Chinese researchers discover zero-day vulnerabilities in Tesla’s Model X

IoT expands way beyond the web-controlled fridges

Some call electric-powered and eco-friendly vehicles the future of the transportation industry and companies like Tesla Motors are working towards making this future arrive sooner. Currently, the company offers three Tesla models: Model 3, Model S and the latest Model X ^[1].

These futuristic cars are the prime examples illustrating how the Internet of Things (IoT) ^[2] can be put to our advantage not only for ordering milk when your smart fridge notifies you’ve run out of it. Tesla’s models are capable of connecting to the web and executing a variety of different functions such as getting directions, detecting the car engine key within a certain perimeter, collecting data about the vehicle assisting the owner with its maintenance or simply browsing the web directly from the vehicle’s control screen ^[3].

But useful functionalities have their price. Everything that is connected to the web is at risk of being accessed by evil third parties and if these devices are not properly protected, getting hacked. Smart TVs, Thermostats and other appliances have already been hacked and suffered from viruses like ransomware ^[4]. So what about the cars?

Researchers stopped a moving Tesla Model X remotely

News that Tencent Keen Security Lab researchers managed to take over control of Tesla’s Model X hit the web near the end of July. Reportedly, zero-day vulnerabilities found in the vehicle’s firmware code signing system were employed for sending custom commands to the CAN BUS and ECU modules ^[5].

In the hack demonstration video, Keen Lab investigators showcased that they could remotely take over installed in-car displays, control the car’s headlights, open doors or boot.

A researcher was even able to hit the brakes on a moving Tesla from his office located outside the filming area. If such vulnerability is played outside the controlled environment, it may as well end up in fatal injuries for the passengers.

Tesla offers reward for reported vulnerabilities

It is not the first time Tesla Motors team is driven to patching up zero-day vulnerabilities in their products. Back in 2016, the same group of researchers succeeded to hack Tesla Model S in a similar way they later did with the Model X.

Nevertheless, compared to the scale of the car features Keen Lab managed to take control off back then, Model X shows a significant improvement. This time researchers were no longer capable of controlling windows, adjusting car seats or side-view mirrors, opening or closing the sunroof and enabling the windscreen wipers.

Tesla representatives are far from being annoyed by findings of new vulnerabilities. In facts, the company has set up a campaign at Bugcrowd.com where they promise rewards from $100 to $10,000 per reported vulnerability.

A collective mind can accomplish more, so if every company had the same attitude towards their products we could expect a safer and more reliable IoT in the future.