Researchers in a group at the University of Leuven in Belgium have discovered significant security flaws in the system for keyless entry to the Tesla Model X. So begins a press release this Monday after the same group had previously cracked access to the Model S. “The battery-powered Tesla Model X for more than $ 100,000 can be stolen within minutes,” notes the university with relish. This will probably only be true for a short time, because Tesla has prepared an update to close the gap.
Own fob for someone else’s Tesla Model X
The radio key, known as Fob at Tesla, uses the Bluetooth Low Energy standard to communicate with the vehicle, reports the group. And it can be played with new software with an Electronic Control Unit (ECU) from an older Tesla (available on eBay) if the manipulated ECU is within 5 meters of it for a moment and then no further for 1.5 minutes than 30 meters away. The fob then revealed codes to the university hackers with which the Model X belonging to it could be opened.
Of course, they also wanted to drive it and made use of a second Tesla gap. They could connect a small computer to the diagnostic interface for service technicians in the Model X and use it to teach a hacked fob for the electric car. The result: “permanent access and the ability to drive away in the car”. All of this took less than five minutes, as demonstrated in a video.
According to the group, the technical equipment for the key hack cost about $ 200 together. But it is almost too late for criminals to buy them in and look for a specialist article by the researchers. Because, as they also announced, the manufacturer was informed about the weaknesses in the Fob system for the Model X in mid-August. Tesla has a rewards program for reporting such gaps. The amount of the reward is not mentioned in its own report; the media reported $ 5,500.
New software not yet registered
Tesla started working on an update when the information was received, the hacker researchers continue to inform. The gaps (also in the Fob) would be closed with the software version 2020.48 for the Model X, which is currently being distributed by radio. By late Monday evening, however, no Tesla with this version was registered with the Teslascope service. Until it arrives, owners should therefore protect the expensive double-door SUV with additional PIN entry for activation.