For a while there, it was apparently possible for someone to hack a moving Tesla while on the road and activate its brakes from miles away. The Chinese white hat hackers at Keen Security Lab demonstrated and reported the vulnerability to Tesla, which has already patched the problem in an over-the-air update.
In the below video, the security researchers at Keen are shown gaining remote access to the door locks, windshield wipers, turn signals, seat adjustment, moonroof, trunk and even the dash and panel displays of two different Teslas.
For their grand finale, the team calls up a colleague in an office twelve miles away and when they give him the command, he remotely engages the brakes on a moving Tesla from the office.
The Keen team says they spent several months researching the vulnerability and learning how to exploit it before reporting what they found to the company. According to Keen, the Tesla Product Security Team confirmed the vulnerability and both teams worked together to address and fix the issues.
The vulnerability involves the CAN bus, which is a protocol that allows microcontrollers within a vehicle to communicate with each other without the need of a host computer.
We've seen a Tesla pulled out of a garage remotely via an Amazon Alexa hack in a way that Tesla intended, but there haven't been many vulnerabilities like this exposed that could be exploited by malicious hackers.
Tesla reportedly fixed the issue quickly within just ten days of receiving the report from Keen via on over-the-air security update.
"The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot," Tesla told the Verge. "Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."
Tesla did not immediately respond to our request for confirmation and further comment. In the meantime, it's probably a good idea for all Tesla owners to make sure they have the latest firmware installed.
Source: Keen Security Lab