Security researchers from Chinese security firm Tencent Keen Security Lab have found and helped fix several vulnerabilities in Tesla Model X cars that would have allowed an attacker to control the vehicle from a remote location.
Keen Lab experts were able to control a stationary car’s lights, in-vehicle displays, and open its doors and trunk. While in motion, researchers were also able to force the car to brake, potentially putting passengers at risk of injury.
Same researchers hacked a Tesla Model S last year
In September 2016, the same researchers also hacked a Tesla Model S in a similar fashion. For the 2016 hack, researchers were able to gain control over more car functions. For example, while in parking mode, researchers were able to control a stationary car’s lights, windows, car seats, sunroof panel, and in-vehicle displays. With the car in motion, Keen Lab experts were able to force the car to brake, open its trunk, adjust side-view mirrors, and activate the windshield wipers.
Improvements in Tesla firmware made the Model X harder to crack, but Keen Lab experts said they were still able to discover multiple zero-days in different car modules that allowed them to take control over the vehicle’s CAN BUS and ECU (Electronic Control Unit).
These two are crucial components. The CAN BUS is a module that interconnects all of the car’s internal components, while the ECU is an embedded system that controls the electrical system or subsystems in a transport vehicle.
In addition, Keen Lab experts say they managed to bypass Tesla’s firmware code signing system that the company set up after their 2016 hack. Putting all these flaws together, researchers were able to install new firmware on a Model X and run custom commands.
Researchers release demo video
Researchers put together a video to demonstrate their findings. The video ends in an impressive fashion with two Tesla Model X models putting on a coordinated light show synchronized to a song’s beats.
Tesla addressed all reported issues in firmware update 8.1 (17.26.0) released in June. Researchers published their findings after most cars received the update via the car’s FOTA (Firmware Over-The-Air) update system.
Neither Tesla Motors or Keen Lab were available for additional comment at the time of writing.
Below is the video from Keen Lab’s 2016 Tesla Model S hack.