Tesla Security Patch Released to Address Model S Hacking Vulnerabilities

September 21, 2016 by Jim Finkle

Tesla Motors Inc has rolled out a security patch for its electric cars after Chinese security researchers uncovered vulnerabilities they said allowed them to remotely attack a Tesla Model S sedan.

The automaker said that it had patched the bugs in a statement to Reuters on Tuesday, a day after cyber-security researchers with China’a Tencent Holdings Ltd disclosed their findings on their blog.

Interest in car hacking has surged since Fiat Chrysler last year recalled 1.4 million U.S. vehicles to fix onboard software bugs uncovered by two researchers. They demonstrated that they were able to gain remote control of a Jeep traveling at high speeds in a dramatic video posted on Wired.com.

Tesla said it was able to remedy the bugs uncovered by Tencent using an over-the-air fix to its vehicles, which saved customers the trouble of visiting dealers to obtain the update.

Tencent’s Keen Security Lab said on its blog that its researchers were able to remotely control some systems on the Tesla S in both driving and parking modes by exploiting the security bugs that were fixed by the automaker.

The blog said that Tencent believed its researchers were the first to gain remote control of a Tesla vehicle by hacking into an onboard computer system known as a CAN bus.

In a demonstration video, Tencent researchers remotely engaged the brake on a moving Tesla S, turned on its windshield wipers and opened the trunk.

“We have verified the attack vector on multiple varieties of Tesla Model S,” the blog said. “It is reasonable to assume that other Tesla models are affected.”

Tesla said it pushed out an over-the-air update to automatically update software on its vehicles within 10 days of learning about the bugs.

“Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly,” the statement said.

It said the attack could only be triggered when a Tesla web browser was in use and the vehicle was close enough to a malicious WiFi hot spot to connect to it. (Additional reporting by Alexandria Sage in San Francisco.