Hackers Gain Remote Control Access To Model S, Tesla Pushes Security Fix – (w/video)

SEP 20 2016 BY STEVEN LOVEDAY 17

People are very concerned that the rise of connected cars will lead to devastating issues caused by hackers. This is a justifiable fear, as there is always the possibility (however remote) that hackers could go so far as to control vehicles, causing accidents. The same new technology in vehicles that is present to minimize accidents, could be accessed with criminal intentions.

Keen Security Lab Was Able To Apply the Brakes From 12 Miles Away

Keen Security Lab Was Able To Apply the Brakes From 12 Miles Away

So far, the problem hasn’t been widespread. However, we have seen some instances of hacking, most of which are hackers revealing security issues in order to benefit the automakers. Thus far, hacking has been mostly limited to accessing components like mirrors, door locks, moonroofs, lighting, and personal information.

Now for the first time, hackers have publicly demonstrated the ability to hack the Tesla Model S, and to hack “driving related” systems via a compromised wifi/open browser connection initiated by the car’s owner – which obviously limits the area and scope in which the Tesla could be commandeered.

Fortunately, the hackers from Keen Security Lab, did not have any ulterior motives, and reported the discovered vulnerabilities to Tesla prior to publicizing the video.

As technology continues to progress, more breaches will be discovered and addressed. In the end, highly-encrypted technology should be more difficult to hack than simply popping a lock or hot-wiring a vehicle. Hopefully, in the future, vehicle vulnerabilities will continue to be discovered prior to any catastrophic consequences.

Video Description by Keen Security Lab via YouTube:

With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode. It is worth to note that we used an unmodified car with latest firmware to demonstrate the attack.

Following the global industry practice on “responsible disclosure” of product security vulnerabilities, we have reported the technical details of all the vulnerabilities discovered in the research to Tesla. The vulnerabilities have been confirmed by Tesla Product Security Team.

Keen Security Lab appreciates the proactive attitude and efforts of Tesla Security Team, leading by Chris Evans, on responding our vulnerability report and taking actions to fix the issues efficiently. Keen Security Lab is coordinating with Tesla on issue fixing to ensure the driving safety of Tesla users.

As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected. Keen Security Lab would like to send out this reminder to all Tesla car owners:

PLEASE DO UPDATE THE FIRMWARE OF YOUR TESLA CAR TO THE LATEST VERSION TO ENSURE THAT THE ISSUES ARE FIXED AND AVOID POTENTIAL DRIVING SAFETY RISKS.

This video demonstrates the impact of our remote attack vector. REMINDER: WHAT YOU ARE ABOUT TO SEE IN THIS VIDEO ARE PERFORMED BY PROFESSIONAL RESEARCHERS, DO NOT TRY THIS AT HOME.

Tesla statement on the discovery (via The Verge):

“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.

We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.”

 

Categories: Tesla

Tags:

Leave a Reply

17 Comments on "Hackers Gain Remote Control Access To Model S, Tesla Pushes Security Fix – (w/video)"

newest oldest most voted

Poor white Tesla. They leave the doors open during the rain, and then open the moon roof. Later, they use the hood as a desk for their laptop.

I enjoy watching some good white hat hacking. Glad Tesla fixed it quick.

Amazing, good job on the test lab finding the issues.

Very happy these guys did the right thing and reported the bug to Tesla. Likewise happy for Tesla vision in enabling OTA updates.

Do the lab people get money for finding hacking access to the car?

Yeah – there is a bug bounty program and a hacker hall of fame: https://www.tesla.com/about/legal#security-vulnerability-reporting-policy

Did they say what the vector was?
How do we know someone off camera wasn’t using their phone app?

How do we know someone off camera wasn’t using their phone app?

Because Tesla confirmed the vulnerability?

That’s super frightening. Makes me think of the horror movie “The lift” but in a car version remake.

Everyone, please bear in mind they had physical access to the vehicle, modified it heavily, and it was not on the standard Tesla 3G/4GLTE cellular wireless network. I mean, they loaded a custom version of the operating system. That is far from trivial. Compared to the Jeep Liberty vulnerability and Nissan Leaf “just the VIN, no password” vulnerability, this is esoteric.

I think you misunderstand what happened. The hackers didn’t need physical access to the car; they just needed the driver to initiate an Internet connection (in this case, by asking him to search for the nearest charging location). This is something that any Tesla driver (or passenger) might do without being asked. A hacker could, for example, just park near a busy Supercharger location and “ping” for any Tesla car that is actively connected to the Internet.

Loading the custom operating system into the car was done wirelessly, and (so far as I can see) without any aid from the driver, once he established an Internet connection.

They said in the video that they did not modify anything in the vehicle.

Good for Tesla in being proactive regarding software/data security, and having that “bug bounty” program. Many, many more companies (and government agencies) should do that; not just auto makers. In fact, this should be standard procedure for every company that has confidential data, including customer records, which it needs to protect.

“Thus far, hacking has been mostly limited to accessing components like mirrors, door locks, moonroofs, lighting, and personal information.”

You mean in the Tesla S, right? Since a Jeep was hacked around 2 years ago and the hackers got control of brakes, steering, …

From inside the Jeep, however.

This is braking news! … Literally

Not as funny as my cousin who had bought a watch which could ‘capture’ remote control signals, in theory for watching TV with.
He discovered it also worked on his workmate’s new after market car alarm.
Oh the fun he had continually disarming his mate’s car through the morning while his mate got more and more angry with his seemingly malfunctioning alarm!
When he reached the point that he was going to rip it out with his bare hands, my cousin said, “Calm down. Let me reset it for you…”
Normality resumed after my cousin had successfully kept out of spanner’s reach as his mate chased him around the workshop!