A security flaw was discovered by Lennert Wouters, a Ph.D. student at COSIC, a research group at the University of Leuven in Belgium, in Tesla’s Model X’s keyless entry system. The flaw would allow a hacker to steal the vehicle in mere minutes.
It works by exploiting a flaw in how Tesla uses Bluetooth Low Energy in the car’s key fobs, including support for firmware updates.
COSIC revealed the exploit on Monday. The technique to steal a Model X involves a modified electronic control unit from a salvage Model X to force the key fobs to reveal themselves as connectable Bluetooth devices.
“The Bluetooth device has connected successfully”
The BLE interface was not adequately protected using the update mechanism, allowing a hacker to execute a wireless takeover of the key fob and subsequently get valid codes that unlock the car. Wouters explains that after unlocking the car, one can connect to the diagnostic interface reserved for service technicians.
Because of the pairing protocol flaw, he says that a hacker can pair a modified key fob to the car and yield permanent access, allowing them to take off with the vehicle.
Wouters found the flaw in the northern summer and notified Tesla in August.
Tesla cars have been hacked before
The BLE flaw is not the first time that someone has demonstrated the hackability of a Tesla. Researchers from COSIC have previously shown that the keyless entry on the Model S can be hacked.
Other past examples of Tesla getting hacked remotely included brakes in 2016.
The research shows the effects of not having proper validation for security requirements and features. According to Jacob Wilson, the senior security consultant at Synopsys, having rigorous composition analysis and testing the embedded electronics will provide a great way to thwart attacks.