Keen Security Lab recently released a brief write-up on multiple security vulnerabilities found in Tesla Model S vehicles. Among them was remote access to a vehicle's CAN (Controller Area Network) bus, allowing them to take control of the vehicle. The Keen Lab team was able to remotely control the turn signals, move the seats, and unlock the vehicles doors while the vehicle was in parking mode. With the vehicle in driving mode, the team was able to control the windshield wipers, move the mirrors during a lane change, open the trunk, and manipulate the braking system.
The details of the exploit chain haven't been released to the public yet, but hopefully they'll be available soon. Since this attack only works when the vehicle uses the web browser near a malicious hotspot, I would assume that the browser is their attack surface. Then, from the browser, they pivot into the tablet. From there, they get access to the CAN bus. Of course, that's all just speculation, but it's always fun to guess.
Hacking a car always makes big news. However, it's easy to get caught up in the grandeur of hacking a vehicle while forgetting that as the IoT moves forwards, this will become more and more common place. For every car hack that gets big coverage, there are hundreds of networked insecure IoT devices released to consumers. I wouldn't be surprised to see an entire shift from hacking computers to hacking smart home light bulbs in the near future. We've already seen the Mirai botnet, and that was just the start.