Security Experts:

Tesla Model X Hacked by Chinese Experts

Security researchers from China-based tech company Tencent have once again demonstrated that they can remotely hack a Tesla. The vulnerabilities they leveraged were quickly patched by the carmaker.

Tencent’s Keen Security Lab published a video last year showing how they could hack a Tesla Model S, both while it was parked and on the move. They took control of the sunroof, turn signals, displays, door locks, windshield wipers, mirrors, the trunk and even the brakes.

At the time, Tesla patched the vulnerabilities within 10 days, but claimed that the vulnerabilities were not as easy to exploit as it appeared from the video published by Keen Security Lab researchers. Tesla Model X

In a new video and blog post published this week, the researchers claim they’ve once again managed to hack a Tesla, this time a Model X, via a Controller Area Network (CAN bus) and Electronic Control Unit (ECU) attack.

The experts said Tesla had implemented some new security mechanisms, including a signature integrity check for system firmware, since their previous attack. However, they managed to bypass these mechanisms and demonstrated a new attack.

In its video, Keen Security Lab showed that it managed to remotely unlock the doors and trunk in parking mode, control the brake in driving mode, and put on a light show using the car’s headlights and taillights by taking control of multiple ECUs.

Tesla, which has been working closely with the researchers since their demonstration last year, said it patched the vulnerabilities with version v8.1, 17.26.0+ of the software, which it rolled out to customers via an over-the-air (OTA) update.

“While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring,” a Tesla spokesperson told SecurityWeek.

“This demonstration wasn’t easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems,” they added. “In order for anyone to have ever been affected by this, they would have had to use their car’s web browser and be served malicious content through a set of very unlikely circumstances. We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research.”

Tesla has been running a bug bounty program since mid-2015. A few weeks later, the company increased its maximum payout to $10,000 after researchers disclosed a series of vulnerabilities.

Researchers at Norway-based security firm Promon showed last year how hackers could hijack Tesla vehicles by taking control of their associated mobile app, but the carmaker claimed none of the vulnerabilities they exploited were actually in Tesla products.

Related: Insecure Android Apps Expose Connected Cars

Related: Fiat Chrysler Recalls 1.4 Million Cars Following Jeep Hack

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.