Vulnerabilities Allow Thieves to Steal Tesla Model X SUVs in Just Minutes

Tesla Model X P100D with Open Gulwing Doors Credit: Grzegorz Czapski / Shutterstock
Text Size
- +

Tesla is known for regularly improving its electric cars with over-the-air updates to fix bugs and add new features. The company is now working on a new update that’ll patch a Bluetooth vulnerability that would allow someone to steal a Tesla Model X in just a few minutes.

Discovered by Belgian university security researcher Lennert Wouters, the flaw centers around the keyless entry fobs used by the Tesla Model X.

Wouters released information about several security vulnerabilities that make it easy for a thief to steal a Tesla with a hardware kit that costs less than $300 and a computer.

According to Wouters, a thief could purchase a hardware kit that fits inside a backpack and is controlled by the thief’s phone. The thief would need to read the car’s vehicle identification number printed on the car’s dashboard and visible through the window. They also would need to be within 15 feet of the keyless entry fob to establish a Bluetooth connection.

In 90 seconds, the hardware can uncover the radio code that can then be used to unlock the car. Once recovered, the rest of the hack can be performed remotely.

“Basically a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time. When you combine them, you get a much more powerful attack.”

Lennert Wouters

Once inside the car, a second vulnerability would let a thief pair his own fob with the vehicle and drive away with it. This second hack would take a minute or two of work and did not require any additional tools.

Wouters shared his information with Tesla earlier this year but has not publicly revealed the hack’s details. The company began working on a software fix and is rolling it out this week to its key fobs. This update will block at least one of the vulnerabilities identified by Wouter.

Tesla told Wouters that the patch could take about a month to roll out to all Tesla Model X owners.

Wouters plans to present these findings at the Real World Crypto conference in January 2021.

Social Sharing