Last week at an IT security conference, a pair of cyber security researchers demonstrated how they could unlock and open a Tesla’s doors using only a drone outfitted with a Wi-Fi dongle.
They were originally going to demonstrate this at last year’s Pwn2Own hacking competition, but that contest got canceled due to the COVID-19 pandemic. So, they presented it at this year’s CanSecWest conference instead.
You can view the German cyber security experts’ presentation via a 40-minute-long YouTube video. If you want to skip to the action, you can head directly to the 36-minute mark to see them unlock the Tesla.
The hack shouldn’t be possible today, the researchers explained, because the security flaw they exploited got fixed with a software update last October after they informed Tesla about it. However, the researchers said other automakers might have the same vulnerability in their operating systems.
In their presentation, the researchers said they exploited vulnerabilities in ConnMan, an open source software component produced by Inte that functions as an internet connection manager for embedded devices.
The researchers discovered they could exploit this flaw to take control of a Tesla’s infotainment system. From there, they could do anything a driver could do by pressing the buttons on the car’s console, including unlocking the doors and trunk, changing seat positions, playing music, and controlling the air conditioning.
RELATED RESOURCE
However, they couldn’t start or drive the car.
In the video, they use a drone equipped with a Wi-Fi dongle to remotely hack into a Tesla Model X’s infotainment system. They said this technique worked on Tesla S, 3, X, and Y models from up to 300 feet away.
The really concerning part is that other automakers besides Tesla use ConnMan software. An improved version of ConnMan came out in February, the researchers said, but it’s not clear how many automakers are using it.
Of course, this isn’t the first time hackers or cyber security researchers have targeted Tesla or its vehicles. In March, hackers breached more than 150,000 security cameras at Tesla and internet security provider Cloudflare. Last year, McAfee researchers used a two-inch strip of tape to trick Tesla autopilot systems into accelerating their vehicles 50 mph above the speed limit. Finally, in 2018, security researchers discovered Tesla keyfobs were vulnerable to spoofing attacks that would allow attackers to steal a Tesla simply by walking past the owner and cloning their key.
-
What businesses need to know about data sovereigntyWithout a firm strategy for data sovereignty, businesses put their data and reputations at risk
-
Anthropic says MCP will stay 'open, neutral, and community-driven' after donating project to Linux FoundationNews The AIFF aims to standardize agentic AI development and create an open ecosystem for developers
-
Why the Space Force wants white hats to attack a satelliteCase study Authorities hope the first-of-its-kind competition could bring benefits to the cyber sector
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
New ‘DarkBit’ ransomware gang shuts down Technion, demands $1.7 million ransomNews A politically charged ransom note suggests DarkBit are one of the newest hacktivist gangs to emerge in recent months
-
Research: Luxury cars and emergency services vehicles vulnerable to remote takeoverNews A "global API issue" has been highlighted through months-long research into brands such as Ferrari and Mercedes-Benz, leaving owners open to hacking, account takeovers, and more
-
Podcast transcript: Meet the cyborg hackerIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: Meet the cyborg hackerIT Pro Podcast Resistance is futile - offensive biotech implants are already here
-
SpaceX bug bounty offers up to $25,000 per Starlink exploitNews The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page
-
Nomad happy to forgive hackers if they return 90% of $190 million that was stolenNews The crypto bridge is offering 'white hat hackers' a 10% bounty following the attack earlier this week
