Tesla Model S and Model X owners woke up to a surprise over-the-air (OTA) software update on Monday, days ahead of the company’s much-anticipated Version 8 software that promises an improved Autopilot system centered around radar technology. However, contrary to what owners were hoping for, it wasn’t v8.0. Instead, the company issued an update to existing Firmware v7.1 (2.36.31) after Chinese security firm Keen exposed a vulnerability that would allow attackers to remotely activate a vehicle’s brakes while the car is in motion.
Beyond being able to compromise one of the driving functions of the vehicle, researchers from Keen Security Lab were able to hack a new Model S 75D and remotely present the vehicle’s door handles, allowing a would-be thief to gain access to the interior of the car. The researchers exploited a search function from Tesla’s onboard web browser that would allow them to take control of the car and open the vehicle’s trunk, fold the mirrors while the car is in motion, move the power seats, as well as completely disable all touch controls from the main infotainment system.
Though the circumstances leading to a Model S or Model X to be hacked would be rare – it requires the driver to connect to a malicious WiFi network that the hacker has access to – the discovery highlights the inherent vulnerabilities with having a connected car.
Tesla quickly patched the security holes through an OTA update after working with Keen on addressing the issues. The company released the following statement to The Verge explaining details behind its recent v7.1 update:
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.
Tesla’s level of commitment to work with independent researchers and the general community on improving security (through a bug bounty program) is another great example on why this Silicon Valley automaker is serious about security and stands miles apart from other automakers.
Check out the demonstration video from Keen Security Lab showing a Model S being compromised.