ComputerWeekly has reported that a Belgian PhD student has managed to bypass the security of a Tesla Model X using the Swiss Army Knife of hacker tools, a Raspberry Pi along with a modified key fob and a salvaged engine control unit (ECU). This vulnerability has forced Tesla to issue an over the air patch for its Model X vehicles.
Lennert Wouters, a PhD student at the University of Leuven's Computer Security and Industrial Cryptography (Cosic) research group created the device which can wirelessly connect to the car from up to 5 meters away. This is the third time that Wouters has managed to exploit the key fob and gain access to the car. Previously he was able to clone the fob.
“Using a modified ECU, obtained from a salvage Tesla Model X, we were able to wirelessly – up to 5m distance – force key fobs to advertise themselves as connectable BLE devices,” said Wouters.
Wouters continues to explain that by reverse engineering the Tesla Model X key fob, they discovered that the chip providing Bluetooth Low Energy (BLE) interface could be updated, and consequently was not properly secured enabling the team to compromise and attack the fob and obtain valid commands to lock / unlock the car at will.
The entire kit cost of $195 and could easily be hidden in a briefcase or bag, enabling the thief to walk casually by their target and take control of their key fob. It would then be a matter of time for the thief to use the onboard diagnostic connector, pair their modified key fob and then have total control of the vehicle.
The Raspberry Pi is used to tie the project together. Its low cost, ease of use and computing power proved that there is more to this tiny board than just learning to code and flashing LEDs.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".
"proved that there is more to this tiny board than just learning to code and flashing LEDs" - mm it's 2020: pretty sure that was proven 8 years agoReply