power seats to even applying the brakes. The security outfit shared its findings with Tesla, which issued an over-the-air update to plug the security hole.

The researchers said they spent several months looking for vulnerabilities in Tesla's connected vehicles and were able to find several security holes. What's particularly alarming about the flaws they found is the ability to remotely manipulate them without any physical contact or alterations to the target vehicle, both in Parking and Driving mode. That's a scary proposition as more and more vehicles tap into the Internet for various creature comforts.

In this case, the researchers initiated the hack through the vehicle's CAN Bus, an attack vector that exists on multiple varieties of the Model S. The vehicle must be connected to a compromised Wi-Fi hotspot for this to work, but in instances where that might happen, hackers would be able to take control of the infotainment and instrument cluster screens, remotely unlock the doors, open the trunk, apply the brakes, and more.


To Tesla's credit, it was quick to react with a security update.

"Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly," Tesla said in a statement provided to The Verge.

"We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research," Tesla added.

It's impressive that Tesla was able to issue a fix so quickly, even for a security flaw that it considered to have a "very low" level or risk.
Tags:  security, Tesla, Model S, (NASDAQ:TSLA)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment