A group of 'hackers' have shown it's possible to break into a Tesla Model X car in a matter of minutes.
Thankfully the hackers were researchers, who showed it was possible to breach a Tesla's key fob which, like many other makes of car, uses Bluetooth Low Energy (BLE) to lock and unlock the vehicle.
"Using a modified Electronic Control Unit (ECU), obtained from a salvage Tesla Model X, we were able to wirelessly force key fobs to advertise themselves as connectable BLE devices," said Lennert Wouters, one of the researchers from the Computer Security and Industrial Cryptography (COSIC) research group at the University of Leuven in Belgium.
The researchers first had to 'wake up' a victim's fob, which needed to be done within five metres. Once accessed, the researchers loaded their software and gained full control over the fob. This took them less than two minutes and could be done anywhere up to 30 metres away.
"With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians. Because of a vulnerability in the implementation of the pairing protocol we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car," said Wouters.
All of this was done for under $200, too. The researchers used a self-made device built from a Raspberry Pi computer ($35) with a CAN shield ($30), a modified key fob and ECU from a salvage vehicle ($100 on eBay) and a LiPo battery ($30).
The researchers informed Tesla of issues in mid-August this year and were awarded a bug bounty. Tesla has released an over-the-air software update to fix the issues.
COSIC video showing how they hacked a Tesla Model X.
