Published in Transportation

Student uses Raspberry to take over Tesla Model X

by on30 November 2020

Exploited the Bluetooth Low Energy standard

A Belgian student has bypassed the security of a Tesla Model X using a Raspberry Pi and a modified key fob and a wrecked engine control unit.

According to ComputerWeekly, Lennert Wouters, a PhD student at the University of Leuven's Computer Security and Industrial Cryptography (Cosic) research group created the device which can wirelessly connect to the car from up to five meters away. This is the third time in as many years that Wouters has successfully broken into a Tesla vehicle by exploiting its keyfob. In both prior instances, he was able to effectively “clone” the device to gain access.

He used a modified ECU, obtained from a wrecked Tesla Model X, to force key fobs to advertise themselves as connectable BLE devices.

By reverse engineering the Tesla Model X key fob, he discovered that the chip providing Bluetooth Low Energy (BLE) interface could be updated, and was insecure enabling the team to compromise and attack the fob and obtain valid commands to lock/unlock the car.

It cost him $195 and could easily be hidden in a briefcase or bag, enabling the thief to walk casually by their target and take control of their key fob. It would then be a matter of time for the thief to use the onboard diagnostic connector, pair their modified key fob and then have control of the car.

The vulnerability has forced Tesla to issue an over the air patch for its Model X vehicles.


Last modified on 30 November 2020
Rate this item
(1 Vote)

Read more about: