Tesla fixes software bug that allowed Chinese hackers to control car remotely
Tesla Motors released a software update to fix bugs that allowed Chinese "white-hat hackers" to remotely break into the Model S' control system and disrupt actions including turn signals, braking, seat positions, and the door lock system.
The hack came four months after the first fatality involving a “self-driving” car in the US.
"Our realistic estimate is that the risk to our customers was very low," a Tesla spokesperson said in a statement on Tuesday. "But this did not stop us from responding quickly."
Cyber-security researchers from Keen Security Lab, a unit of China's Tencent Holdings, published a video and a blog post on Monday in which they showed how they were able to remotely infiltrate the Model S' controller area network, or Can bus, which is responsible for intra-auto computer communication.
This allowed them to manipulate safety controls, such as the door locks and the braking system.
Unlike most automakers, Tesla, based in Palo Alto, California, can push out security fixes "over the air" and directly into its cars' computer systems, without customers ever needing to visit a repair shop. The software update was deployed within 10 days of receiving the report, Tesla said.
"That kind of speed on a system that complex is amazing," said Casey Ellis, founder and chief executive officer of Bugcrowd, a San Francisco-based company that runs bug bounty programs to close cyber-security weaknesses at companies including Tesla.
"The over-the-air fixes means the risk from these vulnerabilities has been reduced to pretty close to zero across the user base."
Watch | Tesla driver in fatal autopilot crash in previous near-miss
00:54
The hacking group, who were able to take control by connecting the car to a malicious Wi-Fi hotspot that they set up, said it “appreciates the proactive attitude and efforts” of Tesla’s security team on fixing the problems efficiently.
It is not the first time hackers have managed to control a Tesla. Two years ago, Tesla Motors promised to fix any “legitimate vulnerability” after Chinese hackers discovered a flaw which allowed them to honk the horn, unlock the doors and flash the headlights of its Model S electric cars.
Concerns were raised over the safety of self-driving cars in May, when Joshua Brown, 40, a former Navy Seal turned technology entrepreneur, was killed when his electric Tesla Model S sedan ploughed into a truck while on autopilot mode in Florida.
On Tuesday, Obama administration officials rolled out a plan they said would enable automakers to get self-driving cars onto the road without compromising safety.
In drawing up 112 pages of guidelines, the government tried to be vague enough to allow innovation while at the same time making sure that car makers, tech companies and ride-hailing firms put safety first as the cars are developed.
