Tesla Model X was hacked and stolen within minutes |
A Belgian security researcher has come up with a way to replace and hijack the Smart Entry system firmware in a Tesla Model X car key so that all non-working cars can be stolen thanks to the latest software update.
The attack takes only a few minutes, requires inexpensive equipment, and was developed by Linnert Waters, PhD student in the Computer Security and Industrial Encryption (COSIC) group at the University of Louvain, Belgium.
This is Luther's third achievement at Tesla cars in many years, when researchers launched two attacks, in 2018 and 2019.
According to a report published by researchers, this attack was triggered by a Smart Entry firmware update bug in a Tesla Model X car key.
The old Model X controller can be used to exploit this drawback.
The consoles can be easily obtained online through websites such as eBay or a store or forum that sell parts for used Tesla cars.
According to Waters, the old console could be modified to trick the smart key system into believing the controller belonged to its dual car and then perform malicious firmware updates via Bluetooth Low Energy.
Waters added: Since this update mechanism is not properly protected, we can wirelessly hack the smart key in the switch to enter and control the system. We will then receive a valid unlock message at some point. Then open the car.
The attacker is near the owner of the Model X and must be within 5 meters of the victim in order for the old modified console and smart access system to be installed in the victim's key.
The attacker sends the malicious update in the victim's key to the smart access system. This segment takes about 1.5 minutes and has a range of 30 meters, so the attacker can move away from the owner of the target vehicle.
Once the smart key entry system has been destroyed, the attacker extracts the vehicle release message from the smart key entry system.
The attacker uses these unlock messages to gain access to the victim's car and then connect the old console to the diagnostic connector for the hacked Tesla vehicle. Tesla technicians usually use the diagnostic connector to repair a vehicle.
The attacker uses this connection to associate the Smart Entry system with the vehicle key that starts and leaves the vehicle.
This part will take a few minutes, but the only downside to this attack is the relatively bulky attack equipment that is easy to spot unless concealed in a backpack, handbag, or briefcase. Different vehicle.
Waters said he discovered the vulnerability earlier this summer and reported to Tesla's security team in mid-August.
After Tesla began rolling out software updates for all Model Xs this week, researchers released the results.