Tesla Model S Hackers Return for Encore Attack

With a handful of self-driving vehicles already on the road, the motorcar is poised to be the next vanguard for high technology. And Tesla'southward all-electric vehicles are among the most advanced consumer vehicles on the road.

At Black Lid 2022, researchers from Tencent KeenLab demonstrated how to remotely accept control of a Tesla Model S. Tesla apace patched those vulnerabilities, but the Tencent team returned to Black Lid 2022 with a new slew of Tesla attacks.

Roll Back

During their Black Lid session, researchers Ling Liu, Sen Nie, and Yuefeng Du explained last year's Tesla hack in detail. Disquisitional to attacking the Model S was the onboard Wi-Fi and 3G radios.

The Wi-Fi in the Model S tries to reconnect with known networks. That'southward truthful—and not great security—for many devices, but all Tesla vehicles are exposed to the same Wi-Fi network during structure, which has an easily guessed password. From there, the squad attacked the vehicle's congenital-in browser, which they admitted was harder than expected because Tesla had already patched known vulnerabilties.

Tesla Model S

Using some JavaScript magic, the team elevated the privilege to the top (root) level, attacked the old, out-of-engagement kernel, bypassed a firmware integrity check, and finally installed their own firmware on the gateway system. Once under their command, this disquisitional organization was the jumping-off bespeak for the team's work in the Model South. With this level of command, the team could perform dangerous actions even when the car was in motion. Notably, the team also plant set on vectors allowing them to gain access through the automobile'southward 3G radio.

Tesla Fights Back

The researchers notified Tesla of their findings, and the visitor released an update package within 10 days that fixed many of the vulnerabilities in the long, complex chain required to gain control of a Model S.

The researchers praised Tesla, which updated the kernel to a much newer version, making it harder to exploit. Tesla also hardened its browser, with multiple means to protect vehicle systems even when the browser was compromised. The company too added code signing, which ensures that only legitimate code can be accepted as an update and installed by the vehicle.

Hacking Should Be Fun

Merely this is Black Chapeau. The team told the audience that shortly after the Tesla rolled out the new kernel, they found a nix-day vulnerability that allowed them to completely bypass the new lawmaking-signing mechanism.

In a video demonstration (above), the squad showed how they were able to use an app to open the doors and trunks of two vehicles. They even demonstrated how they could appoint the brakes while the car was in motion, with a Tesla stopping just brusk of two of the researchers.

But the researchers said they believed hacking should be fun, which is why their grand finale was a syncronized lite show using the Tesla's exterior lighting systems synched to music. Flashing patterns covered the vehicle, withe the lights clearly operating in a way non intended by the manufacturer. The gull-wing doors even opened and bobbed upwards and down like rhythmic rabbit years. A member of the research team told the audience that making this light prove piece of work properly was very hard, and required all of the vulnerabilities they had establish.

Not quite the tired hoody-and-sunglasses arroyo to hacking, simply definitely a memorable assail.