The $10,000 prize for successfully hacking a Tesla Model S has been claimed. A team from Zhejiang University in China claimed victory at the Symposium on Security for Asia Network (SyScan360) event in Beijing by exploiting a "flow design flaw," whatever that means, to gain access to vital systems including the door locks, horn and window controls, while the vehicle was moving.

The group that was able to hack a Tesla reported its findings to the electric car automaker, so this security breach will hopefully be fixed in short order. The event was welcomed by Tesla, which said it "[supported] the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities."

Last year, potential security pitfalls of high-tech electric and hybrid cars came to light when the US Defense Department's Defense Advanced Research Projects Agency (better known as DARPA) successfully hacked into hybrids from Ford and Toyota. Questions about the security of the Tesla Model S have been raised before. If you're wondering why all this might be such a big deal, we suggest you watch this.


I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • 44 Comments
      Nick Kordich
      • 5 Months Ago
      As others have said, based on what information has been released, it sounds like this only 'hacked' API access, which is equivalent to someone being able to use the Tesla smartphone app. This was demonstrated previously, although in that case, you essentially needed to get the owners username and password, which is a bit like saying you can pick a lock with a piece of metal...assuming the piece of metal is the key. In addition, users can shut off API access to the car entirely by setting "Mobile App Remote Access" to off. That prevents the mobile app from being used, but would have the car ignore any attempts to access it by a stolen phone or a 'hack' that uses a stolen username/password. There may be something new here - we have nothing on how access was granted, and technically we don't even know that it was the API (though all the aspects of the demonstration were consistent with API access and other forms of access may not have granted them this kind of ability). Out of what information has been released, however, there's nothing new over these previous AB stories: http://www.autoblog.com/2014/03/31/tesla-model-s-password-hacking/ - Incorrectly said the password's a 6 digit code. You can have passwords that include special characters and can run over 24 characters of in length. Tesla used to allow users to choose passwords as short as 6 characters, but it was never a numeric-only code, as the article suggests. http://www.autoblog.com/2013/08/25/tesla-model-s-vulnerable-hackers/ - Glosses over that the hacker would need to first hack a database that contained the user's username and password, and that the only one that exists would be Tesla's own database for all users, and that again this would only have allowed API access.
      Weapon
      • 5 Months Ago
      They hacked the mobile app, not the car though.
      knightrider_6
      • 5 Months Ago
      This is what happens when countries invest in higher education instead of being the policeman of the world.
        mxpie6
        • 5 Months Ago
        @knightrider_6
        China is eagerly awaiting their turn to police the world
        Actionable Mango
        • 5 Months Ago
        @knightrider_6
        Or this is what happens when countries use higher education to teach hacking.
        DarylMc
        • 5 Months Ago
        @knightrider_6
        I can't comment to the accuracy of knightrider_6 statement but only a fool would ignore it.
      i.own.your.ass
      • 5 Months Ago
      Overload the battery. .....heat them up...... TESLA FIRE!!!!
        Grendal
        • 5 Months Ago
        @i.own.your.ass
        -says the one liner troll. Boring and repetitive.
      Car Guy
      • 5 Months Ago
      Did they have physical access to the car? That makes a big difference. Do it remotely otherwise it's not really that big of an accomplishment........
        rcavaretti
        • 5 Months Ago
        @Car Guy
        And why remote access be any more a big deal? Everything these days has some kind of wireless connection and is ripe for,the hacking. Wait until these fools outfit their homes with automation and come back from vacation to see EVERY light has been on for two straight weeks, the lawn sprinklers have run for 24 hours straight and who knows what else. And that's just from the neighborhood kids planking them.
          Julio B
          • 5 Months Ago
          @rcavaretti
          Or, as I do, shut the water main in the garage when going on vacation. There is always a fix if you don't only focus in the negatives.
          rcavaretti
          • 5 Months Ago
          @rcavaretti
          Pranking
          Val
          • 5 Months Ago
          @rcavaretti
          yeah, wait for that. it will be a loooong wait.
      IBx27
      • 5 Months Ago
      Leave it to the reds to hack a system.
        Aaron
        • 5 Months Ago
        @IBx27
        Let's keep the racial slurs down to a minimum, please.
        Larry Litmanen
        • 5 Months Ago
        @IBx27
        You realize that USA is more of a communist country than China. China is a free market based economy, USA is a corrupt country where business is done only if you contributed to a political party.
          Levine Levine
          • 5 Months Ago
          @Larry Litmanen
          America gives Capitalism a bad image. China gives communism a good image. America has adopted more socialism while China has adopted more capitalism. The new kid on the block is making the incumbent uneasy. Americans like to be top-dog, don't like China nudging them off the slime light.
          knightrider_6
          • 5 Months Ago
          @Larry Litmanen
          That's true. Koch brothers have practically bought half of our government.
          Jim R
          • 5 Months Ago
          @Larry Litmanen
          Openly criticizing the government in the USA will get you a talk radio program. Openly criticizing the government in China will get you executed.
          Car Guy
          • 5 Months Ago
          @Larry Litmanen
          Yes, the ten's of thousands of companies in this country are all 100% corrupt. I'm sure one is paying you every two weeks - that is if you actually work..........
      RLC
      • 5 Months Ago
      China, huh? Who would have guessed that?
        Actionable Mango
        • 5 Months Ago
        @RLC
        Well the event was held in Beijing, so yes, I wouldn't be surprised that a Chinese University team won. But that's not what you meant, was it?
        Levine Levine
        • 5 Months Ago
        @RLC
        RLC: NSA, CIA ? How about Mr. Snowden? Merkel of Germany?
      DarylMc
      • 5 Months Ago
      From the source article. "A team from Zhejiang University was awarded 10,600 yuan by the Symposium on Security for Asia Network (SyScan360), a security conference taking place in Beijing this week where attendees had been invited to hack into a Tesla Model S. [Correction: it was initially reported that the team won US$10,000. However this grand prize was not awarded, as no hack met the specifications set by organisers.]"
      mikeybyte1
      • 5 Months Ago
      Can't wait for driverless cars and the hack jobs they will be getting. I can already see it in an upcoming Bond movie - Someone gets in their driverless car, which is suddenly reprogrammed to keep them locked in, kill communications, and drive them to the bad guy to be kidnapped. Easy breezy!
      mikemaj82
      • 5 Months Ago
      For those askng if they had physical access to the car - it had to be remotely hacked in order for them to win the $10,000. If they won the money then they did it remotely.
        JakeY
        • 5 Months Ago
        @mikemaj82
        See DarylMc's comment. Apparently they only got about 10% of the money since the hack didn't meet the organizer's criteria.
      davebo357
      • 5 Months Ago
      I'd really like to know if this is achieved through some sort of wifi or do you physically need access to the car? Because, you know... I can mess with a car's door locks, windows and horn too if I'm sitting inside while someone is driving. This hack sounds more like having a young child in your passenger seat.
        DarylMc
        • 5 Months Ago
        @davebo357
        davebo357 I'm sure everyone wants to know more about this but I think you are unlikely to find any good info here at autoblog.com. Well maybe you will but not in this article.
      bluepongo1
      • 5 Months Ago
      The "hack" didn't control the car just functions like: lights, horn, wipers & etc. unlike other cars that have been controlled by hacking. >===> https://www.youtube.com/watch?v=oqe6S6m737w
        DarylMc
        • 5 Months Ago
        @bluepongo1
        Hi bluepongo1 That link does not work for me
    • Load More Comments