Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.
Researchers have demonstrated for the third time how hacking into the key fob of a Tesla can allow someone to access and steal the car in minutes. The new attack again shows a security vulnerability in the keyless entry system of one of the most expensive electric vehicles (EVs) on the market.
Researchers from the Computer Security and Industrial Cryptography (COIC), an Imec research group at the University of Leuven in Belgium, have “discovered major security flaws” in the key fob of the Tesla Model X, the small device that allows someone to automatically unlock the car by approaching the vehicle or pressing a button.
The research team includes PhD student Lennert Wouters, who already has demonstrated two attacks on the keyless entry technology of the Tesla Model S that succeeded in unlocking and starting vehicles. Tesla sells some of the most state-of-the-art EVs available, ranging in cost from about $40,000 for the most basic models to more than $100,000 for a top-of-the-line Tesla Model X.
In the attack’s first step, researchers used the ECU to force the key fobs to make themselves available as Bluetooth devices wirelessly, an action that can be achieved at up to five meters distance, Wouters said.
“By reverse engineering the Tesla Model X key fob we discovered that the BLE interface allows for remote updates of the software running on the BLE chip,” he said in the release. “As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it.”
It then took researchers about a minute and a half at a range of more than 30 meters to gain access to the key fob. Once it was compromised, researchers obtained valid commands to unlock the target vehicle and then gain access to the diagnostic connector inside the car, they said.
“By connecting to the diagnostic connector, we can pair a modified key fob to the car,” said Professor Benedikt Gierlichs, who led the research team. “The newly paired key fob allows us to then start the car and drive off. By exploiting these two weaknesses in the Tesla Model X keyless entry system we are thus able to steal the car in a few minutes.”
The hack is not the first time this team of researchers demonstrated how Tesla key fobs can be hacked to access and steal a car. They previously hacked into the key fob of a Passive Keyless Entry and Start (PKES) system of a Tesla Model S, and then devised another attack that was successful on the same model after Tesla updated the key fob to fix the flaw that allowed earlier access.
Tesla cars also have shown other security issues in the past. In 2016, Chinese researchers hacked into several models of the Tesla S series, demonstrating how they could remotely brake the cars as well as freeze control panels, open the trunk while driving, and remotely turn on and off the windshield wipers.
Teslas aren’t the only cars with key fobs vulnerable to takeover that would allow someone to steal vehicles. In 2016, researchers claimed that Volkswagen’s keyless entry system left millions of Volkswagen, Ford and Chevrolet vehicles vulnerable to attack and theft.