Tesla Model S Hack Prompts Company to Fix Security Holes, Plan Wireless Updates to Autopilot

As more cars connect to the Internet and other computer networks, experts say that more hacking is inevitable.

by Russ Mitchell, Los Angeles Times / September 22, 2016
Interior of the Tesla Model S. Tesla Motors

(TNS) -- Hacking into a phone is unlikely to physically hurt the victim. But hacking into a car?

A security research team in China hacked into a Tesla Model S and said they took over the car’s brakes from 12 miles away. A video released this week shows members of the research team being thrust forward as the remote hacker slammed the brakes on command.

The demonstration took place in an empty parking lot. No one was injured.

The team from Keen Security Lab, an arm of Tencent, also used a laptop computer to turn on the windshield wipers, retract the side view mirror and pop open the trunk, all while the car was moving.

While the car was parked, the team took over the vehicle’s 17-inch touchscreen and dashboard display. Keen’s logo appeared on the screens, which appeared frozen and inoperable.

The team said there was no mechanical connection to the car’s computer system, nor had they modified any part of the car.

Keen said it had reported its findings to Tesla, which in turn said it fixed the security holes quickly.

“The issue demonstrated is only triggered when the Web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low,” the company said.

As more cars connect to the internet and other computer networks, experts say, more hacking is inevitable.

The Department of Transportation and the National Highway Traffic Safety Administration on Tuesday released “guidelines” on autonomous cars and safety, which addressed, in part, cybersecurity.

The guidelines suggest that automakers follow “established best practices” to thwart hackers, and recommend that they report “any and all discovered vulnerabilities” whether they happen during testing or on the public roadways. Furthermore, “the entire process of incorporating cybersecurity considerations should be fully documented.”

At this point, the guidelines are voluntary.

Separately, Elon Musk, Tesla’s chief executive, tweeted that the company on Wednesday night will begin wireless updates to its Autopilot driver-assist feature.

©2016 Los Angeles Times Distributed by Tribune Content Agency, LLC.