Silicon Canals
TRENDING
  • Mobility
  • AI
  • FinTech
  • Software & SaaS
No Result
View All Result
  • Home
  • News
    • COVID-19
    • Startups
    • Scaleups
    • FinTech
    • AI and chatbots
    • Travel & Mobility
    • Software & SaaS
    • Health & Medtech
    • (Crowd)funding
    • Blockchain
    • Internet of things
    • Hardware
    • Accelerators
    • E-commerce
    • Cybersecurity
    • Gaming & Virtual Reality
    • Drones
  • Features
    • Promoted content
    • How-to
    • Knowledge & Insights
    • Guest Contributions
    • Scaling-up in Europe
  • Amsterdampartner
  • Events
  • Newsletter
  • Jobs
  • About
    • Partner with Silicon Canals
    • Team
    • Contact
  • Home
  • News
    • COVID-19
    • Startups
    • Scaleups
    • FinTech
    • AI and chatbots
    • Travel & Mobility
    • Software & SaaS
    • Health & Medtech
    • (Crowd)funding
    • Blockchain
    • Internet of things
    • Hardware
    • Accelerators
    • E-commerce
    • Cybersecurity
    • Gaming & Virtual Reality
    • Drones
  • Features
    • Promoted content
    • How-to
    • Knowledge & Insights
    • Guest Contributions
    • Scaling-up in Europe
  • Amsterdampartner
  • Events
  • Newsletter
  • Jobs
  • About
    • Partner with Silicon Canals
    • Team
    • Contact
No Result
View All Result
Silicon Canals
No Result
View All Result

Gone in 90 seconds: Belgian security researchers demonstrate how to break into Tesla Model X in minutes

Shubham Sharma by Shubham Sharma
November 24, 2020
in Hardware, News
0
Tesla model X
45
SHARES
LinkedInTwitterWhatsAppFacebook

Vehicles are rapidly being upgraded with new and advanced tech as we are now entering an era of driverless vehicles and flying cars. New cars are also getting upgraded features and Tesla is a company that’s well known for offering advanced tech capabilities in its fully electric cars. However, the Tesla Model X, which starts at €88,990, was hacked into by researchers over at the COSIC, an imec research group at the University of Leuven in Belgium. 

The security researchers used two weaknesses in Tesla Model X’s modern system to gain full access to the car and drive away. They used a self-made kit that costs around €168. Do note that the researchers notified Tesla of the weakness and the company is pushing a patch as part of the 2020.48 over-the-air (OTA) software update that fixes the exploits. 

 - Partner content -
Cost of software - The Software house
The cost of building software
Marek Gajda, CTO of The Software House, shares his insights on building high-quality...Show More
Marek Gajda, CTO of The Software House, shares his insights on building high-quality software. Show Less
Read more

Hacking into a tesla in less than 2 minutes

The researchers over at COSIC previously hacked into the Tesla Model S keyless entry system. This time, they discovered some new flaws in the keyless entry system of the Tesla Model X. The car allows its users to automatically unlock when they are approaching the vehicle, or by pressing a button on the wireless key fob that uses Bluetooth Low Energy (BLE) protocol. Additionally, a smartphone app by the company can also be used to unlock the car, and it also uses BLE to communicate with the car.

The BLE protocol gave researchers a way to break into Tesla Model X’s security. Using a modified Electronic Control Unit (ECU) from a salvaged Model X, they wirelessly forced key fobs to be discovered as BLE devices from a distance of up to 5 meters. Reverse

engineering the Tesla Model X key fob, they also found that the BLE interface allows installing remote software updates and this mechanism is said to have been lacking in security. 

The researchers were able to wirelessly compromise a key fob and take full control over it. And they could also obtain valid unlock messages to unlock the car later on. “With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians. Because of a vulnerability in the implementation of the pairing protocol, we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car”, says Lennert Wouters, PhD student at the COSIC research group. 

“To summarise, we can steal a Tesla Model X vehicle by first approaching a victim key fob within about 5 meters to wake up the key fob. Afterwards we can send our own software to the key fob in order to gain full control over it. This process takes 1.5 minutes but can be easily performed over a range of more than 30 meters. After compromising the key fob, we can obtain valid commands that will allow unlocking the target vehicle,” says Dr Benedikt Gierlichs, a researcher at COSIC.

