Tesla Patching Model X Exploit That Allows Anyone To Clone A Key And Steal A Vehicle Using $300 In Hardware
Tyler Durden
Tue, 11/24/2020 – 14:20
It was revealed yesterday that, in addition to dealing with a major Chinese recall over Model X suspensions and finding out that 159,000 Tesla vehicles can likely expect their infotainment systems to die at some point soon, the Model X also has a “hack” that allows you to clone its key for “about $300 in equipment”.
A researcher was able to find a “pair of unintended flaws” in Tesla’s Model X that would allow a person to steal the vehicle “in minutes”, Car and Driver documented yesterday. Luckily for Tesla, the flaws were found by a computer security expert, and not someone interested in stealing vehicles.
The researcher, Lennert Wouters from KU Leuven university in Belgium, found a way to not only gain access to the vehicle, but also to drive it away. He said he told Tesla about the exploit in August and that he was told, in turn, that a patch to fix it could take a month.
You can steal a Model X using a $300 hardware kit that can fit into a backpack, he said. He said the hardware necessary includes a Raspberry Pi low-cost computer and a Model X body control module, which you can get off eBay. The BCM “enables” the exploits, Wouters explained.
From there, he can “hijack the Bluetooth radio connection that the key fob uses to open the vehicle using the VIN and coming within 15 feet of the target vehicle’s fob”. He uses this to create a second key for the Model X by using the VIN number and standing near the vehicle for about 90 seconds while his setup clones the key. Once in the vehicle, he uses his hardware to connect to the Controller Area Network to tell the car that his “new” key is valid.
Wouters told Wired in an interview: “The system has everything it needs to be secure. And then there are a few small mistakes that allow me to circumvent all of the security measures.”
At that point, the Model X starts up and is ready to drive.
While he won’t release the code or the specifics to the hack, he did release this video detailing it:
Fed Emergency Bank Bailout Facility Usage Hits New Record High; Money Market Funds See Small…
US Homeowner Equity Drops For First Time Since 2012 The housing bull market has peaked…
JPMorgan and Citigroup Are Using the Same Accounting Maneuver as Silicon Valley Bank on Hundreds…
At Year End, 4,127 U.S. Banks Held $7.7 Trillion in Uninsured Deposits; JPMorgan Chase, BofA,…
Do you really own something if someone forces you to make never-ending (and ever-increasing) payments…
Doug Casey On Why The US Is Headed Into Its 'Fourth Turning' Authored by Doug…