Security Experts from Chinese based tech company Tencent have demonstrated that, they can remotely hack Tesla Motors. The vulnerabilities they leveraged were quickly patched by the carmaker.Keen Lab discovered new security vulnerabilities on Tesla motors and realized full attack chain to implement arbitrary CAN BUS and ECUs remote controls on Tesla motors with latest firmware.
Keen Lab has followed “responsible disclosure” process to reported all security vulnerabilities and related exploitations to Tesla. Tesla Product Security Team has verified and confirmed all the bugs in our report. Security patches have been made and updated to motors via FOTA efficiently in July.Last year they exploited Tesla cars and this was how everything went.
The reported issues affect multiple models of Tesla motors. Based on Tesla’s report, most of the active Tesla motors have been updated to new firmware with patches via FOTA. We appreciate Tesla Product Security Team for their quick response, quick fix and efficient patching via FOTA.
About Chinese Security Experts Hacks Tesla Motors
Keen Security Lab of Tencent, transformed from well-known security research team Keen Team, was established in Januaray, 2016. The team is focusing on the cutting-edge security research of mainstream PC/Mobile operating systems, applications, cloud computing technologies, IOT smart devices etc.
Team members of Keen Security Lab got 8 winner titles in Pwn2Own contests for the fourth consecutive year, and unified with Tencent PC Manager team to win Master of Pwn title in Pwn2Own 2016.
In 2015, 2 Best Previlige Escalation Award nominations were made by Blackhat Pwnie to Keen Lab’s achievements on Windows TTF and Ping Pong Root, together with one Lifetime Achievement Award nomination to Wushi for his 10-year continuous contribution to worldwide security research community.
In the past three years, Keen Security Lab has made rich research achievements in mobile security and IOT security, which are well recognized by worldwide software/internet vendors and security community.Keen Security Lab is one of the important constituent parts of Tencent Security.
The research output of Keen Security Lab will be widely applied into Tencent products and technologies. The research and exploration on IOT security and Telematics security will also help the “Connect Everything” vision of Tencent “Internet+” company strategy.
How Severe is the Exploit?
According to SecurityWeek, Tesla has been working closely with the researchers since their demonstration last year, said it patched the vulnerabilities with version v8.1, 17.26.0+ of the software, which it rolled out to customers via an over-the-air (OTA) update.
“While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring,” a Tesla spokesperson told SecurityWeek.
“This demonstration wasn’t easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems,” they added. “In order for anyone to have ever been affected by this, they would have had to use their car’s web browser and be served malicious content through a set of very unlikely circumstances.
We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research.”
Reminder to Tesla car owners: Please check if your car is with the firmware version 8.1 (17.26.0) or later. If NOT, please upgrade to the latest firmware to ensure all the issues are fixed.