Researchers Hacked And Stole A Tesla Model X In Just Minutes

Like the company’s other models, the Tesla Model X is packed with advanced technology. But critical flaws in that technology allowed a team of security researchers to hack in and steal a Model X in about two minutes.

A team of researchers from KU Leuven University’s Computer Security and Industrial Cryptography (COSIC) group posted a demonstration video of the attack to YouTube.

It’s like something straight out of a Hollywood techno-heist.

The attack exploits a weakness in the way Bluetooth communication between the vehicle and fob is handled. Remarkably, the equipment required to pull off the attack costs a measly $200. The core components are a Raspberry Pi, a replacement Tesla ECU (engine control unit) and a key fob.

Armed with the COSIC team’s code the owner’s fob is compromised in seconds. Moments later, the hacker’s fob has the data it needs to unlock the vehicle, start it up and drive away.

It all looks frighteningly simple, especially considering the target is a six-figure SUV. Model X owner’s needn’t worry about this particular exploit, however.

The KU Leuven team disclosed its findings to Tesla and a fix was pushed to vulnerable vehicles via an over-the-air update this summer. Still, it’s a startling reminder of the capabilities today’s skilled hacking teams possess.

This isn’t the first time a Tesla has been hacked. Indeed, researchers from KU Leuven have done it on two other occasions by attacking the fob.

Tesla’s vehicles are a very popular target for researchers and that’s no accident. The company itself offers substantial bounties for vulnerability discoveries like these. A potential payout of $500,000 or even $900,000 is a powerful motivator.

CEO Elon Musk committed this summer to making Teslas more resilient to app-based hacking by introducing two-factor authentication support. Musk admitted that the company was “embarrassingly late” in adding 2FA.

Source Article