Two researchers said they were able to take control of a Tesla Model S by hacking into the car’s entertainment system.
When the car was cruising at less than five miles per hour or idling, the researchers were able to apply the emergency hand brake, bringing the car to an immediate stop.
At speeds higher than that, the Model S “gracefully” shut off its engine, allowing the driver to maintain control over steering and braking, according to a blog post written by one of the researchers, Kevin Mahaffey, who is co-founder and chief technology officer of cybersecurity firm Lookout.
The pair was also able to remotely lock and unlock the car, control the radio and touch screen displays and open and close the trunk.
A Tesla spokeswoman said the company has developed a fix, which was already sent out to all Model S cars through an over-the-air software update. These updates can be downloaded by the driver via Wi-Fi or cellular connection.
Mahaffey and Marc Rogers, principal security researcher at web security company CloudFlare, hacked the vehicle over the course of a year.
They said they found six vulnerabilities in the car’s security system but emphasized that it was after having physical access to the Model S. The researchers said they took control of the car’s entertainment system after connecting their laptop to the car’s Ethernet cable. Then, they were able to access the systems remotely.
In the blog post, Mahaffey praised Tesla’s over-the-air update system and its isolation of the car’s entertainment system from the vehicle network.
But he said the automaker needed to bolster individual system security, as the researchers took full control over the car’s entertainment system by breaching each system individually and using that access to get into another system.
“Overall, I feel more secure driving in a Tesla Model S than any other connected car on the road,” Mahaffey wrote.
Rogers and Mahaffey will present their full research at this week’s Def Con hacking conference in Las Vegas.
News of the Tesla hack comes just weeks after a report that cybersecurity researchers were able to take remote control of a Jeep Cherokee, leading Fiat Chrysler Automobiles to recall 1.4 million vehicles.