Tesla releases patch after hackers infiltrate Tesla Model X systems

Tencent Keen Security Lab researchers hacked into multiple systems inside the Tesla Model X, just like it had previously with the Model S.

Published Date
31 - Jul - 2017
| Last Updated
31 - Jul - 2017
Tesla releases patch after hackers infiltrate Tesla Model X syste...

The Tesla Model X is a pretty fancy car, and you'd be understandably annoyed if one day you wake up to find your prized possession driving away by itself. While that has not really happened, a similar occurrence happened when Tencent Keen Security Lab researchers hacked into a Tesla Model X and took control of many of its systems. The researchers accessed multiple modules of the Tesla Model X through the hidden zero day exploits, which then allowed them to take control of the car's CAN BUS system.

Once Tesla's firmware signing system was bypassed, the security researchers installed new firmware in the systems that could then execute customised commands and carry out various functions. They could control the Model X's lights, display and the doors, which they could remotely open and close and intermittent paces. Once the car was being driven, the researchers could also force apply the brakes by themselves, which in the real world may lead to a fatal accident.

Acknowledging the flaw, Tesla immediately released a security patch that fixed the vulnerabilities. The company stated, "By working closely with this research group following their initial findings last year, we responded immediately upon receiving this report by deploying an over-the-air software update (v8.1, 17.26.0+) that addresses the potential issues. While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring. This demonstration wasn't easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems. In order for anyone to have ever been affected by this, they would have had to use their car's web browser and be served malicious content through a set of very unlikely circumstances. We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research."

However, the bigger picture here is the risk that connecting our cars to the Internet still present. Cybersecurity around cars is a growing field, but one that is still in the making and will need considerable research to cover all possible flaws. Many companies are working in this field right now, and incidents like these are what will hopefully make our future cars much safer.

Souvik DasSouvik Das