Researchers from a China-based security firm, Tencent Keen Security Lab has managed to hack into a Tesla car, Model X.
Last year, the same group of researchers had hack Tesla's Model S cars, in which they took control of various in-built systems.
They have found several zero-day exploits within in-car module like open its doors, blink the lights, control in-car displays, and, when the car is in motion researchers were able to activate the brakes.
Keen Lab's researchers managed to hack the car by bypassing the car's firmware signing system, after which they installed their own new firmware that they could manipulate commands according to their needs.
The research team notified the automaker about the existing security vulnerabilities, and as a result, the company patched up the flaws within no time as part of its 8.1 software update.
A Tesla spokesperson released a full statement regarding the vulnerabilities and related research:
By working closely with this research group following their initial findings last year, we responded immediately upon receiving this report by deploying an over-the-air software update (v8.1, 17.26.0+) that addresses the potential issues. While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring. This demonstration wasn't easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems. In order for anyone to have ever been affected by this, they would have had to use their car's web browser and be served malicious content through a set of very unlikely circumstances. We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research.
Last year, the same group of researchers had hack Tesla's Model S cars, in which they took control of various in-built systems.
They have found several zero-day exploits within in-car module like open its doors, blink the lights, control in-car displays, and, when the car is in motion researchers were able to activate the brakes.
Keen Lab's researchers managed to hack the car by bypassing the car's firmware signing system, after which they installed their own new firmware that they could manipulate commands according to their needs.
The research team notified the automaker about the existing security vulnerabilities, and as a result, the company patched up the flaws within no time as part of its 8.1 software update.
A Tesla spokesperson released a full statement regarding the vulnerabilities and related research:
By working closely with this research group following their initial findings last year, we responded immediately upon receiving this report by deploying an over-the-air software update (v8.1, 17.26.0+) that addresses the potential issues. While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring. This demonstration wasn't easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems. In order for anyone to have ever been affected by this, they would have had to use their car's web browser and be served malicious content through a set of very unlikely circumstances. We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research.
Tags:
News