[ad_1]
How long does it take for a car thief to steal a newly purchased Tesla Model X? The answer is less than 3 minutes.
You may think this is impossible, but in the eyes of hackers, this is simply pediatrics. Foreign media reported on the 23rd that a security researcher showed a serious vulnerability in the Tesla Model X’s keyless entry system:
Hackers use the Bluetooth connection to rewrite the vehicle’s key card firmware through this hole, obtain the vehicle unlock code from the key card, and steal Model X in minutes.
Any car thief who tries to read an electric car’s identification code (usually visible on the dash from the windshield) can exploit these vulnerabilities, within 15 feet (about 4.57 meters) of the victim’s key fob, and plan to steal. the car. The required hardware kit costs just $ 300.
This is a bit powerful.
What is the principle?
This type of “relay attack” is understood to be a common tactic used by Tesla thieves in Europe and the United States, and many car owners have suffered greatly. What is the principle of theft?
Security researcher Lennert Wouters discovered that Model X keys lack a so-called firmware update “code signing” (code signing).
Code signing is the digital signature that software developers can perform on software code. Users can use the code signing service to identify the publisher of the software and whether the software transmission process has been tampered with.
Tesla designed the Model X key fob to connect wirelessly to the Model X car’s computer and receive wireless firmware updates via Bluetooth, but it has not confirmed that the new firmware code has an unforgeable encryption signature from Tesla.
In other words, it’s this flaw that gives the thief a chance.
Therefore, security personnel attempted to use their own computer with a Bluetooth radio to connect to the target Model X key fob, rewrite the firmware, and use it to query the security chip on the key fob that generated the unlock code for the vehicle.
This is not very easy, because the Model X smart key’s Bluetooth radio will only “wake up” for a few seconds when the smart key’s battery is removed and inserted.
However, the Model X computer responsible for the keyless entry system has a component called the Body Control Module (BCM), which can also execute activation commands over Bluetooth.
BCM is an integrated system that can control the charge controller and coordinate the activation of the automotive electronic unit.
The microcontroller and connector built into the BCM constitute the central structural unit responsible for controlling part of the system. Operational data is transmitted to the control module through the input device.
After the module processes the data, it generates a feedback signal through built-in output devices (including relays and solenoids). Through the output device system, BCM coordinates the work of various electronic systems.
By buying the Model X BCM on eBay for US $ 50 ~ 100, you can spoof the low-frequency radio signal sent to the key fob (although the initial activation command must be sent from a short-range radius of about 15 meters, if the victim is outdoors, the rest of the firmware update technique can be performed hundreds of meters away).
In addition, BCM obtains a unique identification code from the last 5 digits of the electric vehicle identification code. The hacker can read the numbers from the windshield of the targeted electric car and then create the code for the hacked BCM in just 90 seconds.
After completing them, the hacker will be able to unlock the Model X. So how do you drive the car away? Security researchers also experimented more.
After unlocking Model X, the security researcher connects his computer to a port (allowing the computer to send commands to the electric vehicle’s network of internal components, called the CAN bus, including BCM). The port can be accessed through the small panel below the display. In seconds, no tools are needed, just pull a small storage container onto the dash.
During this process, security researchers discovered that BCM did not actually verify the authenticity of the certificate, meaning that after the hacker spoofed a fake key, he could drive the car as long as it passed the BCM verification.
Security researchers also showed the toolkit to complete this attack: which includes a small Raspberry Pi (Raspberry Pi) computer, a second-hand BCM Model X, a keychain, a power converter, and a battery.
The complete kit can send and receive all necessary radio commands from the backpack for less than $ 300.
In this regard, it may take almost a month for Tesla’s emergency response patch to be applied to all vulnerable cars, so Model X owners should ensure that all updates provided by Tesla are installed in the coming weeks to prevent hackers from intruding.
Tesla’s security problems have been over a day or two
The importance of this research lies in revealing the actual end-to-end attacks on vehicles.
This is not the first time Lennert Wouters has disclosed a vulnerability in Tesla’s keyless entry system. It has discovered two password vulnerabilities in Tesla Model S keyless entry systems, which also allow the theft of electric vehicles by radio. He believes that Tesla’s keyless entry security method is not unique, and similar systems can be just as vulnerable.
Before the Model X was exposed to security vulnerabilities, a Tesla video sparked a discussion on the Chinese internet. In the film, the photographer’s driving recorder recorded the scene where the sunroof of the previous Tesla was raised, and this flying sunroof nearly hit the photographer’s car.
The movie quickly attracted attention on Weibo, and Tesla’s customer service was quick to respond:
But the answer did not seem to be accepted by the majority of netizens. Some netizens noted that there is a long-standing precedent for the Tesla moonroof to be raised overseas. In October of this year, an American Tesla owner published an article saying that on the highway driving the Model Y home, the panoramic sunroof suddenly fell off. And it becomes “Convertible” in seconds.
There are also reports that Tesla owners may experience the problem of aging NAND memory chips, which can cause “some Tesla vehicles to have a number of problems, from rear view mirror lens failure to beep. direction light and other audio alarms. Lack of “.
Similar security incidents continue.
Of course, technology will always bring losses, but more importantly, it promotes general social progress; It is expected that in a few years, we will all travel in safer driverless cars.
(This article was reprinted with permission from Leifeng.com; first image source: Flickr / Pål-Kristian Hamre CC BY 2.0)
[ad_2]
