Here’s everything a Belgian researcher needed to break into a Tesla Model X and steal it: a Bluetooth kit at 250 euros and a bit of luck. According to the American site Wired, Lennert Woulters, who studies cyber security at KU Leuven University in Dutch-speaking Belgium, found a way to exploit two vulnerabilities in the system.
To do so, he simply read the car’s identification number and found a code on the owner’s key fob (to get it, you have to be within 4.5 meters of the vehicle). Armed with this information and a Bluetooth radio, Woulters was able to unlock the car by usurping the signal that usually comes from the owner’s key ring or phone.
Once inside the Tesla, things got complicated. Lennert Woulters was able to use vehicle control software found on eBay, then plugged it into the car’s computer port, and coupled the vehicle system with its own « key » – something the Tesla computer system did not check.
« In fact, exploiting these two vulnerabilities allows a hacker to steal an X model in a matter of minutes, » he told Wired. « When you combine them, you get a much more powerful attack. » Tesla, who has not responded to Business Insider US, plans to deploy a software update to fix the problem, according to Wired.
The automaker, like many tech companies, is using a « bug bonus » program. Researchers and hackers are rewarded for helping to find vulnerabilities that could be exploited by potential attackers. To thank them, Tesla has already offered money and even some of its vehicles.