Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components.
The vulnerabilities were discovered by researchers from Tencent’s Keen Security Lab, and responsibly disclosed to Tesla. The company’s Product Security Team confirmed them, and implemented fixes in the latest version of the firmware.
Tencent’s researchers understandably didn’t reveal details about the flaws, but have provided a video demonstration of the attacks:
They have managed to remotely open various Tesla cars’ sunroof, turn on the blinkers, move the car seat, and open doors, all while the cars were in parking mode. But they have also managed to control windshield wipers, fold the side rearview mirrors, open the trunk, and manipulate the brakes from 12 miles away.
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected,” they noted.
“The issue demonstrated is only triggered when the web browser is used (web browser functionality not enabled in Australia). Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly,” a Tesla spokesperson told ZDNet.
The software update fixing the flaws has already been deployed over-the-air, so details about them should soon be revealed.