Funky features on Tesla’s Cybertruck
With a bulletproof body and 500-mile battery-powered range, Tesla’s electric pickup isn’t like every other truck.
Tesla is working on a fix for a security vulnerability in the Tesla Model X that can allow it to be stolen with a smartphone, a new report says.
Belgian computer security researcher Lennert Wouters told Wired that he discovered a way to break into a Model X with the vehicle identification number displayed on the dashboard.
Wouters said that with a smartphone-controlled $300 hardware kit that included a Raspberry Pi and Tesla body control module purchased on Ebay, he could unlock the vehicle remotely via Bluetooth, as long as he is within about 50 feet of the owner’s keyfob.
Once inside, he was able to plug a computer directly into the vehicle and convince it that his spoofed keyfob setup is authentic, allowing him to start it and drive away.
Wouters said that the car should’ve checked for the unique cryptographic certificate of the authentic keyfob, but didn’t, even though it was designed with the capability.
"The system has everything it needs to be secure," Wouters says. "And then there are a few small mistakes that allow me to circumvent all of the security measures."
WHY YOU SHOULD WRAP YOUR CAR KEYS IN ALUMINUM FOIL
Wouters informed Tesla of his findings and said the automaker is working on a fix that will be uploaded to all of the affected vehicles in the coming weeks.
Tesla apparently no longer has a functioning press office to respond to requests for comment or confirmation, and CEO Elon Musk has not said anything about the discovery on social media.
OREGON CRASH SENDS BATTERY CELLS FLYING INTO HOMES
Like many tech companies, Tesla sometimes offers bounties to “white hat” hackers who discover issues with their security. Last year, it gave a team a free Tesla Model 3 after they were able to access the car’s computer system.
Wouters will be sharing more info about his discovery in January at the Real World Crypto conference.
CLICK HERE TO GET THE FOX NEWS APP
Source: Read Full Article