Security researchers at the Chinese Internet company Tencent's Keen Security Lab privately revealed a security bug in Tesla Model S cars that allowed an attacker to achieve remote access to a vehicle's Controller Area Network (CAN) and take over functions of the vehicle while parked or moving. The Keen researchers were able to remotely open the doors and trunk of an unmodified Model S, and they were also able to take control of its display. Perhaps most notably, the researchers remotely activated the brakes of a moving Model S wirelessly once the car had been breached by an attack on the car's built-in Web browser.
Tesla has already issued an over-the-air firmware patch to fix the situation.
Previous hacks of Tesla vehicles have required physical access to the car. The Keen attack exploited a bug in Tesla's Web browser, which required the vehicle to be connected to a malicious Wi-Fi hotspot. This allowed the attackers to stage a "man-in-the-middle" attack, according to researchers. In a statement on the vulnerability, a Tesla spokesman said, "our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly." After Keen brought the vulnerability to Bugcrowd, the company managing Tesla's bug bounty program, it took just 10 days for Tesla to generate a fix.