Last year, a Chinese whitehat hacker group, the Keen Security Lab at Tencent, managed to remotely hack the Tesla Model S through a malicious wifi hotspot.

Tesla quickly pushed a fix through an over-the-air software update, but now the same research group has managed to again gain control of Tesla’s vehicles.

The hack involved tricking a Tesla drivers into accessing a malicious website through a wifi hotspot and then install their own software in order to gain access to some of the car’s features – more importantly, the braking system.

Tesla’s fix included adding code signing in order to prevent anyone else from uploading software on Tesla’s system, but now Keen Lab says that they managed to by-pass the code signing with the latest round of vulnerabilities testing on Tesla’s car.

Here they list their new exploit this year:

  • Realized full attack chain as we did in year 2016 to implement arbitrary CAN BUS and ECUs remote controls.
  • Discovered multiple 0Days in different modules. Currently, Keen Lab is working with Tesla and related manufactures on assigning CVE number of the vulnerabilities.
  • Tesla implemented a new security mechanism “code signing” to do signature integrity check of system firmware that will be FOTAed to Tesla motors in Sept 2016. The code signing was bypassed by Keen Lab.
  • The “Group lighting show of Model X” in our demonstration is technically arbitrary remote controls on multiple ECUs at the same time. It shows Keen Lab’s research capability on CAN BUS and ECUs.

The group says that it reported all the vulnerabilities to Tesla before making their findings public and the company already pushed another fix.

Tesla issued the following statement:

“By working closely with this research group following their initial findings last year, we responded immediately upon receiving this report by deploying an over-the-air software update (v8.1, 17.26.0+) that addresses the potential issues. While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring.

This demonstration wasn’t easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems. In order for anyone to have ever been affected by this, they would have had to use their car’s web browser and be served malicious content through a set of very unlikely circumstances.

We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research.”

Tesla CEO Elon Musk recently talked about preventing hacking being one of the company’s top security priorities and especially preventing a ‘fleet-wide hack’ is Tesla’s fleet.

But the hacks demonstrated by Keen Lab are not directly related to that risk and while Tesla can implement software to make it less likely, owners also have to be careful of their internet connections and site they visit, just like with any other device.

About the Author

Fred Lambert's favorite gear