A mainland China security firm, Qihoo 360 Technology Co., claims it has found a way to hack into systems that control Tesla’s Model S sedan, controlling features like the door locks, car horn and sunroof even while the vehicle was being operated, according to a report by Bloomberg News.
The hack was in response to a contest associated with the SysCan security conference in Beijing. As reported by The Security Ledger, that contest offered a $10,000 reward to anyone who could hack the Model S.
Bloomberg reporter Ma Jie cited this post on the company’s Sina Weibo account as proof of the compromise. Tranlated (via Google), the post reads:
“Our safety performance Tesla recently conducted a series of tests and found that the certificate can be used to unlock the remote control of the vehicle, whistle, flash and so on. And can open the sunroof while driving the vehicle. Tesla owners recently to be careful when driving rain suddenly open sunroof, become a drowned rat [laughing emoticon]. We will publish more on SyScan360 for everyone…”
Ma quotes a Tesla spokesperson saying that the company hasn’t received any proof of the compromises, and is not a sponsor of the contest. However, the company said it is open to independent researchers probing the software that runs its automobiles, so long as any vulnerabilities they find are responsibly disclosed.
[Read more Security Ledger coverage of connected vehicles here.]
The security of connected vehicles is an area of intense interest. At last year’s Black Hat Briefings, security researchers demonstrated a way to take control of late model vehicles, including a Ford Focus, by hacking into software that controls the vehicles steering and brakes.
The U.S. government is looking more closely at the safety of vehicle software, as well. However, absent clear guidance from regulators, evidence is that automakers and their suppliers are going their own way: securing their own components against likely attack vectors, even if that component will be deployed in a vehicle that does not offer much in the way of a secure operating environment.
Read the full story here: Tesla Model S hacked in Chinese security contest – chicagotribune.com.