In a few minutes it would be possible to hack a Tesla key.
This is what has been discovered by computer security specialists laying bare, a vulnerability not to be overlooked. Elon Musk's company said it had fixed the security flaw.
Like most objects connected to the internet, it is their sensitivity to being subject to cyberattack. It only takes a little to storm the computer system of these connected cars. With a little creativity and mastery, a hacker can then succeed in stealing a Tesla in a few minutes.
This article will also interest you: Tesla, already targeted by a ransomware attack
This is demonstrated here by the Tesla model x. The feat is the work of a Belgian computer security security specialist named Lennert Wouters. A PhD student in the Computer Security and Industrial Cryptography (COSIC) group at the University of Leuven in Belgium. He was able to prove in a practical way that it is possible to access a car and even steal it in just a few minutes. Warned in time for the vulnerability, the company of the offending model then produced a security fix and distributed it immediately. A problem solved but it will require the discipline of the holders of this model with regard to updates.
But it should be noted that not all car hacks have the same impacts. The Belgian researcher has succeeded in demonstrating that it is possible to hijack and steal a Model X person, this does not mean that the same is true for all types of cars of the same model. However, it should be noted that the expert is not on his first attempt. Already in 2018 and 2019 he was achieving other feats involving electric cars successfully. That gave credibility to his new discovery.
The feat is precisely to compromise the safety key of the Tesla. The process involves taking advantage of a firmware programming error of Tesla's Model X keys. But before that you have to get an electrical control unit of an old Model X, something that is easy to get on online shopping sites such as eBay. In the disposal of this material, the hacker can then deceive the key by making him believe that the electrical control unit and well it is indeed that of the Tesla with which it communicates. To achieve this masterstroke, the cyber attacker must be close to the car at a distance of at least 5 meters so that the control unit can detect the key. Then it sends a firmware update to the key.
All of these processes take only 90 seconds. That's less than two minutes. Once this step is completed, the hacker can then collect the key unlock codes. Once the unlock codes are collected, he can unlock the vehicle and enter it as if it were his own. Thanks to the control unit, it connects to the diagnostic connector, which mechanics usually use to repair the vehicle. Once connected, it then rains to replace its key with that of vehicle to start it. In only 5 minutes maximum with a good preparation upstream.
The equipment required to achieve this feat costs only 200 euros. According to the researcher the only drawback in this process is the size of the equipment to be used, although it will be relatively easy to hide it in a backpack. The experiment was carried out in a video to show the process.
Since August the smart car construction company has been aware of this security flaw. As a result, it had time to produce a security fix and distribute it to its customers. The security fix fixes the flaw is the number "2020.48" and it arrives via OTA.
It must be said that Tesla, like other technology companies, rewards computer security researchers, who find security flaws in the models provided by the company, thus allowing them to be corrected before they can be exploited by hackers.
Now access an unlimited number of passwords: