Two security researchers partially took control of a Tesla Model X using a DJI drone by exploiting a security hole in the infotainment system’s Wi-Fi connection.
You will also be interested
[EN VIDÉO] This flying taxi turns into an autonomous car For the moment, this is a concept that has little chance of success. The principle is based on an Adav whose cabin is detached to integrate into a chassis to make it an autonomous car.
Last week, on the occasion of Pwn2Own hacking contest held every year at the CanSecWest computer security conference in Vancouver (Canada), two security researchers gave an incredible demonstration by hacking a Tesla Model X remotely using a drone.
Ralf-Philipp Weinmann and Benedikt Schmotzle revealed how to launch a zero-click attack by connecting to the infotainment system of the Tesla. For this, they used a DJI Mavic 2 drone and a dongle Wi-Fi. In the video below, we see that it takes them barely three minutes to unlock the doors and open them. Experts have exploited two security flaws present in the open-source ConnMan software which is used in infotainment systems of Tesla, but also other brands automobiles, to manage the Internet connection.
According to the two researchers Ralf-Philipp Weinmann and Benedikt Schmotzle, their hack of a Tesla with a DJI drone could work from 100 meters away. © Secwestnet
Tesla fixed this security flaw
Baptized TBONE, this attack made it possible to unlock the doors and the trunk, to change the position of the seats, the steering and acceleration settings. The two researchers explain that it would even have been possible to add an element to be able to inject new Wi-Fi firmware into the car in order to transform it into an access point that can be used to hack other nearby Tesla. They specify, however, that their exploit does not allow full control of the car but that it works on Tesla Model S, 3, X and Y.
The TBONE attack was originally scheduled to be featured during Pwn2Own 2020, but the event was canceled due to the pandemic. In the meantime, the researchers have warned Tesla, Intel (behind ConnMan) as well as the German CERT so that it can approach other car brands concerned. Tesla plugged the breach in a software update released last October and awarded a bounty of $ 31,500 to the two researchers. It is not known if other manufacturers have released security fixes as well.
Interested in what you just read?