Several models of the Tesla S cars were hacked by researchers who were able to abruptly stop the car in its tracks, pop open the trunk while the car was being driven, and remotely turn on and off the windshield wipers.
The hacks demonstrated by China’s Keen Security Lab, a division of Tencent, were published Monday. Researchers privately disclosed the bugs to Tesla, which has already patched the vulnerabilities. The hacks are tied to the vehicle’s Controller Area Network (CAN bus) that controls how components of a vehicle communicate with each other, according to researchers.
In a video demonstrating their research, Samuel Lv, director of Keen Security Lab, showed how a remote attacker could control a stationary car’s blinkers, side mirrors, car seats, sunroof panel, door locks and in-vehicle displays.
While the vehicle was in motion, researchers were able to remotely force the car to brake with no driver intervention. Researchers say the hack was performed from the Keen Security Lab office’s miles from the onsite testing.
In a statement, Tesla said its drivers were at a very low risk of this vulnerability because of the complex set of circumstances that needed to be put in place in order to carry out the hack.
“The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to, and connected to, a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly,” Tesla said in a statement.
Researchers and Tesla said they are withholding technical details of the hack. However what can be said of the technique is that the attack was more nuanced than a fully remote hack, and it required very specific prerequisites.
Casey Ellis, CEO of the Bugcrowd, the facilitator of Tesla’s bug bounty program, said the turnaround from Keen Security Lab’s disclosure of the bug to 10 days later an over-the-air update was lighting fast.
“Tesla is one of the earlier companies to adopt a bug bounty program. It is absolutely stunning that this bug went from disclosure to patch in 10 days. For a system as complicated as a vehicle, it is an absolute phenomenal result,” Ellis said.
Tesla has worked with Bugcrowd for more than two years to manage its bug bounty program. Through its Tesla bug bounty program hackers can earn between $100 to $10,000 per verified bug.
“At this point, cars are two-ton computers that you sit in. So the feedback loop between automotive security researches and teams building safety into automobiles needs to small. It was no accident Tesla was able to move so fast. It was because Tesla designed its development architecture to work with security researchers,” Ellis said.
The move comes as more scrutiny is placed on automated, connected and computerized features within cars. In March, the FBI in conjunction with the National Highway Traffic Safety Administration issued a warning regarding car hacking stating it’s becoming an increasingly serious threats to connected vehicles.
In July, Fiat Chrysler introduced a bug bounty program that will be managed by Bugcrowd. Last year, Fiat Chrysler was thrust unwittingly in to the hacker limelight when researchers Chris Valasek and Charlie Miller remotely hacked a Jeep and took control of the vehicle, research that led to a recall of 1.4 million Fiat Chrysler automobiles.