Belgian researchers have once again demonstrated a significant vulnerability in Tesla’s keyless entry system, highlighting potential security risks and raising questions about the cost implications for owners. This time, the target was the Tesla Model X, with researchers successfully gaining access and potentially stealing the vehicle within minutes by exploiting weaknesses in its key fob technology.
For the third time, security experts from the Computer Security and Industrial Cryptography (COIC) research group at the University of Leuven, associated with Imec, have exposed flaws in Tesla’s keyless entry system. Their latest research focused on the Tesla Model X key fob, a device designed for convenient keyless access. These findings underscore that even advanced electric vehicles (EVs) like Teslas, renowned for their technology and costing upwards of $100,000 for models like the Model X, are not immune to security vulnerabilities. The weakness lies within the Bluetooth Low Energy (BLE) technology used in the Model X key fob, which facilitates communication with a smartphone app for keyless entry. This increasing reliance on BLE in modern key fobs, while enhancing convenience, also presents new avenues for exploitation, as noted by the research team in their online press release detailing the Tesla hack.
Tesla Model X key fob showcasing the Bluetooth Low Energy technology susceptible to security breaches.
The researchers, including PhD student Lennert Wouters, known for previous keyless entry system attacks on the Tesla Model S, executed a proof-of-concept attack using readily available and affordable components. Their setup included a Raspberry Pi computer ($35), a CAN shield ($30), a salvaged Tesla Model X key fob and Electronic Control Unit (ECU) ($100 from eBay), and a LiPo battery ($30). This relatively low Tesla Key Fob Cost for hacking tools compared to the potential value of the vehicle highlights the accessibility of such attacks. While Tesla has responded by releasing an over-the-air software update to address these vulnerabilities, the demonstration raises concerns about the ongoing need for vigilance in automotive cybersecurity.
The attack unfolded in two stages. Initially, the researchers utilized the ECU to manipulate the key fob into broadcasting itself as a discoverable Bluetooth device, achievable from a distance of up to five meters, according to Wouters. By reverse engineering the Model X key fob, they found that the BLE interface allowed for remote software updates to the BLE chip. Critically, this update mechanism lacked robust security measures, enabling the researchers to wirelessly compromise the key fob and gain complete control over it.
Once compromised, gaining access to the vehicle took a mere minute and a half from a distance exceeding 30 meters. With control of the key fob, the team obtained valid commands to unlock the Tesla Model X and access the diagnostic connector inside the car. Professor Benedikt Gierlichs, who headed the research team, explained the next step: “By connecting to the diagnostic connector, we can pair a modified key fob to the car. The newly paired key fob allows us to then start the car and drive off. By exploiting these two weaknesses in the Tesla Model X keyless entry system we are thus able to steal the car in a few minutes.”
This successful hack is not an isolated incident. The same research team has previously demonstrated vulnerabilities in Tesla Model S key fobs, both in the original Passive Keyless Entry and Start (PKES) system and in subsequent iterations after Tesla issued security updates. These repeated breaches emphasize the evolving nature of cybersecurity threats in the automotive industry and the challenges in maintaining robust security.
[
Tesla is not alone in facing such security challenges. In 2016, Chinese researchers revealed remote hacking capabilities on Tesla Model S vehicles, demonstrating control over braking, control panels, trunk operation, and windshield wipers. Furthermore, broader vulnerabilities in keyless entry systems have been identified across multiple manufacturers. In the same year, research indicated that millions of vehicles from Volkswagen, Ford, and Chevrolet were susceptible to key fob attacks and theft due to weaknesses in their keyless entry systems.
The ongoing research into Tesla key fob vulnerabilities and similar exploits in other vehicles underscores the critical importance of robust cybersecurity measures in modern automobiles. While Tesla has addressed the newly discovered Model X flaw with a software update, the repeated demonstrations serve as a reminder of the continuous cat-and-mouse game between security researchers and those seeking to exploit technological weaknesses. For Tesla owners, understanding the potential risks and the tesla key fob cost – not just of replacement fobs, but also the broader cost of security vulnerabilities and potential theft – is becoming increasingly important in navigating the landscape of modern vehicle ownership.
