Watch Teslas being hacked as they drive, from up to 20 km away

# Baby, you can hack my car… #

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

How Teslas were hacked as they drove down the street, from up to 20 km away

The Register writes:

Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion.

Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks against a Tesla Model S P85 and 75D and say their efforts will work on multiple Tesla models.

The Shanghai, China-based hacking firm has withheld details of the world-first zero day attacks and privately disclosed the flaws to Tesla.

Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab

Full details of how the researchers were able to hack the Tesla have not been made public, but it appears from the video that part of the process involved intercepting a Tesla owner’s attempt to find the nearest charging station.

Sign up to our free newsletter.
Security news, advice, and tips.

Tesla says that it has awarded the researchers under its bug bounty program, and said a patch for the flaw had already been created and rolled-out to affected vehicles:

“Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”

This isn’t, of course, the first time that Teslas have proven themselves to be vulnerable to hackers.

Concerns were raised a few years ago that the only thing which stopped a hacker from stealing your $100,000 vehicle was a simple six-character password.

It’s not going to be too long before all of us are driving ‘connected’ cars. I’m in a quandary – should I pay extra for a car that *isn’t* part of the internet of things, or will that make software and safety updates a right pain in the backside to deploy?

When done right, software *can* make our cars smarter and safer. But we need dangerous bugs in the software to be ironed out, and a safe and simple way to update our cars without opening backdoors through which hackers can take advantage.

USB stick anybody?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

6 comments on “Watch Teslas being hacked as they drive, from up to 20 km away”

  1. Norman Hirsch

    My understanding was only if it was using same wifi which would mean max 300m or so.

    1. Graham CluleyGraham Cluley · in reply to Norman Hirsch

      Hi Norman. Although it appears that the initial interception of credentials (if that's what is happening when the owner searches for a charging station) takes place at close range, the video goes on to demonstrate a remote hacker based in the researchers' offices (12 miles away) successfully hijacking control of the vehicle.

  2. Norman Hirsch

    Meanwhile it was already patched by Tesla in 10 days. FYI the Tesla app allows some of those functions including keyless driving.

  3. Brooke

    You have to hand it to Tesla for their quick reaction and for having built the cars with enough forward thought around the need to update. So many of these manufacturers didn't and are seeing this in the news with no way other than "bring them in". Tesla ironed it out, tested it and hit the big red "update" button to deploy. Way to go! They should be commended and praised in the industry vs any shaming related to the bugs found. I'm sure most media will take this as a time to show how bad things are, but they should focus on how right it's done/addressed.

    1. graphicequaliser · in reply to Brooke

      Tesla also rewarded the hackers for the professional way in which they conducted the tests and reported the findings. Tesla certainly seem to be a forward-thinking company!

  4. Michael Ponzani

    We have too much technology. Nobody wants to do anything for themselves. Maps used to come in books or fold up paper format (know anyone who colud consistantly fold the map the right way?) Now everything is done for you via computer. We might as well hire caterpillers to spin us cocoons so we are safe, nice, warm and fuzzy. Or else we could become gov't subsidized junkies.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.