IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
Hackers have managed to take control of a Tesla Model S while the car was moving and slam on the brakes.
The attackers, who were situated 12 miles away, also popped open the bonnet and folded in the side mirror. Mercifully, the hackers were actually researchers looking for cyber vulnerabilities.
The attackers gained access to the car’s CAN (controller area network) after compromising a nearby Wi-Fi hotspot and taking control of the in-car web browser.
A researcher exploited the car’s mapping search function to find the nearest charging station, before taking control of the car’s infotainment and instrument cluster screens and remotely unlocking the doors.
They also remotely opened the sunroof, moved the power seats and turned on the indicators.
Last year a Jeep Cherokee was hacked from 10 miles away. The researchers, who could control the brakes, accelerator, radio, horn and windshield wipers, also targeted the CAN bus, physically plugging into the Jeep’s diagnostic port to send rogue signals to the network.
Tesla, which was notified of the findings before the media, confirmed the vulnerability and have since patched it with the help of Keen Security Lab.
The researchers are advising Tesla owners to update their cars’ firmware.
Scrambling to limit the reputational damage from the report, Tesla issued this statement to The Verge:
Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.
Listen to the IFSEC Insider podcast!
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
Watch the Tesla Model S being hacked and controlled from 12 miles awayHackers have managed to take control of a Tesla Model S while the car was moving – and all from 12 miles away.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Paxton employees raise over £9k for Teenage Cancer Trust
Security benefits of installing mesh networks
The Body Shop boosts operational efficiency with locker solution
