After several months of in-depth research, Keen Security Lab has discovered multiple security vulnerabilities in Tesla cars. The researchers successfully implemented remote control on Tesla Model S in both parking and driving mode.
Following the global industry practice on “responsible disclosure” of product security vulnerabilities, Keen Security Lab reported the technical details of all vulnerabilities discovered in the research to Tesla. The vulnerabilities have been confirmed by the Tesla Product Security Team. The researchers used an unmodified car with latest firmware to demonstrate the attack. Keen Security Lab said it appreciates the proactive attitude and efforts of Tesla Security Team, lead by Chris Evans, on responding to its vulnerability report and taking actions to fix the issues. The researchers have been coordinating with Tesla on fixing the issue.
Not many technical details of the hack have been published, but to the researchers’ knowledge, this is the first case of a remote attack which compromises the CAN network to achieve remote control of a Tesla car. They verified the attack vector on multiple varieties of Tesla Model S. From the published video, it seems like the hackers used a vulnerability of the car’s integrated web browser. They managed to control the seats, mirrors, windshield wipers, and most importantly the brakes.
The Keen Security Lab of Tencent was established in January, 2016. The team focuses on the security research of mainstream PC/mobile operating systems, applications, cloud computing technologies, IOT smart devices, etc. The research output of Keen Security Lab is applied to Tencent products and technologies. Tencent is a Chinese investment holding company, whose subsidiaries provide media, entertainment, internet, and mobile phone value-added services and operate online advertising services in China. It is one of the largest Internet companies in the world, whose services include social network, web portals, e-commerce, and multiplayer online games.
News and reports