Security contest techies say they hacked Tesla Model S

July 19, 2014 by Nancy Owano weblog
Tesla Model S

The good news: Tomorrow's cars are computers on wheels. The bad news: Tomorrow's cars are computers on wheels. Ma Jie, writing in Bloomberg News, reported this week that the Tesla Model S sedan was the target of a hacking contest in Beijing and apparently the hackers won.

Chief executive Elon Musk said that he would investigate and take immediate action to rectify any legitimate vulnerability to hackers. The hacks were carried out at the SyScan 360 conference in Beijing, (SyScan stands for Symposium on Security for Asia Network.) Qihoo 360 Technology Co. found ways to remotely control the Tesla car's locks, horn, headlights and skylight while the car was in motion, said Bloomberg News. Qihoo 360 Technology is a Beijing-based Internet security company. "After conducting a series of security tests, we found the Tesla car can be remotely unlocked, the horn honked, the lights flashed, or the sun roof opened while it's running," Qihoo 360 Technology said on its official microblogging Weibo account.

The SyScan site noted on its site that it is "one of the best known Internet security conferences in Asia," having held more than 22 conferences since 2004. In December 2012, "SyScan came to Beijing, China, for the very first time, jointly organized with Qihoo 360, the largest internet security company in China to hold SyScan360." Dan Goodin, security editor at Ars Technica, reported on Thursday that SyScan 360 organizers had promised $10,000 as part of a hacking competition involving the Tesla car. "As of press time," he said, "no other information was available about the specifics of the reported hacks." Seth Rosenblatt of CNET reported that "Qihoo 360 said it reported the hack to Tesla and offered to work with the automaker to fix the vulnerability."

Musk said in June that the automaker's patents will be "open source" and available at no charge as it seeks to expand adoption of battery-powered cars.

Earlier this year, Tesla announced it will sell its battery-powered Model S sedan in China and began China deliveries this year.

In a statement, Tesla said, "While Tesla is not associated with the conference and is not a sponsor of the competition, we support the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities." the company said in a statement. "We hope that the security researchers will act responsibly and in good faith."

Explore further: Tesla to launch electric sedan in US on June 22

More information:,0,7108232.story

Related Stories

US closes investigation of Tesla battery fires

March 28, 2014

The U.S. government's auto safety watchdog has closed an investigation into Tesla electric car battery fires after the company said it would install more shields beneath the cars.

The race is on to power the next generation of electric cars

July 16, 2014

A major shift from gasoline-powered to affordable electric vehicles feels tantalizingly close, but the battery technology that could make it happen still needs to catch up to its own hype. Although luxury-car maker Tesla ...

Recommended for you


Adjust slider to filter visible comments by rank

Display comments: newest first

4.3 / 5 (3) Jul 19, 2014
Why would any car even feature ANY kind of remotely accessible system? Plugging in a cable during maintenance is not so much of a hardship.
not rated yet Jul 19, 2014
Not sure but sounds like they actually hacked the locking system not the actual car itself.
not rated yet Jul 19, 2014
Why would any car even feature ANY kind of remotely accessible system? Plugging in a cable during maintenance is not so much of a hardship.

This is what I have to wonder as well. I've made wireless microcontroller based systems, and they had the capability for self programming, but for actual reprogramming I forced it to rely on IrDA - i.e. near physical contact at a certain spot on the device. You couldn't just mass-reprogram them from anywhere nearby. That's why wireless reprogramming / access is so dangerous - you don't even have to be in the same building, so there's no limits.
not rated yet Jul 19, 2014
Not sure but sounds like they actually hacked the locking system not the actual car itself.

Good point. The security system/door lock as entry point would explain a path to gain control over locks, horn and headlights (though I fail to see how the sun roof is connected with that). So this is not an EV specific issue but simply an issue of manufacturer X using a not so secure lock protocol.

And I have to redact my earlier statement: Having a keyless lock (as on most cars) IS a remotely accessible system that does add considerable convenience.
not rated yet Jul 19, 2014
Many sci fi writers have dealt with this including

"Robopocalypse is a science fiction book by Daniel H. Wilson published in 2011. With a PhD in robotics from Carnegie Mellon University, the author based the robots in the novel on work in robotics research. Sources like Robert Crais and Booklist have compared the book to the works of Michael Crichton and Robert Heinlein. It became a bestseller on the New York Times list."

"a computer scientist accidentally unleashes a supremely intelligent sentient A.I. named Archos. Archos becomes self-aware and immediately starts planning the elimination of human civilization in an attempt to preserve Earth's biodiversity. Over a gradual period of time, Archos infects all penetrable networked electronic devices, such as cars, airplanes, smart homes, elevators, and other robots, with a "precursor virus..." etc

-Then it starts wrecking planes and sending cars full of people off cliffs. But then we win because we're HUMAN dammit.
not rated yet Jul 20, 2014
No details anywhere on the "hack". Did they merely guess the username/password of some owner and then use the documented API to control (some very basic) functions of the car? I'd guess that of the 40,000 owners most have a poor password scheme. Many email addresses can be found on the tesla-specific forums and then it would just take some dictionary work to get past the poor passwords. Lots of press for this supposed hack.

Twitter: @Teslaliving

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.