After breaking through the keyless entry system of Model S, researchers from an Iec research group at the University of Ruben in Belgium-Computer Security and Industrial Cryptography (COIC) “found in the keyless entry system of Tesla Model X A major security breach”. (Tesla has released an OTA software update to mitigate the vulnerability.)
Previously, the PhD student Lennert Wouters in the research team had demonstrated two attacks on Tesla Model S keyless entry technology, successfully unlocking and starting the vehicle. Tesla sells some of the most advanced electric vehicles, with prices ranging from the most basic model (Model 3) for $40,000 to the Tesla Model X top-of-the-line model for up to $100,000.
The key of the Tesla Model X car uses Bluetooth Low Energy (BLE) technology to interface with the smartphone application program to allow keyless entry. This is precisely where the loophole lies. In fact, the researchers pointed out that in order to achieve communication with smart phones, the use of BLE in key devices is becoming more and more “common”.
The research team detailed how they used a self-made device to launch a two-stage proof-of-concept attack. The device was composed of cheap components: a Raspberry Pi computer worth $35, and a second-hand car Electronic control unit purchased on eBay for $100 ( ECU), a LiPo battery worth $30.
In the first step of the attack, the researchers used the ECU to force the key to enter the Bluetooth pairing mode, which can be implemented within a distance of 5 meters.
“By reverse engineering the Tesla Model X key, we found that the BLE interface allows remote updating of the software running on the BLE chip.” The researcher pointed out: “Because this update mechanism is not properly protected, we can hack the key wirelessly. And completely control it.”
Then, at a distance of more than 30 meters, the researchers successfully cracked and accessed the key in only about one and a half minutes. Once the key is cracked, the researcher can issue a valid unlock command to the target vehicle and then enter the diagnostic connector in the vehicle.
“By connecting to the diagnostic connector, we can pair the modified key fob with the car.” Professor Benedikt Gilrichs, who led the research team, said: “The newly paired key fob allows us to start the car and drive the car. Go. By exploiting these two weaknesses in the Tesla Model X keyless entry system, we were able to steal the car in a matter of minutes.”
In the past few years, the security breaches of Tesla Motors have been one of the best ways for the industry’s top security teams to prove themselves. In 2016, Chinese security teams invaded several models of the Tesla S series, showing how they remotely brake the car and freeze the control panel, open the trunk while driving, and remotely open and close the windshield wiper. .
Tesla is not the only car that is easily stolen. In 2016, researchers claimed that vulnerabilities in Volkswagen’s keyless entry system made millions of Volkswagen, Ford and Chevrolet vehicles vulnerable to theft.
The Links: LQ075V3DG01 SKKD105F12