It has been reported that Lennert Wouters, a security researcher at Belgian university KU Leuven, revealed a collection of security vulnerabilities in keyless entry for Tesla Model X which can be exploited to steal the car.
Automotive key fob attacks are real-world threats with significant impacts for automobile manufacturers, law enforcement, vehicle financers, and drivers. With consumer demand for Bluetooth and internet-connected vehicle functionality on the rise, it’s more important than ever to ensure these technologies are secure. Wouters’ Tesla Model X research demonstrates the impacts of security requirements and security features not having proper validation. Having thorough software composition analysis and fuzz testing performed against embedded electronics provides a higher level of confidence to thwart these attacks.
This vulnerability helps to illustrate how our homes and vehicles have become more connected and as convenience features are added, the attack surface increases. In this case, while relatively low cost considering the value of a targeted Tesla, there are a number of steps that need to take place in order to pull it off. While not difficult, it could raise some suspicion if done in a public parking lot or other populated public space. Tesla did a great job quickly fixing the issue with an over the air update and the researcher showed responsible reporting ethics by notifying Tesla and allowing them to develop the fix before publicly releasing the vulnerability and the exploit.
BLE (Bluetooth Low Energy) is used extensively in modern smart devices such as smartphones, fitness trackers, smart watches, home door locks and home automation devices, among many others, to allow for seamless data transfer while using very little battery power. While this is not an attack on BLE itself, it illustrates how the devices handling of registration and communication can be circumvented from a distance using these types of wireless protocols. Attacks such as this are why it is important to purchase devices from a reputable company that will continue to offer patches and updates in the event of a vulnerability being discovered.
Publicly reporting vulnerabilities like this will help secure vehicles and devices of all manufacturers across many industries and applications.
It’s a clever hack relying on sourcing components most likely came from stolen and chopped up vehicles (the majority of eBay parts are coming out of Eastern Europe after cars were stolen) but it would be harder to execute in real life given the attacker needs to be in proximity of the key as well as the vehicle, without being noticed.
Also, if Tesla’s ‘PIN to drive’ technology is enabled it doesn’t allow people to drive off in the car without a PIN. Even if the car is tricked into thinking the key is present, the PIN is still required to start the car, and is needed to disable the PIN as well.
What’s good for Teslas, unlike other cars that might need a service center recall in a similar scenario to receive software updates, is the ability to receive over the air updates to the car software and key fob firmware, with a way to track which vehicles have not received the updates to take additional steps if needed.
According to new research from insurer LV= shows that in 2016- 2019, insurance claims for car theft have jumped by 20%, with keyless car theft accounting for a large proportion of the claims. These figures from LV= show that luxury car makes such as Audi, BMW, Jaguar, Land Rover, Lexus, Mercedes, Porsche and Tesla are increasingly affected by keyless theft, accounting for almost half (48%) of all ‘theft of’ vehicle claims.
Karamba’s position is that the Tesla hack shows yet again the need of securing keyless entry systems. Time and again vulnerabilities in the keyless entry components – on the key fob or in the respective controller in the car – lead to hack-based car theft. Ensuring software integrity from boot time to runtime should be a priority to close the hackers way in.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics