You may not be a fan of keyless entry systems in cars, especially since they seem to be extremely vulnerable, but now you have proof: a Tesla Model X was recently hacked.
The news that researchers at COSIC , an imec security research group at the University of Leuven in Belgium, have managed to break the keyless entry system into a Tesla Model X, raises some questions about the design of security systems auto.
The COSIC team said it had discovered a major security flaw in the keyless entry system of the Tesla Model S and detailed how the security measures implemented in the more recent Tesla Model X can be bypassed.
They demonstrated how the battery-powered Tesla Model X, priced at over US $ 100,000, can be stolen in minutes . Following the hack, Tesla released an over-the-air software update to alleviate these issues.
The Tesla Model X key button allows the owner to automatically unlock their car by approaching the vehicle or pressing a button.
To facilitate integration with key phone solutions, which allow a smartphone application to unlock the machine, the use of Bluetooth Low Energy (BLE) is becoming more widespread. The Tesla Model X trunk is no different and uses the BLE to communicate with the vehicle.
They proved how easy a Tesla can be stolen
One of the PhD students in the COSIC research group, Lennert Wouters, explained the scenario.
Using a modified electronic control unit (ECU), obtained from a recovered Tesla Model X, we managed to force the key (up to 5m away) the key to look like a connectable BLE device.”
“Through reverse engineering of the Tesla Model X, we discovered that the BLE interface allows remote updates of software running on the BLE chip. As this update mechanism was not properly secured, we managed to compromise the wireless key and take full control over it ”.
“Later I was able to get valid unlock messages to unlock the car.”
“With the ability to unlock the car, we could then connect to the diagnostic interface normally used by service technicians.”
“Due to a vulnerability in the implementation of the pairing protocol, we can associate a modified key, giving us permanent access and the ability to leave by car,” he added.
Two weaknesses exposed using a Raspberry Pi computer
The proof of the concept attack was made using a self-made device made of cheap equipment: a Raspberry Pi computer ($ 35) with a CAN screen ($ 30), a modified key and an ECU from a recovered vehicle ($ 100) on eBay) and a LiPo Battery ($ 30).
Belgian researchers first informed Tesla about the problems identified on August 17, 2020.
Tesla has confirmed the vulnerabilities and started working on security updates.
As part of the over-the-air 2020.48 software update, which is now released, a firmware update will be released on a turnkey basis.