“We actively encourage research of this kind so that we can prevent potential issues from occurring,” Tesla says
Hackers from Chinese security firm Tencent Keen Security Lab revealed last week vulnerabilities in the Tesla Model X that allow the vehicle to be controlled remotely.
Remote attacks presented by the research team show everything from the Tesla’s doors and trunk being opened to the brakes being activated while the vehicle is in motion. The hackers were are also able to produce a synchronized light show set to music using the headlights of two cars.
“Keen Lab discovered new security vulnerabilities on Tesla motors and realized full attack chain to implement arbitrary CAN BUS and ECUs remote controls on Tesla motors with latest firmware,” a statement from the group said.
Tesla, who was informed of the exploits before Keen Security Lab publicly released its findings, patched the vulnerabilities in a July firmware update.
“Keen Lab has followed ‘responsible disclosure’ process to reported [sp] all security vulnerabilities and related exploitations to Tesla,” the statement continued. “Tesla Product Security Team has verified and confirmed all the bugs in our report.”
In a statement to tech website Bleeping Computer, a Tesla Motors spokesperson said the company encourages research groups to find and disclose bugs in vehicle software.
“While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring,” the spokesperson said.
“This demonstration wasn’t easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems. In order for anyone to have ever been affected by this, they would have had to use their car’s web browser and be served malicious content through a set of very unlikely circumstances.”
Keen Security Lab and Tesla have maintained a close relationship after the hackers last year demonstrated similar attacks against a Tesla Model S.
A video in 2016 showcased numerous attacks demonstrating control over a Tesla’s sunroof, dashboard screen, doors, lights, windows, chairs and brakes.
During a talk at the National Governors Association last month in Providence, Rhode Island, Tesla CEO Elon Musk said his biggest concern towards autonomous vehicles was a “fleet-wide hack.”
“I think one of the biggest concern for autonomous vehicles is somebody achieving a fleet-wide hack,” Musk said.
“In principles, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”
Tesla says it will continue working closely with Keen security Lab in order to ensure its vehicles remain as secure as possible.