Tesla has always prided itself on its so-called over-the-air updates, pushing out new code automatically to fix bugs and add features. But one security researcher has shown how vulnerabilities in the Tesla Model X’s keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes.
Lennert Wouters, a security researcher at Belgian university KU Leuven, today revealed a collection of security vulnerabilities he found in both Tesla Model X cars and their keyless entry fobs. He discovered that those combined vulnerabilities could be exploited by any car thief who manages to read a car’s vehicle identification number—usually visible on a car’s dashboard through the windshield—and also come within roughly 15 feet of the victim’s key fob. The hardware kit necessary to pull off the heist cost Wouters around $300, fits inside a backpack, and is controlled from the thief’s phone. In just 90 seconds, the hardware can extract a radio code that unlocks the owner’s Model X. Once the car thief is inside, a second, distinct vulnerability Wouters found would allow the thief to pair their own key fob with the victim’s vehicle after a minute’s work and drive the car away.
“Basically a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time,” says Wouters, who plans to present his findings at the Real World Crypto conference in January. “When you combine them, you get a much more powerful attack.”
Wouters says he warned Tesla about his Model X keyless entry hacking technique in August. He says the company has told him it plans to start rolling out a software update to its key fobs this week—and possibly components of its cars too—to prevent at least one step in his two-part attack. WIRED also reached out to Tesla to learn more about its software fix, but the company didn’t respond. (Tesla dissolved its press relations team in October.) Tesla told Wouters that the patch may take close to a month to roll out across all of its vulnerable vehicles, so Model X owners should be sure to install any updates Tesla makes available to them over the coming weeks to prevent the hack. In the meantime, the Belgian researcher says he’s been careful not to publish any of the code or reveal technical details that would enable car thieves to pull off his tricks.
Wouters’ technique takes advantage of a collection of security issues he discovered in the Model X’s keyless entry system—both major and minor—that together add up to a method to fully unlock, start, and steal a vehicle. First, the Model X key fobs lack what’s known as “code signing” for their firmware updates. Tesla designed its Model X key fobs to receive over-the-air firmware updates via Bluetooth by wirelessly connecting to the computer inside a Model X, but without confirming that the new firmware code has an unforgeable cryptographic signature from Tesla. Wouters found that he could use his own computer with a Bluetooth radio to connect to a target Model X’s keyfob, rewrite the firmware, and use it to query the secure enclave chip inside the fob that generates an unlock code for the vehicle. He could then send that code back to his own computer via Bluetooth. The whole process took 90 seconds.
- German Tesla Model 3 driver caught stealing electricity from the police
- Cops chased a Tesla for 7 miles while its driver appeared to be sleeping
- Skateboarder is caught red-handed smashing a $140,000 Tesla with his board by the car's motion cameras
- Police blame Tesla crash on distracted driving, not tech, though questions remain
- Tesla and U.S. regulators strongly criticized over role of Autopilot in crash
- Tesla And U.S. Regulators Strongly Criticised Over Role Of Autopilot In Crash
- US Coronavirus Prep, a Fatal Tesla Crash Ruling, and More News
- YouTuber, 21, uses Tesla's autopilot to drive for 36 HOURS straight on 1,200 mile road journey from Austin to Chicago
- The new cars most vulnerable to keyless theft as popular models rated ‘poor’ for security
- Tesla Sentry Mode captures vandal attacking Model S in Albury car park
- Tesla Autopilot’s role in fatal 2018 crash will be decided this week
- Review: The new Moto G doesn’t change much, but still a steal at $179
This Bluetooth Attack Can Steal a Tesla Model X in Minutes have 739 words, post on www.wired.com at November 23, 2020. This is cached page on Talk Vietnam. If you want remove this page, please contact us.