Tesla Motors (TSLA) Fixes Model S Security Bug After Hack In China

A day after a Chinese security team made public its hack into a Tesla Model S sedan, the California-based luxury electric car maker said it had fixed the security bug that allowed for its systems to be compromised. Tesla Motors said Tuesday it had updated the software in its vehicles through an over-the-air release.

Cybersecurity researchers from Keen Security Lab, a part of Chinese behemoth Tencent Holdings, published a blog post and a video Monday that detailed their remote hacking of a Model S car that had not been modified at all. The video showed the sunroof being opened, the steering lamp blinking and the driver’s seat being moved remotely in a parked vehicle, as well as its door being opened without a key. It also suggested that the researchers took control of the car when it was searching for the nearest charging station.

The responsible hackers, who shared their research with Tesla, also showed what they could do with a moving car. The car’s front wipers, rearview mirrors and the trunk could all be operated remotely, and even the brakes could be applied by a researcher who was 12 miles away.

In a statement shared with media outlets, Tesla said: “Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”

Tesla also lauded the Keen team, and said it would be rewarded for finding the bugs.

“We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today's demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research,” the company said.