• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

by technewshero
December 13, 2020
in Security
0
This Bluetooth Attack Can Steal a Tesla Model X in Minutes
Share on FacebookShare on Twitter

Wouters notes that the two most serious vulnerabilities he found—the lack of validation for both key fob firmware updates and pairing new key fobs with a car—point to an apparent disconnect between the security design of the Model X’s keyless entry system and how it was implemented. “The system has everything it needs to be secure,” Wouters says. “And then there are a few small mistakes that allow me to circumvent all of the security measures.”

To demonstrate his technique, Wouters assembled a breadbox-sized device that includes a Raspberry Pi minicomputer, a secondhand Model X BCM, a key fob, a power converter, and a battery. The whole kit, which can send and receive all the necessary radio commands from inside a backpack, cost him less than $300. And Wouters designed it so that he could stealthily control it, inputting the car’s VIN number, retrieving an unlock code, and pairing a new key all from a simple command prompt on his smartphone, as shown in the video above.

Wouters says there’s no evidence his technique has been used for real-world grand theft auto. But thieves have actively targeted Tesla’s keyless entry systems to steal vehicles in recent years, using relay attacks that amplify the signal from a key fob to unlock and start a car, even when the key fob is inside the victim’s home and the car is parked in their driveway.

Wouters’ method, while far more complex, could easily have been put into practice if he hadn’t warned Tesla, says Flavio Garcia, a researcher at the University of Birmingham who has focused on the security of cars’ keyless entry systems. “I think it’s a realistic scenario,” says Garcia. “This weaves together a number of vulnerabilities to build an end-to-end, practical attack on a vehicle.”

The Model X hacking technique isn’t Wouters’ first time exposing vulnerabilities in Tesla’s keyless entry systems: He’s twice before found cryptographic vulnerabilities in Tesla Model S keyless entry systems that would have similarly allowed radio-based car theft. Even so, he argues that there’s nothing particularly unique about Tesla’s approach to keyless entry security. Comparable systems are likely just as vulnerable. “They’re cool cars, so they’re interesting to work on,” Wouters says. “But I think if I spent as much time looking at other brands, I would probably find similar issues.”

More unique for Tesla, Wouters points out, is that unlike many other automakers it has the ability to push out OTA software patches rather than requiring that drivers bring their key fobs to a dealer to be updated or replaced. And that’s the upside of treating cars like personal computers: Even when that update mechanism turned out to be a hackable vulnerability, it also offers Tesla owners a lifeline to fix the problem.


More Great WIRED Stories

  • 📩 Want the latest on tech, science, and more? Sign up for our newsletters!
  • The strange and twisted tale of hydroxychloroquine
  • How to escape a sinking ship (like, say, the Titanic)
  • The future of McDonald’s is in the drive-thru lane
  • Why it matters which charger you use for your phone
  • The latest Covid vaccine results, deciphered
  • 🎮 WIRED Games: Get the latest tips, reviews, and more
  • 💻 Upgrade your work game with our Gear team’s favorite laptops, keyboards, typing alternatives, and noise-canceling headphones
Previous Post

ShopDisney, Disney’s Online Store, Now Live in India

Next Post

Twitter Fleets Accessible Even After 24-Hour Expiration Period, Company Working on Fix: Report

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post
Twitter Fleets Accessible Even After 24-Hour Expiration Period, Company Working on Fix: Report

Twitter Fleets Accessible Even After 24-Hour Expiration Period, Company Working on Fix: Report

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Security lapse at India’s Jio exposed coronavirus symptom checker results – TechNewHero

Security lapse at India’s Jio exposed coronavirus symptom checker results – TechNewHero

December 16, 2020
For Cloud Giants, Usage Soars but Tech Investment Delays Hobble Revenue Growth

For Cloud Giants, Usage Soars but Tech Investment Delays Hobble Revenue Growth

December 16, 2020

WhatsApp for iPhone’s Recent Update Drastically Impacting Battery Life, User Reports

November 8, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?