Thursday, January 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Tesla Model X hacked and stolen in minutes using new key fob hack

November 24, 2020
in Internet Security
Tesla Model X hacked and stolen in minutes using new key fob hack
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Tesla Motors

A Belgian security researcher has discovered a method to overwrite and hijack the firmware of Tesla Model X key fobs, allowing him to steal any car that isn’t running on the latest software update.

The attack, which only takes a few minutes to execute and requires inexpensive gear, was put together by Lennert Wouters, a PhD student at the Computer Security and Industrial Cryptography (COSIC) group at the Catholic University of Leuven (KU Leuven) in Belgium.

You might also like

Mozilla: Racism, misinformation, anti-worker policies are ‘undermining’ the Internet

Google says iOS privacy summaries will arrive when its apps are updated

NSW running Data61 de-identification tool across COVID data prior to public release

This is Wouters’ third Tesla hack in as many years, with the researcher publishing two other Tesla attacks in 2018 and 2019, respectively.

Attack exploits bug in key fob update system

According to a report published today, Wouters said this third attack works because of a flaw in the firmware update process of Tesla Model X key fobs.

The flaw can be exploited using an electronic control unit (ECU) salvaged from an older Model X vehicle, which can be easily acquired online on sites like eBay or any stores or forums selling used Tesla car parts.

Wouters said attackers can modify the older ECU to trick a victim’s key fob into believing the ECU belonged to its paired vehicle and then push a malicious firmware update to the key fob via the BLE (Bluetooth Low Energy) protocol.

“As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it,” Wouters said. “Subsequently we could obtain valid unlock messages to unlock the car later on.”

The steps of the attack are detailed below:

  1. Attacker approaches the owner of Tesla Model X vehicle. The attacker needs to get as close as 5 meters to the victim in order to allow the older modified ECU to wake up and ensnare the victim’s key fob.
  2. The attacker then pushes the malicious firmware update to the victim’s key fob. This part requires around 1.5 minutes to execute, but the range also goes up to 30 meters, allowing the attacker to distance themselves from the targeted Tesla owner.
  3. Once a key fob has been hacked, the attacker extracts car unlock messages from the key fob.
  4. The attacker uses these unlock messages to enter the victim’s car.
  5. The attacker connects the older ECU to the hacked Tesla car’s diagnostics connector — normally used by Tesla technicians to service the car.
  6. The attacker uses this connector to pair their own key fob to the car, which they later use to start the vehicle and drive away. This part also takes a few minutes to execute.

The only downside of this attack is the relatively bulky attack rig, which would be easy to spot unless concealed inside a backpack, bag, or another car.

Nonetheless, the attack rig isn’t expensive, requiring a Raspberry Pi computer ($35) with a CAN shield ($30), a modified key fob, an older ECU from a salvaged vehicle ($100 on eBay, and a LiPo battery ($30).

Below is also a video of the entire attack steps and the attack rig.

Wouters said he discovered the bug earlier this summer and reported it to Tesla’s security team in mid-August.

The researcher has published his findings today after Tesla began rolling out an over-the-air software update to all its Model X cars this week. The software update where this bug has been fixed is 2020.48, according to Wouters.

Credit: Zdnet

Previous Post

Misinformation or Artifact: A New Way to Think about Machine Learning

Next Post

Repurposing an internal digital ad solution for client use

Related Posts

Mozilla: Racism, misinformation, anti-worker policies are ‘undermining’ the Internet
Internet Security

Mozilla: Racism, misinformation, anti-worker policies are ‘undermining’ the Internet

January 28, 2021
Google says iOS privacy summaries will arrive when its apps are updated
Internet Security

Google says iOS privacy summaries will arrive when its apps are updated

January 28, 2021
NSW running Data61 de-identification tool across COVID data prior to public release
Internet Security

NSW running Data61 de-identification tool across COVID data prior to public release

January 28, 2021
Authorities plan to mass-uninstall Emotet from infected hosts on March 25, 2021
Internet Security

Authorities plan to mass-uninstall Emotet from infected hosts on March 25, 2021

January 28, 2021
New Google cloud service aims to bring zero trust security to the web
Internet Security

New Google cloud service aims to bring zero trust security to the web

January 28, 2021
Next Post
Repurposing an internal digital ad solution for client use

Repurposing an internal digital ad solution for client use

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Top Trends of Embedded Machine Learning for IoT in 2021
Machine Learning

Top Trends of Embedded Machine Learning for IoT in 2021

January 28, 2021
How the Pandemic Has Affected ABM Budgets & Goals
Marketing Technology

How the Pandemic Has Affected ABM Budgets & Goals

January 28, 2021
Mozilla: Racism, misinformation, anti-worker policies are ‘undermining’ the Internet
Internet Security

Mozilla: Racism, misinformation, anti-worker policies are ‘undermining’ the Internet

January 28, 2021
Using AI and Machine Learning to Make Solar Power More Efficient
Machine Learning

Using AI and Machine Learning to Make Solar Power More Efficient

January 28, 2021
The Future of B2B Marketing: 4 Areas to Focus On
Marketing Technology

The Future of B2B Marketing: 4 Areas to Focus On

January 28, 2021
Google says iOS privacy summaries will arrive when its apps are updated
Internet Security

Google says iOS privacy summaries will arrive when its apps are updated

January 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Top Trends of Embedded Machine Learning for IoT in 2021 January 28, 2021
  • How the Pandemic Has Affected ABM Budgets & Goals January 28, 2021
  • Mozilla: Racism, misinformation, anti-worker policies are ‘undermining’ the Internet January 28, 2021
  • Using AI and Machine Learning to Make Solar Power More Efficient January 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates