Browse over 9,000 car reviews

Tesla Model X hack exposed! Thieves could make away with your electric SUV in minutes

Tesla Tesla News Tesla Model X Tesla Model X News Tesla Model X 2020 SUV Best SUV Cars Tesla SUV Range Prestige & Luxury Cars Industry news Car News
The Tesla Model X exploit needs just the VIN and a Bluetooth connection to work.
The Tesla Model X exploit needs just the VIN and a Bluetooth connection to work.

A security researcher has revealed that vulnerabilities in the Tesla Model X’s keyless-entry software mean they can be stolen in just a few minutes by a hacker using a Bluetooth connection.

According to a report in Wired, Lennert Wouters, a security researcher at a Belgian university KU Leuven, has revealed a collection of security failings he found in Model X cars and their fobs.

Those vulnerabilities could be exploited by a car thief smart enough to read a car's VIN (Vehicle Identification Number), which is usually visible on a car's dashboard through the windshield.

Read More: 2021 Tesla Model X pricing and specs detailed: Long Range Plus arrives to take electric SUV further alongside updated Performance

The hacker/thief would then only need to be standing within roughly four metres of the victim's key fob to rewrite the firmware on the fob via a Bluetooth connection, extract the unlock code for the Model X and then drive off in the car. The owner, still with his key in his pocket, would be none the wiser.

While you might be picturing some high-tech bad guy with a van full of laptops, Mr Wouters said the hardware necessary to pull off the heist cost him just $US300, and fit easily inside a backpack.

Better yet, the actual hacking part could be controlled from a thief's phone, which is hardly going to look suspicious.

In as little as 90 seconds, the hardware can extract the radio code that unlocks a Model X.

Once inside the car, another Tesla software vulnerability would allow the hacker to pair their own blank key fob with the victim's vehicle after just a minute's work, and drive the car away, complete with a new key to operate it.

"Basically, a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time," said Mr Wouters, who plans to present his findings at the Real World Crypto conference in January. "When you combine them, you get a much more powerful attack.”

Read More: Tesla sales in Australia: How many Model 3, Model S and Model X electric cars has the EV brand sold in 2020?

Mr Wouters was kind enough to warn Tesla about the hack back in August, and he’s been told that the company plans to start rolling out one its famous over-the-air software updates to its key fobs as soon as this week, which should prevent at least one step in the two-part hack attack.

Tesla told Mr Wouters the patch may take close to a month to roll out, so Model X owners should install any updates over the coming weeks to prevent the hack.

The researcher has not published any of the code or revealed the details that would enable car thieves to carry out the hacks.

Stephen Corby
Contributing Journalist
Stephen Corby stumbled into writing about cars after being knocked off the motorcycle he’d been writing about by a mob of angry and malicious kangaroos. Or that’s what he says, anyway. Back in the early 1990s, Stephen was working at The Canberra Times, writing about everything from politics to exciting Canberra night life, but for fun he wrote about motorcycles. After crashing a bike he’d borrowed, he made up a colourful series of excuses, which got the attention of the motoring editor, who went on to encourage him to write about cars instead. The rest, as they say, is his story. Reviewing and occasionally poo-pooing cars has taken him around the world and into such unexpected jobs as editing TopGear Australia magazine and then the very venerable Wheels magazine, albeit briefly. When that mag moved to Melbourne and Stephen refused to leave Sydney he became a freelancer, and has stayed that way ever since, which allows him to contribute, happily, to CarsGuide.
About Author
Trending News