“After approaching the vehicle and unlocking it we can access the diagnostic connector inside the vehicle. By connecting to the diagnostic connector, we can pair a modified key fob to the car. The newly paired key fob allows us to then start the car and drive off. By exploiting these two weaknesses in the Tesla Model X keyless entry system we are thus able to steal the car in a few minutes”, says Dr Benedikt Gierlichs, a researcher at COSIC,” he adds. 

Self-made hacking kit cost around €168

The researchers over at COSIC made their own kit to hack into the Tesla Model X. It consisted of a portable Raspberry Pi computer that was equipped with a CAN shield. They also obtained a modified key fob and ECU from a salvage vehicle from eBay and a LiPo battery powered the circuit. Overall, the kit cost them around €168. 

The Belgian researchers informed Tesla about the identified vulnerabilities on the 17th of August 2020. Tesla confirmed the issues and awarded the team’s findings under its bug bounty programme and started working on security updates. As part of the 2020.48 OTA software update, which is now rolling out, a firmware update will be pushed to the key fob to patch the flaw.

Image credits: Tesla

close

Want to stay on top of the latest rounds, coolest tech and hottest startups?

Subscribe to our free, daily news blast and stay up-to-date!

Check your inbox or spam folder to confirm your subscription.

 - Partner content -
Hiring during COVID Intrinsic Search
Hiring SaaS sales executives
Check out the do's and don'ts while hiring SaaS sales executives
Check out the do's and don'ts while hiring SaaS sales executives Show Less
Read more
Tags: featurednews
Share3Tweet11SendShare18

Partner content | Work with us

Future of coding: CTOs discuss low-code versus custom code software development for their business

Why now is the perfect time to start hiring for 2021

SaaS sales in 2021: 9 predictions from an industry expert

Diversity in hiring for SaaS: the often overlooked topic of ageism

Boost your scale-up’s growth by outsourcing to these top Eastern European software development companies

Subscribe to our daily newsletter

Check your inbox or spam folder to confirm your subscription.

Breaking news from Amsterdam | Partner

Here’s why Just Eat Takeaway wants to remain listed in Amsterdam

CES 2021: Meet the 12 Amsterdam-based startups in the Dutch delegation

11 AI leaders from Amsterdam to watch in 2021

Amsterdam-based Media Distillery uses AI to understand what’s inside video; secures €3M

Advertisement

Trending

Adobe flash
News

Adobe pulls the plug on Flash, but here’s how you can still play some iconic Adobe Flash games

January 4, 2021
Amsterdam
Amsterdam

CES 2021: Meet the 12 Amsterdam-based startups in the Dutch delegation

January 13, 2021
3D Hubs
Amsterdam

Amsterdam-based 3D Hubs acquired by Protolabs for €272.1M; here’s what you need to know

January 19, 2021
  • About Silicon Canals
  • Partner with Silicon Canals
  • Contact us
  • Newsletter
  • Disclaimer
  • Privacy policy
  • Terms & Conditions Silicon Canals

Silicon Canals 2014-2020 | Website: Bright Idiots

No Result
View All Result
  • Home
  • News
    • COVID-19
    • Startups
    • Scaleups
    • FinTech
    • AI and chatbots
    • Travel & Mobility
    • Software & SaaS
    • Health & Medtech
    • (Crowd)funding
    • Blockchain
    • Internet of things
    • Hardware
    • Accelerators
    • E-commerce
    • Cybersecurity
    • Gaming & Virtual Reality
    • Drones
  • Features
    • Promoted content
    • How-to
    • Knowledge & Insights
    • Guest Contributions
    • Scaling-up in Europe
  • Amsterdam
  • Events
  • Newsletter
  • Jobs
  • About
    • Partner with Silicon Canals
    • Team
    • Contact

Silicon Canals 2014-2020 | Website: Bright Idiots

X

This website uses cookies to ensure the best possible experience. We may share this information with our advertising and analytics partners. By clicking 'Accept', you agree to our use of cookies and similar technologies. More info