It cannot be denied that vehicles Tesla They are the most connected cars on the road today. The electric car maker defended software updates (which had never been seen before) in cars “swashbuckling”. Essential new features, updates and security enhancements can be implemented without the owner needing to find a service center. However, not everything is going well in Tesla’s ultra-connected world.
The Tesla Model X has a vulnerability problem
Wouters, he notes, has discovered two serious vulnerabilities, the lack of validation for firmware updates on the key fob, and the linking of the new key fob to a car, point to an apparent disconnect between the security design of the Tesla Model X’s keyless entry system and how it was implemented.
“The system has everything it needs to be secure,” says Wouters. “But there are some small errors that allow me to get around all the security measures.”
Raspberry Pi, a keychain, a power converter and a battery could hack a Model X
To demonstrate their technique, they assembled a device the size of a box that included a Second-hand Raspberry Pi, specifically the BCM X model, a keychain, a power converter and a battery. The entire team can send and receive all necessary radio commands from inside a backpack, costing you less than $ 300. And they designed it so that you could sneakily control it by entering the car’s VIN number, retrieving an unlock code and pairing a new key from a simple command prompt on your smartphone, as shown in the video above.
Thieves have already been using these methods
As they comment, there is no evidence that his technique was used to steal cars in the real world. But Thieves have been actively targeting Tesla’s keyless entry systems to steal vehicles in recent years, using relay attacks that amplify a key fob signal to unlock and start a car. Even if the keychain is inside the victim’s home and the car is parked in the garage.
The method, while much more complex, could have easily been put into practice if it hadn’t warned Tesla, says Flavio Garcia, a researcher at the University of Birmingham who focused on the security of the keyless entry systems in Tesla cars. “I think it’s a realistic and dangerous scenario”, Says García. “This combines a number of vulnerabilities that can build a practical end-to-end attack in a vehicle relatively simple”.
The Tesla Advantage: Fix Vulnerabilities Through Updates
The most unique thing about Tesla, they point out, is that, unlike many other automakers, it has the ability to submit OTA software security patches rather than requiring drivers to bring their key fobs to a dealer to physically update them. And this advantage of treating cars like personal computers offers Tesla owners a lifesaver for quick and easy troubleshooting.