Tesla is using over the air updates to patch vulnerabilities and add new features to its keyless entry system in Tesla Model X vehicles. However, according to a specialist at Leuven Catholic University (Belgium) Lennert Wouters (Lennert Wouters), using this update delivery mechanism can be stolen in a matter of minutes.
Wouters discovered vulnerabilities both in the Tesla Model X keyless entry system and in the car itself, which allowed him to rewrite the firmware of the key fob via a Bluetooth connection, remove the unlock code and steal the car. According to the researcher, a hijacker who manages to read the identification number (usually visible on the dashboard of the car through the windshield) and approach the victim’s key fob at a distance of 4.6 m will be able to exploit these vulnerabilities. The equipment required for this will cost $ 300, it can easily fit into a backpack, and is controlled using a smartphone.
In just 90 seconds, the device presented by Wouters can extract the radio code to unlock the Tesla Model X. Once inside the car, the hijacker can exploit the second vulnerability and start the car in just a minute using his own key fob.
“Basically, a combination of the two vulnerabilities allows a hacker to hijack a Model X in minutes. If you combine them, the attack will be much more powerful, ”the researcher said.
Wouters notified Tesla of the issue in August of this year, and the company has promised to release fixes for key fobs (and possibly car components) this week. According to the manufacturer, it can take up to one month to send updates to all vulnerable Tesla Model Xs, so owners must install all available updates to protect themselves from the above attack. For his part, the researcher promised not to publish any codes and details about vulnerabilities ahead of time in order to avoid their possible exploitation by hackers.