CARS.COM — A group of Chinese security researchers posted a video showing how they were able to take control of various functions of a Tesla Model S, including the brakes, while the car was parked and moving.
The Keen Security Lab of Chinese internet holding company Tencent says in its blog post that it notified the automaker, and Tesla says it already has sent owners an update over the air to plug the vulnerability. The researchers in their post reminded owners to make sure they have the update.
Notable in the video — aside from how much fun these guys clearly are having messing with the car — is that they could do it without physical contact with the car, which they said was not modified and had the latest Tesla software at the time. While the car was parked, they were able to operate the sunroof and power seats, unlock the car without the key fob and take over the car's screens with a nearby laptop, causing the screens to display the Keen company logo and freeze. With the car moving, they took control of the windshield wipers and folding mirrors and opened the liftgate. For their grand finale, they had a colleague in their office, some distance away, hit the brakes while the car was moving.
Tesla says the actual risk of this type of hack was low and has been is fixed.
"Within just 10 days of receiving this report," a spokesman told Cars.com in an e-mail, "Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hot spot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."
This is not the first time a Tesla has been hacked; last year security researchers exploited a vulnerability, since plugged, that required access to the car, according to a report by Reuters. And in perhaps the best-known car hack, researchers last year were able to remotely take over a Jeep, prompting Fiat Chrysler Automobiles to recall 1.4 million vehicles for a fix.
"We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers," said the Tesla spokesperson after the latest hack. "We commend the research team ... and plan to reward them under our bug bounty program, which was set up to encourage this type of research."
Cybersecurity continues to be an issue with new cars. The federal Department of Transportation this week made it one of the 15 key points of assessment for development of autonomous cars.