A security researcher has revealed that vulnerabilities in the Tesla Model X’s keyless-entry software mean they can be stolen in just a few minutes by a hacker using a Bluetooth connection.
According to a report in Wired, Lennert Wouters, a security researcher at a Belgian university KU Leuven, has revealed a collection of security failings he found in Model X cars and their fobs.
Those vulnerabilities could be exploited by a car thief smart enough to read a car's VIN (Vehicle Identification Number), which is usually visible on a car's dashboard through the windshield.
The hacker/thief would then only need to be standing within roughly four metres of the victim's key fob to rewrite the firmware on the fob via a Bluetooth connection, extract the unlock code for the Model X and then drive off in the car. The owner, still with his key in his pocket, would be none the wiser.
While you might be picturing some high-tech bad guy with a van full of laptops, Mr Wouters said the hardware necessary to pull off the heist cost him just $US300, and fit easily inside a backpack.
Better yet, the actual hacking part could be controlled from a thief's phone, which is hardly going to look suspicious.
In as little as 90 seconds, the hardware can extract the radio code that unlocks a Model X.
Once inside the car, another Tesla software vulnerability would allow the hacker to pair their own blank key fob with the victim's vehicle after just a minute's work, and drive the car away, complete with a new key to operate it.
"Basically, a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time," said Mr Wouters, who plans to present his findings at the Real World Crypto conference in January. "When you combine them, you get a much more powerful attack.”
Mr Wouters was kind enough to warn Tesla about the hack back in August, and he’s been told that the company plans to start rolling out one its famous over-the-air software updates to its key fobs as soon as this week, which should prevent at least one step in the two-part hack attack.
Tesla told Mr Wouters the patch may take close to a month to roll out, so Model X owners should install any updates over the coming weeks to prevent the hack.
The researcher has not published any of the code or revealed the details that would enable car thieves to carry out the hacks.