A Belgian computer security researcher has exposed vulnerability in Tesla’s model X that can allow a hacker easily steal the electric vehicle with a smartphone.
“The system has everything it needs to be secure,” Wouters said. “And then there are a few small mistakes that allow me to circumvent all of the security measures.”
Wouters said that with a smartphone-controlled $300 hardware kit that included a Raspberry Pi and Tesla body control module purchased on Ebay, he could easily unlock the vehicle remotely via Bluetooth, as long as he is within about 50 feet of the owner’s keyfob.
After unlocking the car, Wouter said he can then plug a computer directly into the vehicle and convince it that his spoofed keyfob setup is authentic, allowing him to start it and drive away.
Wouters notified Tesla of his findings and said the automaker is now working to fix the vulnerability
Automakers constantly work hard to reduce the possibility that hackers can steal their cars. Like many in the industry, Tesla offers bounties to “white hat” hackers who discover issues with their security.
Last year, the California automaker gave a group of hackers a free Tesla Model 3 after they were able to expose the vulnerability in Model 3 and accessed the car’s computer system.
Wouters plans to share more information about his discovery at the Real World Crypto conference in January.