Car Industry

Chinese researchers take remote control of Tesla Model S

Tesla claimed that it patched the vulnerabilities just 10 days after being notified of the hack.

Emme Hall/Roadshow

Tesla boasted that its 10-day patch was significantly faster than the rest of the industry. Its hubris knows no bounds.

Tesla

Researchers at the Chinese company Tencent got Tesla's attention when they claimed to have remotely controlled a Tesla Model S.

But instead of showing off the car's vulnerabilities online, Tencent notified Tesla and the automaker has already issued a patch to address the issue.

Tencent's researchers claim their hack is the "first case of remote attack which compromises CAN bus to achieve remote controls on Tesla cars," according to a Tencent blog post. The group claimed that it didn't need a person inside the vehicle to access the sunroof, move the seat, unlock the door and lock the touchscreen.

The vehicle did need to have been used at least once in order for this to work, though. Essentially, access was granted after the vehicle used its internet connection to search for a charging station. Only then could researchers start screwing with the car.

In the interest of patching these holes, Tencent notified Tesla and the automaker had a patch out within 10 days. A Tesla spokesperson told us the hack required specific steps, such as being connected to a "malicious" Wi-Fi hotspot. Either way, it's good to see the issue was taken care of, although less scrupulous actors may not inform the company when something goes awry.

Tesla's full statement is below:

Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.

We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today's demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.