Hackers from a Chinese security research group have developed a new attack that allows a Tesla to be exploited remotely.
Members of Keen Lab Security, who released video of the new hack Monday, demonstrated the first known remote attack against several Tesla Model S versions.
“With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode,” a Keen Lab Security blog post says.
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S.”
The hack, which has already been reported to and patched by Tesla, allows an attacker to control everything from the vehicle’s brakes to its windshield wipers.
After demonstrating control over a parked Tesla’s sunroof, dashboard screen, doors, lights, windows and chairs, the hackers revealed how the vehicle – while in motion – could have its brakes exploited from 12 miles away.
Tesla, who works closely with security researchers to find and fix such vulnerabilities, plans to reward the group for finding the issue.
“We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers,” a Tesla spokesperson said according to Wired. “We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.”
While the hack – which was quickly fixed with an over-the-air software update – may be worrisome to many Tesla owners, the company explained that such an attack requires very specific circumstances.
“The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot,” the spokesperson said. “Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”