Researchers Use Raspberry Pi To Hack Tesla Model X In Minutes
Teslas have some of the most advanced software you can find in a car. But the problem with software is that it can be hacked, and a team of researchers has proven that Tesla’s in-car computer systems are no different.
Flaws in the Tesla Model X allowed a team of security researchers from KU Leuven University in Belgium to hack and steal one of the vehicles in less than two minutes.
The team, led by Lennert Wouters from the University’s Computer Security and Industrial Cryptography group, developed a code that is able to compromise the owner’s key fob and transfer the necessary data to the hacker’s fob, allowing them to unlock the car, start it up, and make their getaway in the blink of an eye.
Wouters used a Raspberry Pi to exploit a weakness in the way the Model X communicates over Bluetooth with its key fob. A video posted to YouTube shows just how simple the attack is; all that was needed was a Raspberry Pi, a replacement Tesla engine control unit, and a key fob – items that are all available to buy and cost a grand total of $195. According to Computer Weekly, a thief would need to be within just five metres of the original key fob to initiate the hack.
Luckily for Tesla, the flaw in its system was discovered by friendly researchers before any actual would-be car thieves found out about it. The COSIC team informed Tesla of the vulnerability, and the company has since patched the issue through a software update.
Elon Musk has previously acknowledged that Tesla needs to improve its software security, especially when it comes to app-based attacks. In response to a question over the lack of two-factor authentication (2FA) for Teslas over the summer, Musk wrote on Twitter, ‘Sorry, this is embarrassingly late.’ The standard 2FA security measure was eventually rolled out to owners last month.
Incredibly, Forbes reports that this is the third time Wouters has managed to hack a Tesla by exploiting its key fob technology. And with Tesla offering substantial financial rewards for people who discover security flaws in its system, this kind of thing can clearly be a pretty lucrative side-hustle for cybersecurity researchers.
If you have a story you want to tell, send it to UNILAD via [email protected]
Most Read StoriesMost Read