Tesla Motors Inc. released a software update to fix bugs that allowed Chinese ‘white-hat hackers’ to remotely break into the Model S’ control system and disrupt actions including turn signals, seat positions, displays and the door lock system.
“Our realistic estimate is that the risk to our customers was very low,” a Tesla spokesperson said in a statement Tuesday. “But this did not stop us from responding quickly."
Cyber-security researchers from Keen Security Lab, a unit of China’s Tencent Holdings Ltd., published a video and a blog post Monday in which they showed how they were able to remotely infiltrate the Model S’ controller area network bus, which is responsible for intra-auto computer communication. This allowed them to manipulate safety controls, such as the door locks and the braking system.
Unlike most automakers, Tesla, based in Palo Alto, California, can push out security fixes "over the air" and directly into its cars’ computer systems, without customers ever needing to visit a repair shop. The software update was deployed within 10 days of receiving the report, Tesla said.
"That kind of speed on a system that complex is amazing, said Casey Ellis, founder and chief executive officer of Bugcrowd, a San Francisco-based company that runs “bug bounty” programs to close cyber-security weaknesses at companies including Tesla. The over-the-air fixes “means the risk from these vulnerabilities has been reduced to pretty close to zero across the user base."