For example, they were able to take over both the multimedia system and the dashboard displays, to open the sunroof, to switch on the turning signals, to move the seat, and to open the doors without using a key. Moreover, they managed to activate the windshield wipers, to fold in the side mirror, and to open the trunk while the car was moving.
Finally, they showed that an operator some 12 miles away from the car was able to manipulate the brakes of the moving vehicle.
“Following the global industry practice on ‘responsible disclosure’ of product security vulnerabilities, we have reported the technical details of all the vulnerabilities discovered in the research to Tesla,” researchers said. “The vulnerabilities have been confirmed by Tesla Product Security Team.” They will not disclose any more details about the vulnerabilities until Tesla fixes the issues and advises Tesla owners to update cars’ firmware to the latest version.
UpdateTesla’s statement says: “Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious wifi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.
We engage with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.”
That means the vulnerabilities discovered by Keen Lab are already fixed. Meanwhile, if you are the owner of Tesla’s car, it’s highly recommended that you update the firmware to the latest version.