A group of Belgian Cyber Security researchers discovered a major security defect in the keyless entry system of the Tesla Model X
Recent reports confirmed that a group of Belgian Cyber Security researchers discovered a major security defect in the keyless entry system of the Tesla Model X, illustrating how the battery-powered Tesla Model X which cost over $100,000 could be stolen within the first few minutes.
The Elon Musk-run Tesla has presented an Over-The-Air (OTA) software update for decreasing the amount of the security issues in its key fobs software.
Researchers from COSIC, which is an Imec research organization at the University of Leuven in Belgium identified the security defects. Imec is known to be a world-leading research and innovation epicenter specializing in nano-electronics and digital technologies.
It is also known from the sources that the same researchers previously hacked the Tesla Model S keyless entry system. The Tesla Model X key fob functions in such a manner that it allows the owner to automatically unlock their car by advancing near the vehicle or by pressing on a specific button. To ease the integration with phone-as-key solutions which allows a smart phone application for unlocking the car, the use of Bluetooth Low Energy (BLE) is becoming more frequent in key fobs.
Also information revealed that the same researchers previously hacked the Tesla Model S keyless entry system. The Tesla Model X key fob provides facilities like unlocking the car or by simply clicking on a specific button the integration with phone-as-key solutions which allows a smart phone application for unlocking the car.
The Tesla Model X key fob is unique and uses BLE for communicating with the vehicle.
Lennert Wouters, who is a PhD student at the COSIC Research Group stated that by using a transformed Electronic Control Unit (ECU) obtained from a salvage Tesla Model X, they were able to wirelessly , that is up to 5m distance force key fobs to showcase themselves as connectable BLE devices.
Wouters then in one of his talks also said that as this update mechanism was not 100% secured, they were able to wirelessly negotiate a key fob and take full dominance over it. Following this, they could obtain valid unlock messages to unlock the car later on.
The issue couldn’t be understood that easily. So the Belgian researchers first informed Tesla of the confirmed issues on August 17 2020. The solution for this problem was not that much easy to find. But after extensive efforts, Tesla confirmed the damages, approved their findings with a software error which was found in plenty and started working on the security updates.
Sources also confirmed that the researcher could steal a Tesla Model X vehicle by first approaching a victim key fob within about 5 metres for waking up the key fob.
Below is a link of the video of the entire attack steps and the attack rig :
Tesla confirmed the defects, awarded their findings with a bug bounty and started working on the security updates.
Wouters also explained further that with the capability for unlocking the car, they could then connect to the diagnostic interface normally used by service technicians. Because of a security risk in the implementation of the pairing protocol they could pair a transformed key fob to the car, assuring the customers with permanent solution.
Later, they can send their own software to the key fob for gaining full dominance over it. This process takes near about 1.5 minutes and can be performed more than 30 metres range. After compromising the key fob, they can obtain accurate commands which will help in unlocking the aimed vehicle.
Was this article useful? If Yes, then follow and connect with us on Twitter, Facebook and Linkedin to keep yourself updated with the latest Cyber Security news