Chinese researchers have discovered major security vulnerabilities in several Tesla car models, allowing them to remotely apply the brakes, open the boot and perform other actions which could put drivers in danger.
A team at Shanghai-based Keen Security Lab – part of Chinese web behemoth Tencent – demonstrated the remote hacks in a video on their site.
In it, they open the car door, pop the sunroof, adjust the driver’s seat and turn the indicators on – all while in park mode.
However, more dangerous is the cyber-attack that allows them to fold the car’s wing mirrors when it changes lanes whilst driving, and another which brakes the car when in motion.
The team was tight-lipped on how they carried out the proof-of-concept attacks, although it worked on “multiple varieties of Tesla Model S” running the latest firmware at the time and they said it "is reasonable to assume that other Tesla models are affected."
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” Keen Security Lab claimed.
The CAN bus was famously compromised by Miller and Valasek in their much publicized research on a Jeep Cherokee last year which allowed them to demonstrate how a vehicle could be completely remotely controlled by hackers.
Cesare Garlati, chief security strategist at the non-profit prpl Foundation, argued that it is the modern car’s connectivity which often leaves it exposed to attack, especially as mechanical and electrical engineers don’t have the requisite TCP/IP skills to develop secure implementations.
“While it’s unfair to expect them to shoulder this burden, it is also unfair to place the onus squarely on the consumer who is likely to know even less about security. This is something which vendors, regulators and manufacturers must carefully consider as the evolution of connected cars continues,” he added.
“Interoperable open standards are the key requirement if we’re to improve IoT security – they will reduce that complexity by effectively outsourcing the trickiest work to the subject matter experts.”
Garlati’s prpl Foundation advocates three areas developers need to focus on to make the Internet of Things more secure.
These are: open source to improve the quality of the software; forging a root of trust in hardware to ensure firmware can’t be reflashed and replaced; and security-by-separation via hardware-assisted virtualization, to ensure lateral movement inside embedded systems is not allowed.
Tesla has reportedly now fixed the issues highlighted by the Chinese team in an over-the-air update, claiming that the bug could only be exploited if a car was physically near and connected to a malicious Wi-Fi hotspot.