back to article Students hack Tesla Model S, make all its doors pop open IN MOTION

Zhejiang University students have hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn - all while the car was driving along. The hack was part of a competition at the annual Syscan conference in Beijing, where a prize of $US10,000 was offered to …

  1. Bush_rat

    The Big Question

    Was this a "tethered" hack or can it be done wirelessly? It if requires a physical connection then it's not particularly scary...

  2. Mark 85

    Hmmm... a good thing there's no ejection seat then. I wonder If the airbags could be remotely deployed? I'm thinking a tool for James Bond.

  3. adnim

    They may

    have hacked the six digit code of the remote control app, which means the software flaw is in an insecure software application and not the vehicle itself. And thus the Tesla Model S itself was not hacked. I guess the headline "Chinese Uni students hack smart phone app" isn't really click bait.

    1. Richard 12 Silver badge

      It's more than that

      The smartphone stuff is not supposed to work while the car is in motion, so even if that was the vector they have done more.

      Car electronic security is poor to abysmal in general, it doesn't matter much while the only vector is the plug-in point, but manufacturers have been adding wireless functions and links to to Internet...

      1. James Micallef Silver badge

        Re: It's more than that

        "Car electronic security is poor to abysmal in general"

        Very true, which means

        1) It's not surprising that teh Tesla was not 'uncrackable', though without any further details it's not possible to understand how serious any issues are

        2) It's great that Tesla are following attentively and taking feedback on board rather than the usual "no comment" or "our car is unhackable under normal conditions" BS that I've heard from BMW etc

      2. Weapon

        Re: It's more than that

        The requirement was actually hacking the car, they failed to hack the car and only hacked the mobile app taking advantage of the features of the mobile app. Hence why the 10k is unclaimed and they only got 1.8k, because the car was not hacked.

        1. Yet Another Anonymous coward Silver badge

          Re: It's more than that

          So if they only hacked the mobile app which then sent a signal to the "completely secure and unhacked" car to self destruct - that isn't an issue?

          You don't work for a congressional oversight committee do you ?

        2. Oninoshiko

          Re: It's more than that

          That's a bloody shame. The app works with the car, it's a valid attack vector.

          That's like saying you didn't hack a linux box because you "just" broke SSHd.

        3. jubtastic1

          Re: It's more than that

          Really? so the car opening its doors while in motion wasn't a hack, it's something the car is quite happy to do at anytime? that's fucking scary.

          1. Bill B

            Re: It's more than that

            @jubtastic... As far as I can tell from other reports (not this one, the story was incredibly short on facts, guy must work for The Sun) the hack didn't open the doors. It unlocked the doors.

            On most cars unlocking the door and opening the doors are two separate actions.

            Still a good hack but it doesn't mean you could fall out the car whilst it was in motion.

            1. Oninoshiko

              Re: It's more than that

              OTOH, if your objective is less homicidal and you just want to steal everything in the car this hack works nicely.

  4. returnmyjedi

    My old man used to have a Rover which had electric windows that would unexpectedly open and close for no apparent reason. I can only assume it was also down to some clever clog students such as in this case.

    1. Anonymous Coward

      Nope, it was your run of the mill shit 70 / 80 /90's British "workmanship". I know I was stupid enough to buy several.

    2. Nuke

      Poorly Written Article

      The Austin Metro (at least earlier models) could be unlocked by unplugging a connector under a front wing and shorting a couple of the pins.

      This article is very badly written. What is "flow design"? What is meant by "pop the doors and engine"? And is this something a thief can do by plugging something in while it is parked (like the Metro above) or is it the perp using a radio link to make the doors fly open or the engine cut or explode ("pop"?) while a Tesla is driving past, as a prank?

      "... alter the car functions while it was in motion ". Does this mean by a third party radio link (as above) or by the owner with a plug-in to do things normally disabled in motion - perhaps you can't usually open the sunroof in motion?

      No use looking at the link, it's in Chinese.

      1. Anonymous Coward
        Anonymous Coward

        Re: Poorly Written Article

        "The Austin Metro (at least earlier models) could be unlocked by unplugging a connector under a front wing and shorting a couple of the pins.!"

