Earlier this week, a team of researchers from Keen Security Lab – a part of Chinese internet giant Tencent – demonstrated in a video how it had managed to remotely hack a Tesla Model S.
In addition to doing things like opening the sunroof and moving the seats by controlling the parked vehicle from a few feet away, the team also showed that it could disable the in-dash control panel, and even engage the brakes from a remote location 12 miles away.
The researchers noted that they were able to do so after they discovered numerous security flaws in Tesla’s vehicle systems and that their remote hacking methods would work on various models of the company’s cars.
The hack prompted Tesla to act quickly; within 10 days of receiving a report from Keen Security Lab, the company devised a fix and rolled out a security update that it says will prevent such breaches in the future.
While Tesla owners who upgrade to the latest firmware version should be safe, it’s worrying to think that we’ll soon have millions of connected vehicles on our roads and they’ll potentially be at risk of remote attacks.
Tesla told Reuters that the attack could only be triggered when a Tesla in-car browser was in use and the vehicle was in range of a compromised Wi-Fi hotspot to connect to it.
But let’s not kid ourselves: The future will be all about ubiquitous connectivity and cars will need to be online to talk to each other for things like navigation and avoiding each other.
The current generation of IoT devices for connected homes already shows the problems that can arise when security isn’t made a top priority. While issues with those devices can result in us being locked out of our houses or being unable to turn the lights on, cars that can be remotely hacked present a more immediate danger.
Hopefully, automakers will be able to put robust security measures – and fallbacks – in place before we all start riding self-driving cars.
Did you know we have a newsletter all about consumer tech? It’s called Plugged In – and you can subscribe to it right here.
Published September 21, 2016 — 09:35 UTC