(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
A major security flaw has been discovered in the keyless entry system of the Tesla Model X that allow hackers to take control of the system and steal the car in a few minutes using a Bluetooth connected key fob (remote control to lock and unlock cars).
The latest security experiment conducted by researchers at COSIC, a group at the University of Leuven, Belgium, revealed how security measures in the recent Tesla Model X can be bypassed.
The researchers said Tesla released an over-the-air software update to mitigate these issues. The same group had previously unveiled vulnerability in the Tesla Model S keyless entry system as well.
The Tesla Model X key fob allows the owner to automatically unlock their car by approaching the vehicle, or by pressing a button. The model uses Bluetooth Low Energy (BLE) to facilitate the integration with phone-as-key solutions. The flaw in the firmware update process of key fob allows a hacker to take control of the car.
The group detailed steps on how they used an Electronic Control Unit (ECU) from an older Model X vehicle and were able to wirelessly (up to 5m distance) force key fobs to advertise themselves as connectable BLE devices.
They sent their own software to the key fob to gain full control over it. Researchers said it takes about 90 seconds, and can be performed over a range of more than 30 metres.
They found that BLE interface in the Tesla Model X allowed for remote updates of the software running on the BLE chip.
“As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it,” Lennert Wouters, researcher at COSIC said. “Subsequently, we could obtain valid unlock messages to unlock the car later on.”
After approaching the vehicle and unlocking it, hackers accessed the diagnostic connector inside the vehicle. By connecting to the diagnostic connector, they paired a modified key fob that provided permanent access to the car and it can be driven away.
The Belgian researchers first informed Tesla of the identified issues on August 17, 2020. Tesla confirmed the vulnerabilities, awarded a bug bounty and an over-the-air software update, that is now being rolled out, will be pushed to the key fob.