Researchers at a university in the Belgian city of Leuven say they’ve used two vulnerabilities in a Tesla Model X to be able to hack into it. They’ve given Tesla the findings and a patch has been created to prevent thieves being able to take advantage.
Wired reports that Lennert Wouters, a security researcher at Belgian university KU Leuven, discovered that a collection of security vulnerabilities he found in both Tesla Model X cars and their keyless entry fobs could be exploited by any car thief who manages to read a car’s vehicle identification number—usually visible on a car’s dashboard through the windshield—and also come within roughly 15 feet of the victim’s key fob.
The report says the hardware kit necessary cost Wouters around US$300 (£225), fits inside a backpack, and is controlled from the thief’s phone. In just 90 seconds, the hardware can extract a radio code that unlocks the owner’s Model X. Once the car thief is inside, a second, distinct vulnerability Wouters found would allow the thief to pair their own key fob with the victim’s vehicle after a minute’s work and drive the car away.
“Basically a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time,” Wouters told Wired. He plans to present his findings at the Real World Crypto conference in January. “When you combine them, you get a much more powerful attack,” he added.
Tesla is reported to have told Wouters it plans to start rolling out a software update to its key fobs this week—and possibly components of its cars too—to prevent at least one step in his two-part attack. Wouters adds that he’s been careful not to publish any of the code or reveal technical details that would enable car thieves to pull off his tricks.
(Picture – Tesla press team)