Thursday, January 21, 19:54
Home security Investigator breaks down a Tesla Model X in just minutes

Investigator breaks down a Tesla Model X in just minutes

A Belgian security researcher has discovered a method that hijacks the firmware of the key fobs of the Tesla Model X, allowing it to steal any car that does not "work" with the latest software update.

The attack, which takes place in just a few minutes and requires cheap equipment, was carried out by Lennert Wouters, a PhD student in the Computer Security and Industrial Cryptography (COSIC) team at the Catholic University of Leuven (KU Leuven) in Belgium.

This is the third Tesla hack performed by Wouters, with researcher to have carried out two more attacks on Tesla vehicles in 2018 and 2019, respectively.

Tesla Model X

The attack exploits an error in the basic fob info system

According to a post published today, Wouters said that this third attack is due to a defect in the firmware update process of Tesla Model X key fobs.

The defect can be exploited using a electronic control unit (ECU) from an older Model X vehicle, which can easily be purchased at Internet on sites like eBay or in stores or forums that sell used Tesla car parts.

Wouters said attackers could modify the older ECU to defraud a key fob victim to believe that the ECU belongs to his vehicle and then push a malicious firmware update to the key fob via the BLE (Bluetooth Low Energy) protocol.

The steps of the attack are described below:

  • The assailant approaches the owner of the Tesla Model X vehicle. The assailant must approach the victim within 5 meters to allow the older modified ECU to "wake up" and trap the victim's key.
  • The attacker then pushes the malware update to the victim's key fob. This part takes about 1,5 minutes to run, but the range is up to 30 meters, allowing the intruder to get away from the Tesla owner.
  • Once a key fob is broken, the attacker extracts various "car unlock messages" from the key fob.
  • The attacker uses these unlock messages to enter the victim's car.
  • The attacker connects the older ECU to the "diagnostics connector" of the hacked Tesla - commonly used by technicians Tesla for car maintenance.
  • The intruder uses this connector to connect his own key fob to the car, which he later uses to start the vehicle. Execution of this part takes only a short time.

The only downside to this attack is the volume of components needed for the attack, which is easy to identified, unless they are hidden in a backpack, bag or other car.

Wouters said he discovered the bug over the summer and reported it to Tesla Security in mid-August.

The researcher published the foundings of today after Tesla this week released a software update on all Model X cars software update where this error has been corrected is 2020.48, according to Wouters.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...