Tesla Patching Model X Exploit That Allows Anyone To Clone A Key And Steal A Vehicle Using $300 In Hardware
Tyler Durden
Tue, 11/24/2020 – 14:20
It was revealed yesterday that, in addition to dealing with a major Chinese recall over Model X suspensions and finding out that 159,000 Tesla vehicles can likely expect their infotainment systems to die at some point soon, the Model X also has a “hack” that allows you to clone its key for “about $300 in equipment”.
A researcher was able to find a “pair of unintended flaws” in Tesla’s Model X that would allow a person to steal the vehicle “in minutes”, Car and Driver documented yesterday. Luckily for Tesla, the flaws were found by a computer security expert, and not someone interested in stealing vehicles.
The researcher, Lennert Wouters from KU Leuven university in Belgium, found a way to not only gain access to the vehicle, but also to drive it away. He said he told Tesla about the exploit in August and that he was told, in turn, that a patch to fix it could take a month.
You can steal a Model X using a $300 hardware kit that can fit into a backpack, he said. He said the hardware necessary includes a Raspberry Pi low-cost computer and a Model X body control module, which you can get off eBay. The BCM “enables” the exploits, Wouters explained.
From there, he can “hijack the Bluetooth radio connection that the key fob uses to open the vehicle using the VIN and coming within 15 feet of the target vehicle’s fob”. He uses this to create a second key for the Model X by using the VIN number and standing near the vehicle for about 90 seconds while his setup clones the key. Once in the vehicle, he uses his hardware to connect to the Controller Area Network to tell the car that his “new” key is valid.
Wouters told Wired in an interview: “The system has everything it needs to be secure. And then there are a few small mistakes that allow me to circumvent all of the security measures.”
At that point, the Model X starts up and is ready to drive.
While he won’t release the code or the specifics to the hack, he did release this video detailing it: