The research team revealed its findings on the company’s blog yesterday, accompanied by a video demonstration. They also notified Tesla in advance, via the company’s bug bounty program, and the automaker has addressed all issues via a firmware update to its cars.
Researchers achieved this level of access by chaining different vulnerabilities that allowed them to interact with the car’s CAN Bus, the vehicle’s central management component.
The hacks work even from remote locations, as far as 12 miles (20 km) away. The Chinese hackers were able to control a stationary car’s lights, windows, car seats, sunroof panel, and in-vehicle displays.
With the car in motion, the researchers were able to force the car to brake, open its trunk, adjust side-view mirrors, and activate the windshield wipers.
Researchers hacked a Tesla Model S 75D, but they said other models could be vulnerable as well.
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” researchers said. “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”
Tesla delivers over-the-air firmware updates, and as long as vehicle owners agreed to update their car’s software, they should be protected from any attacks.
Last year, Kevin Mahaffey, co-founder of cyber-security firm Lookout, and Marc Rogers, security researcher at CloudFare, also managed to hack a Tesla Model S via its infotainment system and forced it to stop mid-drive.