A team of researchers from Keen Security Lab in China has released a video that seems to demonstrate a series of remote attacks on a Tesla Model S. The researchers claim no physical contact was needed for the attacks.
The first attacks seem harmless enough, remotely retracting the sunroof and operating the turn signals and power seats. The researchers then show how they can hack into a Model S’ infotainment system when it’s in parking mode. One researcher asks another to get into the car and search for the nearest charging station. In that unspecified amount of time, the researchers say they were able to take control over the demo car using a laptop positioned two parking spaces away. We then see that the gauge cluster display and center screen show the Keen Security Lab logo, and the touchscreen is unresponsive.
From here, the hacks get increasingly more serious. With the key fob taken a good distance away, the team uses a laptop to unlock the doors. The researchers then show what can be done while the car is driving, first taking control of the windshield wipers and then folding the side mirrors. Next, the liftgate trunk is opened while the car is in motion. For the researchers’ final trick, the brake is remotely applied—allegedly from 12 miles away.
Keen Security Lab says the demonstrations were carried out on an unmodified Model S running the latest Tesla firmware available at the time. The researchers say they notified Tesla’s product security team, who confirmed the vulnerabilities.
Tesla says these findings have already been addressed with an over-the-air update.
“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues,” a Tesla spokesperson told Motor Trend via email. “The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious WiFi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”
This isn’t the first time vulnerabilities have been exposed in a Tesla. Last year, a cybersecurity team was able to bring a Model S traveling at 5 mph to a halt, shutting down the screens and turning off the radio. More recently, a joint research team showed that sensors used for the Autopilot system and other functions can be fooled in very specific scenarios. In 2014, Tesla offered $10,000 to anyone who could successfully hack a Model S. The automaker continues to work with the cybersecurity community and rewards those that bring legitimate vulnerabilities to its attention.
“We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers,” the Tesla spokesperson said. “We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.”
Car hacking has been in the news recently after two hackers took control of a Jeep Cherokee last year to demonstrate vulnerabilities in Fiat Chrysler’s Uconnect infotainment system. That event prompted FCA to recall 1.4 million vehicles to update the software. Earlier this year, the FBI issued a public service announcement warning people of the dangers of car hacking. Automotive cybersecurity will continue to be a hot topic as cars gain more technology and we inch closer to autonomous driving.
Check out the video below to see the researchers carry out the attacks on a Tesla Model S. Skip ahead about 1 minute for the start of the action.
Source: Keen Security Lab
The post Researchers Demonstrate Hacks on Tesla Model S (W/Video) appeared first on Motor Trend.
from Motor Trend http://ift.tt/2cFgj2z
Aucun commentaire:
Enregistrer un commentaire