ComputerWeekly has reported that a Belgian PhD student has managed to bypass the security of a Tesla Model X using the Swiss Army Knife of hacker tools, a Raspberry Pi along with a modified key fob and a salvaged engine control unit (ECU). This vulnerability has forced Tesla to issue an over the air patch for its Model X vehicles.
Lennert Wouters, a PhD student at the University of Leuven's Computer Security and Industrial Cryptography (Cosic) research group created the device which can wirelessly connect to the car from up to 5 meters away. This is the third time that Wouters has managed to exploit the key fob and gain access to the car. Previously he was able to clone the fob.
“Using a modified ECU, obtained from a salvage Tesla Model X, we were able to wirelessly – up to 5m distance – force key fobs to advertise themselves as connectable BLE devices,” said Wouters.
Wouters continues to explain that by reverse engineering the Tesla Model X key fob, they discovered that the chip providing Bluetooth Low Energy (BLE) interface could be updated, and consequently was not properly secured enabling the team to compromise and attack the fob and obtain valid commands to lock / unlock the car at will.
The entire kit cost of $195 and could easily be hidden in a briefcase or bag, enabling the thief to walk casually by their target and take control of their key fob. It would then be a matter of time for the thief to use the onboard diagnostic connector, pair their modified key fob and then have total control of the vehicle.
The Raspberry Pi is used to tie the project together. Its low cost, ease of use and computing power proved that there is more to this tiny board than just learning to code and flashing LEDs.