Serious vulnerabilities found in the Tesla Model X allow cybercriminals to steal the vehicle in minutes. The flaws were found by researchers from COSIC, a research group linked to Imec and the Catholic University of Leuven, Belgium.
The Tesla Model X is an electric vehicle launched in 2015 that costs more than $ 100,000. To open the doors, just approach the car, or press a button on the remote. The attack exploits two vulnerabilities in the system that communicates the keyring – which uses Bluetooth technology of low consumption (BLE) – with the car.
In this video, researcher Lennert Wouters simulates the attack and gains access to the vehicle within minutes. The researchers contacted Tesla about the vulnerabilities found in August this year. The company reported that released a security update, What a her incorporation with all the Model Xs sold is uncertain and it can take up to a month.
“Using a modified Electronic Control Unit (ECU), obtained from a rescue Tesla Model X, we were able to remotely force (up to 5m away) the keyring to communicate as connectable low-consumption Bluetooth (BLE) devices… The interface of this device BLE allows remote software updates … ”, says Lennert Wouters.
“As this update mechanism was not adequately protected, we were able to compromise a wireless locksmith and take complete control over it… We can pair a modified keyring with the car, providing us with permanent access and the possibility to start the car”, Explains the researcher.
Step by step
“We can steal a Tesla Model X vehicle first by approaching a victim’s keychain within about 5 meters to wake the keychain. Then, we can send our own software to the locksmith to get full control over it. This process takes 1.5 minutes, but it can be easily performed at an interval more than 30 meters”.
“After compromising the locksmith, we can obtain valid commands that will allow us to unlock the target vehicle. After approaching the vehicle and unlocking it, we can access the diagnostic connector inside the vehicle ”.
“When connecting to the diagnostic connector, we can pair a modified keychain with the car. The new paired keyring allows us to start the car and start. By exploiting these two vulnerabilities in the Tesla Model X keyless entry system, we can steal the car within minutes, ”explains Benedikt Gierlichs, also a COSIC researcher.
Source: COSIC.
See the original post at: https://thehack.com.br/ataque-bluetooth-permite-roubar-um-tesla-model-x-em-minutos/?rand=48873