Opening the doors and trunks of two Tesla cars remotely parked, blinking the car lights with the rhythms of their radio songs, remotely controlling their brakes...
In an impressive video demoed at the on-going hacker summit Black Hat USA 2017 and DEF CON in Las Vegas, Nevada, Chinese security researchers from the Keen Security Lab at Tencent managed to remotely take control of Tesla Model X cars.
This year, the researchers "found new vulnerabilities of Tesla and realized full attack chain as we did in 2016," said in their presentation.
The team found multiple zero-day vulnerabilities hidden within different Tesla modules. After bypassing the car's code signing mechanism, researchers successfully installed new firmware that could execute custom commands.
"We informed Tesla of our discovery in June, before making it public," Sen Nie, lead researcher of the team at Keen Security Lab, told Xinhua.
Most of Tesla active cars have been patched with over-the-air (OTA) update in July after being informed about the loopholes, researchers said.
"By working closely with this research group following their initial findings last year, we responded immediately upon receiving this report by deploying an over-the-air software update (v8.1, 17.26.0+) that addresses the potential issues," Tesla said in a statement.
The company commended the research team, saying that it "actively encourages research of this kind" in order to "prevent potential issues from occurring."
"This demonstration wasn't easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems," said the California-based company.
This is actually the second year in a row for the same team to have found and helped fix several vulnerabilities in Tesla vehicles that would have allowed attackers to control the car from a remote location, potentially putting passengers at multiple risks.
In September 2016, the team successfully implemented a remote attack on the Tesla Model S in both Parking and Driving modes, by exploiting a complex chain of vulnerabilities.
The team has proved that it's able to hack into the car through wireless (Wi-Fi/Cellular) functions, and can gain arbitrary access to the Controller Area Network (CAN bus) and electronic control units (ECUs), which enables the team to control many in-vehicle systems.
Within 10 days of receiving this report, Tesla deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues.
In the team's presentation at the Black Hat USA 2017, for the first time, researchers shared the details of the whole attack chain on Tesla, and then revealed the implementation of Tesla's OTA and Code Signing features.
"There are only three groups in the world who have successfully hacked cars. The University of Washington in 2010, me and Chris and now these guys. And they've done it twice," Charlie Miller, the hacker who gained fame in 2015 for hacking a Jeep with fellow researcher Chris Valasek, said at the Black Hat conference.
Without doubt, connected cars will rock our world in the near future, yet their security issues remain a high risk for human safety. Unfortunately, many car manufacturers don't have enough knowledge to deal with cybersecurity issues.
"Next, we will focus on the safety issue of self-driving modules," the Chinese team told Xinhua.
