A group of Chinese hackers have successfully exploited a vulnerability in the software running Tesla's Model S, becoming the first to show that the electric car can be remotely hacked.
The Keen Team have published a blog and video detailing the hack, revealing that an unmodified Tesla Model S running the latest version of the company's firmware could be controlled remotely, allowing the hackers to activate the brakes, unlock doors and hide rear view mirrors.
"With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote control on Tesla Model S in both Parking and Driving Mode," the group said on its blog. While hackers have previously shown they could hack a Tesla by hooking up a computer to the dashboard, this is the first time a successful remote exploit has been shown off.
Keen Team is the legitimate face of Chinese hacking and since January has been operating in partnership with gaming and social media giant Tencent — which itself has a big interest in electric and driverless cars having backed Chinese company Future Mobility which is aiming to have cars on the road by 2020.
The hack of the Tesla Model S comes as concern grows among the automotive industry that, as cars become ever more connected, the threats from hackers is increasing dramatically. Earlier this year hackers showed how they could remotely hijack a Jeep Cherokee while it was traveling at 70 mph on the highway, disabling it completely.
To counter this most car companies are now focusing more on securing their smart vehicles, and just last week Volkswagen announced that it was creating a company called CyMotive Technologies which is dedicated to automotive security.
The Keen Team hackers reported the flaw to Tesla before making it public and they are urging all Tesla owners to update the firmware on their cars to the latest version to protect themselves against similar attacks.
The group says it will reveal the exact details of how it bypassed Tesla's security once a patch has been issued, though on Twitter they have indicated that it was a browser-based exploit. When asked what information an attacker would need to identify and locate a target car, the researchers said: "Any browser-borne attack vector works, which covers many scenarios only restricted by imagination."
For Tesla the news will come as a further blow to its reputation following the high-profile fatality linked to the company's AutoPilot feature, which gives its cars semi-autonomous driving capabilities. Tesla has so far not commented on the exploit by Keen Team.