Tesla patches Model S after Chinese hack

Tesla has udpated its Model S firmware to avoid a hack demostrated by security researchers at Tencent.

The electric carmaker rolled out the patch quickly after researchers at the Chinese tech giant successfully remotely targeted a vehicle. Tencent's security team, Keen Labs, had passed the details of the vulnerabilities to Tesla before taking the hack public.

Researchers were able to take control of the Tesla car by hacking its CAN bus, letting them control the sunroof, run lights off and on, open the doors, engage the brakes and locks, and fiddle with the main display from 19km away.

"As far as we know, this is the first case of remote attack which compromises CAN Bus [the car's command system for things like remote locking] to achieve remote controls on Tesla cars," the researches said in a blog post. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."

The hack appeared to make use of flaws in a web browser. "I've said it a bunch, don't put browsers in cars," said security researcher Charlie Miller, now at Uber, over Twitter. "Huge attack surface and not really that useful."

Tesla said it had updated the cars' firmware within ten days of getting the Keen report, rolling it out over the air.

"The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot," the company said in a statement. "Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly."

The Keen Labs researchers said Tesla owners should keep their cars updated. "Please do update the firmware of your Tesla car to the latest version to ensure that the issues are fixed and avoid potential driving safety risks."

While it's not the first case of a smart car being hacked, it also certainly won't be the last. "When done right, software can make our cars smarter and safer," said security analyst Graham Cluley in a blog post. "But we need dangerous bugs in the software to be ironed out, and a safe and simple way to update our cars without opening backdoors through which hackers can take advantage."

He added: "I'm in a quandary - should I pay extra for a car that isn't part of the internet of things, or will that make software and safety updates a right pain in the backside to deploy?"

The research follows months of bad news for Tesla after a driver was killed while his vehicle was in Autopilot mode.