Like the organization’s other models, the Tesla Model X is full of advanced technology. But crucial flaws enabled a group of security investigators to hack and steal one in 2 minutes.
A group of investigators in KU Leuven University’s Computer Security and Industrial Cryptography (COSIC) team published a demonstration of this assault on YouTube.
It is like a scene that comes straight from a Hollywood movie.
Tesla Model X Hacked & Stolen
The vulnerability could be exploited using a digital control unit (ECU) flashed in an old Model X automobile, which can be readily obtained online on sites like eBay or some other shops or forums selling utilized Tesla car components.
As Wouters explained in their published report: this third attack functions due to a flaw in the firmware update procedure of Tesla Model X key fobs.
The elderly ECU could get altered to deceive a victim’s key fob into thinking that it belonged to a matched automobile, pushing a malicious firmware upgrade straight to the main fob through the BLE (Bluetooth Low Energy) protocol.
“As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it.
Subsequently, we could obtain valid unlock messages to unlock the car later on.”
The steps of the attack are detailed below:
1) The attacker approaches the owner of this Tesla Model X. The attacker should get as close as 5 meters to modify the ECU, awakening, and ensnaring the victim’s key fob.
2) This component takes approximately 1.5 minutes to run, but the scope also extends up to 30 meters, allowing the hacker to distance from the targeted Tesla proprietor
3) After the hack is successfully executed, the attacker gets the unlock messages from the key fob. The same messages are used to get into the victim’s car.
4) The attacker joins the elderly ECU into the hacked Tesla car’s connector — commonly employed by technicians to work on the vehicle.
5) Last, but not least: this connector gets paired to the key fob to use it later on for driving the vehicle and scaping away. This also takes a couple of minutes to do.
There’s one thing that could make the attack go wrong: a big-sized attack rig. But advanced hackers could make it go spotless by placing it into another car, a bag, backpack, or any other item of the kind.
On the other part, this rig is considerably cheap to get. The attacker needs a Raspberry Pi computer ($35), a CAN shield ($30), a LiPo battery ($30), an ECU from a saved vehicle, and a fixed key fob ($100).
Wouters discovered the bug in the summer season and told Tesla’s security team about it in August. But the research is barely noticeable now that the company launched the software update (2020.48) to Model X cars.
Now, here’s a last worrying announcement coming from Wouters: “They’re cool cars, so they’re interesting to work on… But I think if I spent as much time looking at other brands, I would probably find similar issues.”
The statement points out that this type of exploit also affects other automobile systems
Even, I would dare to say that it’s more prominent in others than in Tesla cars themselves. Not that I’m loyal to the brand, but Tesla has set security measures and even yearly competitions (as Pwn2Own) where a Model 3 is given away.
For the same reason, is that Wouters isn’t sharing any more technical details about this exploit (until January, when the Real World Crypto conference is celebrated).