The Register writes:
Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion.
Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks against a Tesla Model S P85 and 75D and say their efforts will work on multiple Tesla models.
The Shanghai, China-based hacking firm has withheld details of the world-first zero day attacks and privately disclosed the flaws to Tesla.
Full details of how the researchers were able to hack the Tesla have not been made public, but it appears from the video that part of the process involved intercepting a Tesla owner’s attempt to find the nearest charging station.
Tesla says that it has awarded the researchers under its bug bounty program, and said a patch for the flaw had already been created and rolled-out to affected vehicles:
“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”
This isn’t, of course, the first time that Teslas have proven themselves to be vulnerable to hackers.
Concerns were raised a few years ago that the only thing which stopped a hacker from stealing your $100,000 vehicle was a simple six-character password.
It’s not going to be too long before all of us are driving ‘connected’ cars. I’m in a quandary – should I pay extra for a car that *isn’t* part of the internet of things, or will that make software and safety updates a right pain in the backside to deploy?
When done right, software *can* make our cars smarter and safer. But we need dangerous bugs in the software to be ironed out, and a safe and simple way to update our cars without opening backdoors through which hackers can take advantage.
USB stick anybody?