Security researchers from the Chinese company Keen Security Lab, part of Tencent, have demonstrated a wireless attack on variants of the Model S. This enabled them to control the lights and brakes, among other things. A patch has now been released.
The researchers write that the attacks work in both driving mode and stationary mode. They do not go into detail about the attack, but show the working techniques in a video. They only explain that the attack is aimed at the CAN bus of the vehicles. The operation requires that the car is connected to a malicious Wi-Fi network and that the browser is used. This method would work with several Tesla models.
The video shows, among other things, how the researchers remotely open the skylight, move the seats and take over the screens in the center console and on the dashboard. It is also possible to open the doors. The researchers will demonstrate other techniques with a moving car, including turning on the windshield wipers, folding the mirrors and braking the car.
The security company reports that Tesla resolved the vulnerabilities within ten days of being reported and released an ota update. In a response to The Verge, Tesla said it would be a low-impact attack because the car must be connected to a malicious Wi-Fi network and the browser must be used. Nevertheless, the company is said to have responded quickly and intended to reward the researchers for their efforts.