        The Austin metro could be unlocked with a front door key. I know, I did it when a friend locked his inside. They were no worse than others, many people from the 80's may recall that wierd feeing when you realise you have sat in the wrong car (Vauxhall Cavalier was mine)

        1. Anonymous Coward
          Anonymous Coward

          Re: Poorly Written Article

          It was the same with many Ford cars too.

        2. Yet Another Anonymous coward Silver badge

          Re: Poorly Written Article

          But the Austin Metro had a brilliantly ingenious and completely secure and effective theft deterrent.

        3. jubtastic1

          Re: Poorly Written Article

          I once managed to lock the keys in my TR7 at a petrol station, I asked the bloke filling his van next to me if I could try his keys, he passed them to me with a 'you'll be lucky mate' look, I didn't need luck, I just needed something vaguely key shaped.

          Still locked it every time I parked though.

        4. Stevie

          The Austin metro could be unlocked with a front door key

          Pshaw! I unlocked many a locked Vauxhall and Toyota for distressed ladies with consummate ease in the 79-81 era using ... the otherwise useless fish descaler on my Victorinox Swiss Army Knife.

          Slide it in, bit of a wiggle as you pull it out a bit and repeat until job done.

          And the ladies were always left smiling.

        5. Intractable Potsherd

          Re: Poorly Written Article @ Lost all faith

          " ... many people from the 80's may recall that wierd feeing when you realise you have sat in the wrong car (Vauxhall Cavalier was mine)"

          Yep - Vauxhall Chevette and Ford Fiesta here! There is no elegant way of extracting yourself from that:

          "Why won't the ignition switch work?" [usually less worn than door-lock] (Rock steering wheel back and forth a few times. Peer under column.)

          "Shit! Lock must be broken!" (Reach for door handle to get out.)

          "Hold on. Where have those furry dice/womens' shoes/deodorant trees come from?" (Odd sense of reality fading. Vague suspicions of alternative universes become more concrete.)

          "Eerrrmm - I don't remember parking this close to that wall/lamp-post/identical model of car with familiar number plate ..." (Sudden bowel-loosening realisation that you are, in actual fact, in *someone else's car*. Intimate appreciation of the meaning of the phrase "Feeling the colour draining out your face").

          "Right. Don't panic. No-one knows what you've done. Pretend you have found *the thing* you were looking for. *Calmly* get out of the car." (Heart pounding loud enough to set the suspension resonating. Cold sweat forming all over.)

          "Now, relock the door." (Shit! It isn't as easy.)

          "No - on the button!" (Reopen door in as unsuspicious way as possible, do the combination of handle and button.)

          "Now, walk back the way you came so that it is obvious you 'just wanted to get something from the car'." (Resist temptation to whistle whilst walking round corner. Wait what seems like five minutes, not looking suspicious at all.)

          "Take off your jacket/jumper so no-one will recognise you as you walk back to your own car and drive off ... very ... carefully." (Try to forget the utter hideousness of it all until some bastard on El Reg reminds you of it ...)

      2. harmjschoonhoven


        That I can read ElReg doesn't mean I can't read Chinese, all be it very slowly.

        BTW the link leads to the video which suggests the hacker is using a mobile phone. The car is NOT moving.

        May be there is just a little green man inside, you never know these days.

    3. Anonymous Coward
      Anonymous Coward

      That would be the influence of the unions, the car workers would unexpectedly fail to show up for work as well.

  5. Down not across

    Let me just pullover to turn on the lights...

    Zhejiang University students have hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn.

    Well, I'd be pretty miffed if I couldn't open the doors (ok, perhaps not doors whilst in motion), sunroof and operate lights and horn. Having to pull over to open/close sunroof or turn on/off lights would be rather annoying.

    And horn not working whilst moving kind of defeats its purpose (which is not to lean on it in stationary traffic whilst car ahead has nowhere to go anyway).

  6. I am not spartacus

    " unspecified flaw in the flow design of the car..."

    I think that you could be clearer about what you mean. Do you mean that somehow the structure of the software is wrong, or something else? What do you mean by flow design?

  7. dotdavid

    "An entrant named team 'yo'"

    Ah so that's what the Yo app does.

    1. Gene Cash Silver badge

      Re: "An entrant named team 'yo'"

      And their mortal enemies " 'sup"

  8. Nifty Silver badge

    hacking the horn

    For the Chinese market, the horn will in any case be programmed to sound automatically whenever the vehicle comes within 1.5m of another.

