If you’re one of those prideful Tesla owners, then you’d have today woken up to a surprise security update for your electric car. This update lands just days ahead of the expected launch of the new Autopilot version 8 update, and fixes the recent security holes discovered by a group of Chinese researchers.
The security patch has been issued as an update to the existing firmwarev7.1 (2.36.31). It fixes the vulnerabilities reported by the researcher and is currently being delivered to all Model X and Model S owners over-the-air. This saves the customers some time, as they don’t need to visit their nearest dealer to obtain the update
Earlier this week, some researchers from Tencent’s Keen Security Lab discovered multiple security vulnerabilities, while conducting an in-depth research on Tesla’s technologies. The team working at the Chinese behemoth’s research lab was then able to successfully implement a remote hack onto a Tesla Model S 75D. This hack, demonstrated in the video attached below, could be implemented while the electric car was in either parking or driving mode.
This remote hacking method implemented by the team could work with various models of the company’s cars. It not only allowed the hacker to gain access(or disable) to the internal dashboard panel, but also gaves him the power to engage the brakes from the distance of over 12 miles(i.e 19 kms) away. Compared to this, the opening of the sunroof, opening the door handles and moving the seats of a parked Tesla seems measly.
Commenting on the same, the research team in the official blogpost mentioned,
This is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.
The security loopholes in the Tesla electric cars were discovered by the Keen Security Lab personnel about 10 days ago, and the blogpost reporting the vulnerabilities was released just yesterday. Tesla was quick on its heels to fix the reported bugs and roll out a security update, just a day after the blogpost was published.
Today, in conversation with Reuters, Tesla has confirmed the security vulnerabilties while also issuing the security fixes being discussed above. Since the company promotes a connected economy, a remote hack could have been triggered using another Tesla or any other electric vehicle running a simialr software. A company spokesperson also told the publication that the attack could only be triggered when the in-dash web browser was in use and the vehicle was close enough to a compromised Wi-Fi hotspot to connect to it.
Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly,
said a Tesla spokesperson.
Thus, our only advice to all Tesla owners out there would be to update their cars firmware right this moment, to avoid any future mishaps. And to sum up the whole situation, once could say that the coming era is of connected mobility and smart cars, so we instead of being afraid of security hacks should help reach the root cause of the problem and help solve it — making the road a lot safer.
