• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Tesla Hack – Remote Access Whilst Parked or Driving

September 22, 2016

Views: 1,668

The big buzz on my Twitter this week was about the Tesla Hack carried out by a Chinese crew called Keen Security Lab. It’s no big surprise even though Tesla is known for being fairly security concious and proactive about it.

Tesla Hack - Remote Access Whilst Parked or Driving

With it being a connected car, that’s pretty important that any remote control capabilities are rock solid. As always with security though, the more secure you make it generally the less usable it becomes – so they have to tread that thin line too.

Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world—among other things, it has a bug bounty program. But that doesn’t mean the software in its cars is free of security flaws.

Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the braking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other.

“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” the researchers from Tencent’s Keen Security Lab said in a blog post Monday. “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”

The blog post is accompanied by a demonstration video in which the researchers show what they can achieve through their attack, which works either while the car is parked or being driven.

First, while the car was parked, the researchers used a laptop to remotely open its sunroof, activate the steering light, reposition the driver’s seat, take over the dashboard and central display and unlock the car.

It seems like the whole thing has been handled responsibly and Keen reported the vulnerability to Tesla before releasing the information publicly, it’s already been fixed in the latest firmware revision so if you are a Tesla owner – please update your car!

This is the plus side of a connected car, the manufacturer doesn’t need to recall millions of cars to update the software and remove the flaw – they can push it OTA.

In a second demonstration, they turned on the windshield wipers while the car was being driven at low speed in a parking lot for demonstration purposes. They also showed that they can open the trunk and fold the side-view mirror when the driver is trying to change lanes. While these operations can be distracting to the driver in certain situations, causing a safety risk, the most dangerous thing they were able to do was to engage the car’s braking from 12 miles away.

Such an attack, performed against a car being driven at high speed on a highway, could result in a serious rear-end collision.

The researchers reported all of the vulnerabilities through Tesla’s bug bounty program, and the company is working on patches. Fortunately, Tesla cars can receive firmware updates remotely and Tesla car owners are advised to make sure that their vehicles are always running the latest software version.

Car hacking has become a hot topic in recent years among security researchers, regulators and car manufacturers themselves. As cars become more interconnected, the ways in which they can be remotely hacked will only increase, so it’s important that the computers handling critical safety features are isolated and protected.

Tesla did not immediately respond to a request for comment.

This is not the first Tesla hack, their website and twitter have also been jacked before an I expect to see more vulnerabilities in the future.

You can watch the full demo video from Keen Security Lab here:

Source: PC World

Share55
Tweet2
Share46
Buffer
WhatsApp
Email
103 Shares

Filed Under: Exploits/Vulnerabilities, Hardware Hacking



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,180,554)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,331)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,297)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,652)
  • Password List Download Best Word List – Most Common Passwords (931,738)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,383)
  • Hack Tools/Exploits (672,571)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,815)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy