Raspberry Pi Used To Hack Tesla Model X SUV Key Fob (tomshardware.com) 43
Pig Hogger (Slashdot reader #10,379) writes:
According to this Tom's Hardware story, a Belgian PhD student managed to wrest full control of a Tesla Model X SUV, by way of hijacking the Bluetooth keyfob and reprogramming it, using a Raspberry Pi.
Tesla has since issued a software update to protect against that kind of attack
Since the attack is done via Bluetooth, control could be gained wirelessly from 5 meters away.
According to the article this is the third time the same student "has managed to exploit the key fob and gain access to the car. Previously he was able to clone the fob..."
Computer Weekly also got an interesting quote from a senior security consultant at the electronic design automation company Synopsys, who argues that the research "demonstrates the impacts of security requirements and security features not having proper validation."
Tesla has since issued a software update to protect against that kind of attack
Since the attack is done via Bluetooth, control could be gained wirelessly from 5 meters away.
According to the article this is the third time the same student "has managed to exploit the key fob and gain access to the car. Previously he was able to clone the fob..."
Computer Weekly also got an interesting quote from a senior security consultant at the electronic design automation company Synopsys, who argues that the research "demonstrates the impacts of security requirements and security features not having proper validation."
Stealing A Car That Tracks You Is Stupid (Score:4, Interesting)
Unless the hacker disables the tracking it is just going to leak its location and you are busted.
Good luck with that.
Re:Stealing A Car That Tracks You Is Stupid (Score:4, Insightful)
I imagine stopping that would be step two if the hacker was a black hat instead of a PhD student.
Re: Stealing A Car That Tracks You Is Stupid (Score:3, Informative)
Re: Stealing A Car That Tracks You Is Stupid (Score:2)
or disable the antenna either through physical removal, localized shielding, or jamming.
Sometimes it's weird to think of how little creativity modern nerds have.
Re: (Score:2)
Re: (Score:2)
Ftfy (Score:2)
Stealing A Car Is Stupid
Ftfy. :)
Re: (Score:2)
That too
Re: (Score:2)
Maybe just hire this guy? (Score:5, Informative)
Re: (Score:3, Informative)
Tesla doesn't do validation. They release a beta and let owners test it for them. Just like Microsoft and half the other tech companies.
Re: (Score:2, Insightful)
Citation please.
Re:Maybe just hire this guy? (Score:4, Insightful)
Re: (Score:2)
Well it is this guys third time of hacking the fob system successfully. I think the article IS the citation. As the grandparent suggested, they should hire the guy to do the next iteration of the software so that he doesn't break it a fourth time.
Why hire him? He's helping them work on it right now for free.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Autopilot has been in beta since it came out about 6 years ago and now they are beta testing "Full Self Driving" too.
The Roadster was essentially a beta test and every new model has production problems at the start because they are beta builds. The latest Model Y has had parts missing from the suspension, the roof coming off while driving and more.
Re: (Score:2)
Yeah, and a German Court already ordered Tesla not to call it Autopilot. But Tesla for the moment (~1 year) legally ignores the verdict, by appealing it. It's >90% that the verdict will stay the same (the advertising is misleading, sigh), but Tesla just continues the misleading advertising as long as they can get away with it.
(Wonder if they will ignore the higher court's verdict too, try to appeal it too, or perhaps just ignore it, and pay the fines for ignoring the verdict?)
Re: (Score:2)
Tesla doesn't do validation. They release a beta and let owners test it for them. Just like Microsoft and half the other tech companies.
I'm tempted to call Elon and ask if they need help with their security implementations. That's what I do and validating code and signatures is not something I would fail to address.
Re: (Score:2)
or just put a real goddamn lock needing real goddamn key, no one is hacking that from 15 feet away.
Re: (Score:3)
or just put a real goddamn lock needing real goddamn key, no one is hacking that from 15 feet away.
Unless they take a high resolution picture of the key while you have it in your hand and cut a copy from a key blank. Worth noting that it is totally a thing that can be done. Or they could just pick the lock. Apparently it's pretty easy to pick most car locks with a jiggle key (cousin to the bump key).
Re: (Score:1)
sure those things can be done for low security keys, there are key systems where that won't work that have magnetic pin too... of course, they can be picked but not bumping...
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
I'm not sure any cars have locks like that. Anyway, it looks like, as long as the person making the key is familiar with the key system, there would be no problem making that key from a good picture of the key. Also, the video doesn't really inspire much confidence in the lock, since the guy in the video picks it in a minute and forty seconds. I'm sure a variant of a bump/jiggle key could be adapted for that type of lock as well
Re: (Score:1)
you misunderstand making any comment about quality of lock, that youtube guy is master lock picker, he can do locks that most locksmiths struggle with. He can do your typical "high security" lock in even less time. Just as there is another guy on youtube that can open bank vaults just by touch, takes him hour or several but is doing thing most can't. I was just showing that lock as example of mechanical system with key that can't be trivially duplicated. Hilarious thing is that it is is far more secur
Re: (Score:2)
Looking at the key, it still looks like the key could be mechanically reproduced just from a picture of the key. The position of the magnet can be easily ascertained from a picture. The polarity of the magnet, less so, but it seems like you could just produce multiple keys, or the key could even incorporate an electromagnet.
Re: Maybe just hire this guy? (Score:2)
Those locks are picked easily no need to duplicate the key.
Re: (Score:2)
'' third time the same student "has managed to exploit the key fob and gain access to the car. ''
No shit. Mr. Musk.. why isn't this guy staff yet? 3 times, seems like an employment mandate, doesn't it. Oh ya gotta pay his pre and post grad educational bill and pretty much anything else he wants.
Don't ya think assimilation is in order here?
Re: (Score:2)
Clearly he's better at this than anyone else you have on staff. How about you let him help build the next iteration of your key fob security?
Why? At this point you can consider a Telsa as the ultimate honeypot for thieves. The car is easy to break into but reports it location in real time to the owner so is easily found. It also has cameras everywhere so you can quickly and easily identify if someone so much as keys the panels.
Also if you think a hacker exploiting a bug makes them qualified to actually write commercial software or somehow "better" at others you're woefully delusional. That's like saying Michael Phelps would be a far better water
Preferred instrument? (Score:2)
Re: (Score:2)
An oboe.
Re: Preferred instrument? (Score:2)
A donkey can be trained to only go if it's you. That can't be hacked, unless the thief has a carrot.
Editor (Score:2)
Correct me if I'm wrong. But don't we consider those seeking a PHD as a candidate. Kinda seems to me a student has to graduate before seeking a doctorate and probably should be addressed as such.
this is BASIC (Score:2)
they got a old telsa ECU and forced the key to start pairing with it...
From the report
"
- We provide the reader with a detailed explanation of our re-verse engineering efforts and protocol analysis. By doing so we identify multiplesecurity issues in the PKES system designed by Pektron such as the use of an inadequate proprietary cipher, the lack of mutual authentication in the challenge-responseprotocol,
"
its not bluetooth but their crazy auth methods...
"
Over the years, researchers have shown that manufacture
Re: (Score:2)
The proprietary DST40 cipher wasreverse engineered by Bono et al. back in 2005
I am amazed he has time for cryptography work between U2, solving third-world poverty and going to Davos.
Ban! (Score:2)
better yet... (Score:2)
Nah, just accuse the student of being a pedophile.