    1. Anonymous Coward
      Anonymous Coward

      Re: hacking the horn

      [sarcasm mode on]

      Please, yes please. I'd love to make the car IN FRONT OF ME to play the horn whenever I get close to him. People around here sleep on the green lights way too much.

      Just get really close, and watch a schmuck wake up to move along with the traffic. While you don't even have to play the horn yourself.

      Given I always stop at less than 75cm from the car in front of me... that should be enough incentive to move with freaking traffic.

  9. Anonymous Coward
    Anonymous Coward


    Tesla should run a competition to see who can be the first person to hack the Chinese government and run apt-get install democracy.

    1. eldakka

      Re: Retaliation!

      "Tesla should run a competition to see who can be the first person to hack the Chinese government and run apt-get install democracy."

      nah, the democracy app is too immature and buggy. It seems to self-destruct all the time.

      1. Anonymous Coward
        Anonymous Coward

        Re: Retaliation!

        Hardly, it has a few errors, it leaks until all available resources are used and then crashes but immature? Not really.

    2. computers suck

      Re: Retaliation!

      I prefer synaptic, but still, lol

    3. Jeff Minter

      Re: Retaliation!

      Yeah, because democracy is the answer to all of China's problems...

  10. Anonymous Coward
    Anonymous Coward

    article sucks.

    Unlock doors and pop open doors are two very different things..

    All by accessing the CAN bus from inside the car no doubt.. is this really worth a mention?

    1. Dan delaMare-Lyon

      Re: article sucks.

      re: CAN-BUS - totally agree, and which really isn't that difficult, and can probably be demonstrated on most models of car.....

  11. Anonymous Coward
    Anonymous Coward

    open source patents

    "Billionaire Tesla head Elon Musk announced last month its patents would be 'open source' to promote the adoption of electric cars. "

    Seriously? A display of unselfish common sense from someone with huge amounts of money and power? The sky must be about fall on our heads !

    1. Yet Another Anonymous coward Silver badge

      Re: open source patents

      He didn't say free (as in beer) and most patents can be forced to be licensed under FRAND (Fair reasonable and non-discriminatory licensing) terms anyway.

      Telsa's patents on the electric car are much weaker than those of Toyota, Honda, Ford etc, and are mostly design patents on the shape of bits. So he was merely claiming the moral high ground for a future patent war, before an inevitable govt imposed standardization of things like charging ports.

  12. Anonymous Coward
    Anonymous Coward

    Elon Musk - his Confidence-to-Competence ratio is just ever so slightly > 1.0

    Next up - open the doors and windows of his rockets in-flight.

  13. Duffy Moon

    I saw an article in The Times about how owners of luxury cars were being advised to buy steering wheel locks because thieves can circumvent sophisticated, electronic anti-theft devices.

    Luckily I don't have to worry about thieves - my car's not worth nicking.

    1. Anonymous Coward
      Anonymous Coward

      "Luckily I don't have to worry about thieves - my car's not worth nicking."

      My friend would have said that about her plain old banger - one of the Eastern Bloc models. Didn't stop someone nicking it from the station car park one evening. Found next day in a field - burned out. She claimed on her insurance - but the insurance company then loaded her next premium so high that she would have been better off not claiming.

    2. Stacy

      I used to think that until my 18 year old Fiesta with rotten front and back wings, interior that was falling to bits and a 15 pound stereo (I was a student at the time, any car was amazing) was stolen. The police said it was probably nicked by teenagers who couldn't be bothered to catch a bus.

      I got it back (a phone call from the police at 3am saying they had found it but could not secure it) but they stole the 15 pound stereo, and even the Tesco uniform in the boot. Since then I assume they'll steal anything... (Seriously, why would you steal a 15 pound stereo or Tesco uniform - especially the later?!?!?!?!)

  14. Todd R. Lockwood

    This sounds more serious than it really is. Here's why:

    1. The Tesla owner's smartphone or the owner's sign-in credentials would have to be in the possession of the hacker.

    2. The smartphone itself would have to be unlocked.

    This poses no greater danger than one's unlocked smartphone being lost. None of the app control features are critical to driving the car. Additionally, the Tesla owner can instantly deactivate external control via a button on the car's touch screen.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like