**Tesla Exec Tells Congress "No One Has Ever" Taken Control of Its Vehicles, But That's Not True**

During a Senate Commerce Committee hearing on autonomous vehicles this week, Tesla Vice President of Vehicle Engineering Lars Moravy made a bold claim: "To answer your question on if anyone has been able to take over control of our vehicles, the answer is simply no."

However, that statement doesn't hold up to the facts. In reality, there have been multiple instances where hackers have gained remote access and control of Tesla vehicles. One notable example occurred in 2017 when security researcher Jason Hughes discovered a chain of vulnerabilities in Tesla's central server, known as "Mothership", which gave him access to location data, vehicle information, and the ability to send commands to any Tesla on the road.

Hughes was able to remotely activate a nearby Tesla's Summon feature, moving the car from California to North Carolina. This incident happened just months before CEO Elon Musk warned about "fleet-wide hacks" as one of Tesla's biggest concerns at the National Governors Association.

But that's not an isolated incident. In 2016, security researchers at Keen Security Lab (Tencent) successfully hacked a Tesla Model S from 12 miles away, gaining remote control of the vehicle's brakes by exploiting the car's Controller Area Network (CAN bus). Tesla patched that vulnerability within 10 days of being notified.

While it's true that both incidents were discovered by "white hat" security researchers who responsibly disclosed the vulnerabilities to Tesla rather than exploiting them maliciously, and that Tesla has since improved its security posture, Moravy's statement was still inaccurate. He didn't say "no malicious actor has ever taken control." He said "no one has ever been able to", which is demonstrably false.

The incident highlights the importance of precision when making safety and security claims in front of Congress, particularly when lawmakers are deciding how much oversight these systems need. Tesla's cybersecurity has improved dramatically since 2017, and the company deserves credit for its bug bounty program and responsiveness to security researchers. However, executives testifying before Congress should be accurate about their company's security history.

As Tesla pushes for a federal framework for autonomous vehicles, the credibility of safety and security claims matters. It's essential that companies like Tesla provide accurate information and take responsibility for their security history, rather than making blanket statements that don't hold up to scrutiny.

**About Electrek**

Electrek is a transportation and energy company that provides exclusive videos and podcasts on the latest developments in electric vehicles and renewable energy. Follow us on YouTube for exclusive content and subscribe to our podcast for in-depth analysis and discussion.

**Disclosures**

We use income-earning auto affiliate links. More information can be found at the FTC link below.

[Read more about Electrek's policies and disclosure guidelines](https://electrek.co/privacy-policy)

**Subscribe to Electrek on YouTube**

Get exclusive videos and stay up-to-date with the latest news in electric vehicles and renewable energy.

**Subscribe to our podcast**

Stay informed with in-depth analysis and discussion of the latest developments in electric vehicles and renewable energy.