Chinese security firm hacks Tesla Model S to gain control of door locks, wipers, sunroof, and more

[Himanshu Arora]

Chinese security firm Qihoo 360 yesterday announced that it has successfully hacked the Tesla Model S. The hacks were carried out at the SyScan +360 security conference in Beijing, with members of the company's IT department demonstrating the ability to remotely control the car's door locks, headlights, wipers, sunroof, and horn while it was in motion.

The Beijing-based firm didn't reveal details of the hack, but reports suggest it involved cracking the six-digit code for the sedan's mobile app.

The news comes a week after the conference organizers announced $10,000 in prize money for whoever was able to hack the car. The exploit has been reported to Tesla, which has vowed to investigate any vulnerabilities.

Meanwhile, Qihoo 360 also offered to work with the automaker to fix the vulnerability. "While Tesla is not associated with the conference and is not a sponsor of the competition, we support the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities", the security firm said in a statement.

This isn't the first time Tesla's security has been challenged. Back in April, an independent security researcher Nitesh Dhanjani published an evaluation report warning that certain vulnerabilities could leave the car open to hacks that allow a remote hacker to unlock its doors and continuously track its location.

Last month, the automaker open sourced all of its patents and technology in a bid to expand adoption of electric cars.

Permalink to story.

https://www.techspot.com/news/57455-chinese-security-firm-hacks-tesla-model-s-to-gain-control-of-door-locks-wipers-sunroof-and-more.html

 

[davislane1]

An inevitable consequence of computerized vehicles is vulnerability to outside attacks. Tesla, Mercedes-Benz, Audi, BMW, Porsche, Ferrari, Mclaren, Lamborghini, Ford, Chevy, Toyota, Nissan, et al. are all vulnerable to lesser or greater degrees.

The only real question is when basic auto hacking tools will be made available via Ebay and deepweb markets. At that point, expect an epidemic of $70,000-$100,000+ cars mysteriously disappearing from driveways and garages.

 

[Guest]

I wish they still sold 1970's Delta 88's. Impossible to hack, and can double as an armored vehicle. Ah the good ol days.

 

[bond304]

An inevitable consequence of computerized vehicles is vulnerability to outside attacks. Tesla, Mercedes-Benz, Audi, BMW, Porsche, Ferrari, Mclaren, Lamborghini, Ford, Chevy, Toyota, Nissan, et al. are all vulnerable to lesser or greater degrees.

The only real question is when basic auto hacking tools will be made available via Ebay and deepweb markets. At that point, expect an epidemic of $70,000-$100,000+ cars mysteriously disappearing from driveways and garages.

Not only that but what I see as most important is how the automakers respond - do they quickly fix it or do they play dumb and ignore it. After watching lots of defcon and black hat, it's surprising to see how many companies refuse to acknowledge that their product is vulnerable.

 

[Skidmarksdeluxe]

Not a bad deal buying a $90 smartphone with hacking tools and getting a Tesla S of your choice from a parking lot for free.

 

[Lurker101]

The headline seems to make this incident a little more scaremongerish than it actually is, since this was a deliberate challenge to find vulnerabilities to patch. Kudos to Qihoo 360 for finding this flaw.

 

[davislane1]

Not a bad deal buying a $90 smartphone with hacking tools and getting a Tesla S of your choice from a parking lot for free.

Exactly. This is why my new business, K-Jack, will be so successful. If you purchase a car vulnerable to smartjacking, we will install a military-trained assault K-9 in your vehicle. A basic unit will cost you about $190/mo. However, if you sign up for our Doggy Bags and Body Bags program for $250/mo., in addition to the K-9 unit, we will cover all costs associated with sanitizing the interior of your vehicle after an attempted theft up to and including full reupholstering. We also have an Elite Package* for $500/mo.

K-Jack – Protecting your vehicle one bite at a time.

*Because the Elite Package comes with a wild tiger instead of a K-9 unit, all interior repairs are the responsibility of the subscriber.

 

[drjekel_mrhyde]

I wish they still sold 1970's Delta 88's. Impossible to hack, and can double as an armored vehicle. Ah the good ol days.

Flat head screwdriver and man power

 

[cartera]

'Last month, the automaker open sourced all of its patents and technology in a bid to expand adoption of electric cars.'

Off topic slightly, the last sentence is a breath of fresh air. Let's encourage tech adoption and innovation rather than hinder it through the courts.