In this case, it came from a Wi-Fi-enabled drone. The hack – originally meant for the Pwn2Own 2020 hacking competition – involved hacking into ConnMan, an internet connection manager. The attacker then took control of a Tesla vehicle’s infotainment system.
Why a Tesla? Because it’s essentially a big mobile computer that can be hacked like any laptop.
"We really designed the Model S to be a very sophisticated computer on wheels," Tesla CEO Elon Musk said back in 2015.
"Tesla is a software company…a huge part of what Tesla is, is a Silicon Valley software company. We view this the same as updating your phone or your laptop," Musk said at the time.
Enter researchers Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris who found so-called "zero click" security vulnerabilities in open-source software used in Tesla cars. That allowed them to hack parked Tesla vehicles from a drone and control their infotainment systems over Wi-Fi.
The vulnerabilities were disclosed late last month by Weinmann and Schmotzle.
In what the researchers described as the "fun" part, they said the attack can be launched from up to 100 meters above the car by flying the stealth drone to a Tesla Supercharger station.
Once hacked, they can then do pretty much anything a user could do from the car’s infotainment system, the researchers said. That includes unlocking the doors and trunk, adjusting seat positions and changing steering and acceleration modes.
"In short, pretty much what a driver pressing various buttons on the console can do," according to the researchers.
They exploited the fact that modern Tesla vehicles such as the Model 3 automatically connect to a wireless network called "Tesla Service." Then they hacked into the ConnMan internet connection manager to gain access to the infotainment system.
"Having control over ConnMan…allows [hackers] to shut down the firewall," among the other things, the researchers said.
And they could have done a lot more. Adding a so-called "privilege escalation exploit" to the attack "would allow us to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car’s proximity," the researchers said.
"We did not want to weaponize this exploit into a worm, however," Weinmann said. A worm refers to malware that replicates itself and spreads to other computers.
They later disclosed the vulnerabilities to Tesla, who patched them in an update.