Researchers at the University of Leuven in Belgium
have found a vulnerability that when exploited allows them to take control
Tesla Model X key fob total fact that allows attackers to steal the vehicle
in just a few minutes. The security error is in the BLE chip of the
Tesla, With a specific firmware can be updated remotely
Gaining full control of the key fob and vehicle.
As explained by Lennert Wouters, Doctorate of the group
Computer Security and Industrial Cryptography, Once the keychain has been seen
Compromised attacker could capture unlock messages that
would allow the vehicle to be unlocked at any time, In addition, Getting
Vehicle access, would gain access to the diagnostic interface they use
Normally service technicians.
To successfully exploit the vulnerability, the
Attacker would have to be at a distance of less than 5 meters of the Tesla
objective, it would be necessary to have a modified Electronic Control Unit
to access the keychain and launch the firmware update to get the
Full vehicle control.
Wouters added that once the vehicle is unlocked, It's possible
Access the diagnostic connector inside the vehicle and pair a key fob
Remote control modified to the vehicle. The newly paired keychain with a
Modified key would allow us to start the vehicle and drive it.
The researchers used a device in the test
Built with low-cost equipment, these include a Raspberry Pi with
a CAN shield, an Electronic Control Unit, a LiPo battery and a keychain
modified.
The security breach was reported by the
researchers to Tesla in the month of August of this year. The company has
informed that a wireless firmware update is implemented that would fix
the failures that affect the key fob of the SUV.
These same researchers have found flaws in
Tesla Model S keychain safety and Passive Keyless Entry
and Start (PKES).