LAS VEGAS — For the second time, Chinese security researchers were able to hack a Tesla Model X, turning on the brakes remotely and getting the doors and trunk to open and close while blinking the lights in time to music streamed from the car’s radio — an effect they dubbed “the unauthorized Xmas show.”

The complex hack involved sending malicious software through the car’s web browser in a series of circuitous computer exploits. They were able to remotely control the car via both Wi-Fi and a cellular connection.

The researchers informed Tesla of their discovery in June of this year and the company patched the vulnerabilities within two weeks, said Samuel Lv, director of the Keen Security Lab at Chinese tech giant Tencent.

In a statement, Tesla said it actively encourages this type of research so that it can prevent potential issues from occurring. The risk to customers from such exploits is very low and Tesla has not seen a single customer ever affected by it, the statement said.

This is actually the second year the team from Keen Security Lab in Shanghai managed to hack a Tesla and remotely engage its brakes.


“We informed Tesla of the vulnerabilities we found last year and they corrected them. This year our research found new vulnerabilities and  we were able to reproduce the same remote control of the car,” said Sen Nie, lead researcher for the car hacking team at Keen Security Lab. He presented the research with colleagues Ling Liu and Wen Lu at a conference of security researchers here. 

Nie emphasized that the work was complex and not easily replicated. He also said the researchers don’t believe Teslas…