Everyone buying a Tesla gets a high tech car with a great interior. A lot of thought went into it and that includes its security as well. So far Tesla has done a pretty good job. That is until now: Security researchers from Belgium found out that Model S can be hacked in a matter of seconds.
A Raspberry Pi and some tech know-how
Normally you’d associate stealing a car with breaking a window and hotwiring it. With a Tesla Model S things are more … civilized. Researchers from the KU Leuven University in Belgium found out how to trick the sophisticated encryption of the car with relatively low tech equipment and by “just” impersonation its key fob.
Apparently it’s super easy (compared to other hacking tasks) to clone the key of a Model S and then just drive away with “your” new car. With enough technical knowhow, criminal energy and the right tools it’s absolutely doable. The hardware needed to do so consists of a Raspberry Pi, a Software Defined Radio Promax 3, a USB antenna, a USB power bank, a mobile access spot, and access to a server with enough storage capabilities.
Once the equipment is put together all the attacker needs to do is wait near the car until the owner comes along and opens it up. The rest is done by the equipment. Take a look at the video to see how it is all done and how fast the car is gone.
Please enter your PIN
Tesla reacted fast. When informed about the security issue a year ago they worked extensively to fix it. New models have a better encryption that should help prevent hacks like the above. Owners of an older Model S can upgrade their car to get said features, too. If that’s somehow not an option, Tesla rolled out an update two weeks ago that allows owners to set a PIN code before the car can be started. While that may not be as convenient as only using the key fob, it at least helps to make sure your car stays your car.
By the way: The researchers earned a 10000 Dollar bug bounty. Not quite enough to buy a Tesla Model S, but still not too shabby.