Tesla Model 3 Pwned As Hack Disables Autopilot Notifications, Speedometer, Climate Controls And More

by Brandon Hill — Saturday, March 21, 2020, 01:45 PM EDT

There’s no question that the Tesla Model 3 is one of the most advanced cars on the planet, thanks in part to its advanced EV powertrain, its heavy use of powerful computers for its Autopilot self-driving system, and its heavy software integration with numerous vehicle functions. Tesla is also a leader in the industry when it comes to over-the-air updates that bring new features or fixes for existing features (and in some cases, removing features altogether).

That complex integration of software and hardware is coming to light in findings posted by “Jacob A” of SafeKeep Cybersecurity. Jacob describes himself as a veteran security engineer that has disclosed previous Model 3 vulnerabilities. This time around, he has uncovered a denial of service (DoS) exploit within the web interface that runs on the Model 3’s central display. This display is the only way to gain access to many major vehicle functions and see things like current speed, range, charge status, autopilot status, etc.

Due to a JIT bug found in the web browser, Jacob was able to craft a malicious web page that can be accessed from the central display while driving (yes, you can interact with the internet while driving a Model 3). Once you visit this web page, it completely freezes the display screen, including all information that is currently being shown.

That means that you can no longer interact with the display by touch to modify vehicle settings (i.e. climate control and seat heater functions), while the speedometer is also frozen. While you can physically use your turn signals, the repeating arrows on the display no longer work. In addition, all notifications for Autopilot cease to operate, although Jacob adds, “If you keep pressure on the wheel, AP will continue to function.”

According to Jacob, this vulnerability affects all Model 3 vehicles running software version 2020.4.10 or older. However, he was able to work with the software engineers at Tesla – following proper disclosure practices with Tesla’s Bugcrowd bounty program – so that it is resolved starting with all subsequent Model 3 software updates.

In other Tesla news, the company just recently started deliveries of its Model Y crossover. The Model Y is largely based on the Model 3, and features a more versatile hatchback design rather than a trunk. It also has seating for up to 7 people, but we’d imagine that only children would be [mildly] comfortable in the third row.

Tags: security, Tesla, (NASDAQ:TSLA), autopilot, bug bounty, model 3

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now