Tesla Model X hack exposed! Thieves could make away with your electric SUV in minutes

A security researcher has revealed that vulnerabilities in the Tesla Model X’s keyless-entry software mean they can be stolen in just a few minutes by a hacker using a Bluetooth connection.

According to a report in Wired, Lennert Wouters, a security researcher at a Belgian university KU Leuven, has revealed a collection of security failings he found in Model X cars and their fobs.

Those vulnerabilities could be exploited by a car thief smart enough to read a car's VIN (Vehicle Identification Number), which is usually visible on a car's dashboard through the windshield.

Read More About Tesla Model X

2021 Tesla Model X pricing and specs detailed: Long Range Plus arrives to take electric SUV further alongside updated Performance

The hacker/thief would then only need to be standing within roughly four metres of the victim's key fob to rewrite the firmware on the fob via a Bluetooth connection, extract the unlock code for the Model X and then drive off in the car. The owner, still with his key in his pocket, would be none the wiser.

While you might be picturing some high-tech bad guy with a van full of laptops, Mr Wouters said the hardware necessary to pull off the heist cost him just $US300, and fit easily inside a backpack.

Better yet, the actual hacking part could be controlled from a thief's phone, which is hardly going to look suspicious.

In as little as 90 seconds, the hardware can extract the radio code that unlocks a Model X.

Once inside the car, another Tesla software vulnerability would allow the hacker to pair their own blank key fob with the victim's vehicle after just a minute's work, and drive the car away, complete with a new key to operate it.

"Basically, a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time," said Mr Wouters, who plans to present his findings at the Real World Crypto conference in January. "When you combine them, you get a much more powerful attack.”

Read More About Tesla Model X

Tesla sales in Australia: How many Model 3, Model S and Model X electric cars has the EV brand sold in 2020?

Mr Wouters was kind enough to warn Tesla about the hack back in August, and he’s been told that the company plans to start rolling out one its famous over-the-air software updates to its key fobs as soon as this week, which should prevent at least one step in the two-part hack attack.

Tesla told Mr Wouters the patch may take close to a month to roll out, so Model X owners should install any updates over the coming weeks to prevent the hack.

The researcher has not published any of the code or revealed the details that would enable car thieves to carry out the hacks.