A Belgian security researcher has discovered a method to overwrite and hijack the firmware of Tesla Model X key fobs,
Tesla's advanced on-board computer provides electric vehicles with many useful functions, but at the same time it becomes the object of hackers' attention. Two years ago, researchers in Belgium already discovered a way to hack into a Model S car using a $ 600 piece of equipment. Then the company fixed the vulnerability, but recently one of the specialists tried a new and much less costly method of "hijacking" on the Tesla Model X - and again succeeded.
According to Lennert Wouters, a graduate student of the computer security and industrial cryptography group at the University of Leuven in Belgium, the "weak link" in the electric car's protection system was the process of updating the firmware of the Tesla Model X key fob. As it turned out, to gain control over a smart car, you can use the electronic control unit taken from any old Model X - for example, on analysis after an accident.
“Since the update mechanism is not properly secured, we were able to wirelessly hack the key fob and take full control of it. Subsequently, we could receive unlock messages so that we could open the car later, ” Wouters said.
The researcher's "hacker setup" was relatively inexpensive. It includes a Raspberry Pi microcomputer ($ 35), a CAN-BUS Shield expansion board ($ 30), a modified key fob, an old car control unit ($ 100), and a battery ($ 30). The only drawback of the device is its decent dimensions, although it will fit into a backpack or a large bag.
The process itself takes place in two stages: reading the unlock signal from a distance of up to 5 meters and remote flashing of the victim's key fob (about one and a half minutes from a distance of up to 30 meters). After that, the hacker can unlock the doors of the electric car and in a few minutes bind the on-board system to his own key via the service connector for maintenance.
Wouters noted that after he contacted Tesla representatives, the automaker released a 2020.48 firmware update that fixes the vulnerability. However, cars with earlier versions of the software still contain the indicated "hole" - their owners are advised to install the appropriate update.