Surprise, there’s a new way to hack and steal a Tesla in mere minute by using Bluetooth.
How the new Tesla hack works
Lennert Wouters security researcher from KU Leuven in Belgium, has demonstrated a vulnerability in keyless entry functionality of the Tesla Model X. He said that it’s possible for a key fob’s firmware to be rewritten via Bluetooth, extract the unlock code from the device and then steal the Model X. This could apparently be done in just 90 seconds.
According to Wired, Wouters was able to do this by using a computer with a Bluetooth signal to connect to a Tesla Model X’s key fob. From there he could rewrite the firmware and make it query the key fob’s security chip ton generate an unlock code.
This was possible because these key fobs don’t have ‘code signing’ for their firmware updates. Instead, they get over-the-air updates via Bluetooth that don’t confirm whether the firmware code is an “unforgeable cryptographic signature from Tesla.”
Once inside the Model X, Wouters was able to unlock and drive the car by plugging his computer into one of its ports under the display. This let him send commands to the Tesla’s internal component, including the body control module (BCM).
This allowed him to pair the BCM with the key fob because the former did not check that the latter had the unique cryptographic certificate for that car. As such, he was able to pair his own faux key fob and drive away.
It all sounds quite simple, but it took a bit of work to get to that point. Wouters had to work out that the BCM, which runs the keyless entry system, has perform the Bluetooth wake up command on the key fob. So to trick it he had to buy his own Model X BCM off eBay to send the radio signal to the fob.
Tesla is doing something about it
According to Wouters, he informed Tesla about this security vulnerability back in August. Tesla is reportedly rolling out a patch to its key fobs this week to address the issue.
The company itself has a good relationship with white hat hackers. In addition to paying them for discovering vulnerabilities, it put up a $US1 million prize at this year’s Pwn2Own hacking competition in Canada.
Disclosure: the author owns shares in Tesla.