Tag Archive for: Tesla

Tesla Model X entry system security flaw allows vehicles to be stolen in minutes

/in


A security flaw in Tesla Inc.’s Model X keyless entry system has been found to allow a would-be hacker to steal the vehicle in minutes.

Discovered by Lennert Wouters, a Ph.D. student at COSIC, a research group at the University of Leuven in Belgium, the hack involves exploiting a vulnerability in the way Tesla implements Bluetooth Low Energy in their Model X key fobs including support for firmware updates. The group revealed the exploit today.

The technique involves using a modified electronic control unit from a salvaged Model X to force key fobs to advertise themselves as connectable BLE devices. The BLE interface was found to be not properly secured through the update mechanism, allowing for the wireless takeover of the key fob to obtain valid codes to unlock the car.

“With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians, ” Wouters explains. “Because of a vulnerability in the implementation of the pairing protocol we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car.”

Wouters discovered the vulnerability in the northern summer and reported it to Tesla in August. Tesla is said to be pushing out a software update this week to address the vulnerability hence Wouters is now releasing the details.

This isn’t the first time Tesla’s have been shown to be hackable. Researchers from COSIC have previously detailed how the keyless entry on the Tesla Model S can also be hacked. Past examples of Tesla getting hacking remotely included brakes in 2016.

“Automotive key fob attacks are real-world threats with significant impacts for automobile manufactures, law enforcement, vehicle finance companies and drivers,” Jacob Wilson, senior security consultant at electronic design automation firm Synopsys Inc., told SiliconANGLE. “With consumer demand for Bluetooth and internet-connected vehicle functionality on the rise, it’s more important than ever to ensure these technologies are secure.”

The research, he added, demonstrates the impacts of security requirements and…

Source…

Hackers could steal a Tesla Model X in minutes, security researchers say

/in


It was the latest security experiment from the COSIC group at the University of Leuven in Belgium, which had previously found a similar vulnerability with Tesla’s Model S luxury sedan, where a key fob was also to blame.

The researchers said they were able to break into the SUV, which starts at $80,000, using a few hundred dollars’ worth of equipment.

Researchers noted that process took about 90 seconds.

The researchers, who informed the company of their findings on Aug. 17, said Tesla is rolling out an update intended to address the issue. An over-the-air software update is being pushed to the key fobs, they said, which will better lock them down.

Wired was first to report on the vulnerability. Tesla did not respond to a request for comment.

Lennert Wouters, a PhD student at the COSIC research group, said in an email that the problem is not necessarily unique to Tesla.

“This system was developed in-house by Tesla, so this exact vulnerability most likely only applies to the Tesla Model X,” he wrote. “However, other keyfobs which have an insecure firmware update mechanism could also be vulnerable to a similar attack.”

Among the key vulnerabilities, Wouters noted: the lack of “cryptographic signatures” in the firmware update process, meaning a key fob has no secure way of certifying whether an update is legitimate; and an insecure pairing protocol that allowed a new, modified key fob to be paired to a Model X.

Equipment to break into the car included a $35 Raspberry Pi computer, a modified key fob and a salvaged Tesla Model X control unit bought off eBay. Researchers used the spare control unit to get key fobs within several meters to advertise themselves as “connectable.” After that, they pushed out a software update to the key fobs that would “acquire a valid unlock message” so they could unlock the car later, Wouters said. They noted that the software in Tesla’s key fobs could be updated without an additional layer of security that would verify its authenticity.

“As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it,” Wouters said in a news release. “Subsequently we could obtain valid…

Source…

A Tesla Employee Thwarted an Alleged Ransomware Plot – WIRED

/in
  1. A Tesla Employee Thwarted an Alleged Ransomware Plot  WIRED
  2. Russian tourist offered employee $ 1 million to cripple Tesla with malware  Ars Technica
  3. Elon Musk confirms Tesla was target of foiled ransomware attack  TechCrunch
  4. US Arrests Tourist Over Malware Conspiracy  Infosecurity Magazine
  5. Tesla and FBI prevented $ 1 million ransomware hack at Gigafactory Nevada  Electrek.co
  6. View Full Coverage on read more

“malware news” – read more