Tesla EVs benefit from a top-notch computing system that allows for a convenient driving experience but the same cannot be said when it comes to security. A researcher discovered an exploit that could potentially lead thieves to take full control of the Model X, and the electric SUV would be gone in like 90 seconds.
Thanks to friendly hacker Lennert Wouters, Tesla has been informed that the Model X has existing vulnerabilities that could allow unauthorized entry to the EV's system through Bluetooth connection. The hack would poke into a hole in the Model X's keyless entry system and fool the vehicle's computer into believing that the real owner is logged in.
Wouters, who is a security researcher from Belgium, claimed the whole procedure can be implemented and completed by a skilled hacker in a matter of seconds. He warned that left unplugged, the Model X when unattended could be gone in under two minutes.
Wired reported that Wouters reached to Tesla about the matter and he understood that the automaker has acknowledged the issue. The company is set to release a patch over-the-air to quash the vulnerability but provided no exact timing.
In the meantime, Wouters provided a bit of detail on how exactly the Model X is prone to theft. He revealed that his experiment in gaining remote access to the Model X cost him $300, which paid for the hacking kit.
The attack involved connecting with the Model X's body control module that dictates how the EV's keyless entry system behaves. The basic tactic is to establish a connection via Bluetooth, rewrite the firmware of a key fob, and then copy an unlock code from the same key fob.
The procedure can be performed within a radio range of 15 meters and the coverage can be expanded if the targeted Model X is outdoors. Wouters said the hacking remains possible by up to 50 meters.
However, the researcher noted that Tesla has built-in security protocols for all Tesla vehicles to fend off possible hacking attacks. The system in place is not yet working as designed and Wouters has identified specific errors that allow for intrusions.
According to CNET, these holes can be patched by a simple firmware update that hopefully, Tesla will deliver soon. To be clear, the Model X already boasts of a cryptographic certificate system that will turn away unwanted access to the vehicle but the feature is not yet active.
The OTA update, when it starts rolling out, will flip the switch on the feature and the Model X SUV will gain the robust security protection promised by Tesla.