A Belgian security researcher recently discovered they could hack a Tesla Model X SUV within minutes by exploiting the vehicle's keyless system, said Wired. Tesla is set to release an update expected to fix the issue.
Lennert Wouters, a researcher from the University of Leuven, was able to hack the internet-connected vehicle worth at least $80,000 within 90 seconds using equipment that costs only $300.
He was able to take advantage of several vulnerabilities found in the vehicle itself and its key fob. Combining the two security flaws, he was able to gain entry into the vehicle and access its system.
The hack requires the car’s vehicle identification number, which is visible through the windshield, and a Bluetooth connection. This combination allowed him to access the fob and rewrite its firmware to extract an unlock code, which is then used to unlock the car.
The researcher was also able to pair his own key fob with the vehicle using the extracted information, allowing him to drive away with the car if he wanted to.
This process, called code signing, can be difficult to pull off with Tesla Model X as its fob only wakes up for a second when its battery is removed and replaced.
According to Wouters, this exploit can be used by a car thief who can get their hands on the vehicle identification number. They only need to be within 115 feet of the key fob, as well.
Wouters found the vulnerabilities a few months earlier and was able to inform Tesla in August. The company is said to be issuing an update that seeks to eliminate this problem. The fix will be deployed via an over-the-air update.
Tesla is also planning to update car parts to eliminate at least either one of the two vulnerabilities. The company told the researcher that the fix will be available in a month, which gives owners of vulnerable vehicles a few weeks.
This is not the first time Wouters was able to hack a Tesla vehicle. In the past, he was able to successfully attack a Tesla Model S. According to Threat Post, similar hacks were able successfully conducted by Chinese researchers with the company’s S series.
Tesla’s cars are not the only ones plagued with vulnerabilities related to fobs. Volkswagen, Ford, and Chevrolet vehicles and fobs also exhibited similar flaws.
