Icon: enlarge
Tesla Model X
Photo: EVGENIA NOVOZHENINA / REUTERS
When Elon Musk presented the Model X five years ago, the Tesla boss was particularly proud of the gullwing doors.
The so-called Falcon Wings of the electric SUV open as soon as you approach the car.
The idea: vehicle owners can, for example, sit their children directly in the back seat and stow their shopping without having to laboriously unlock the car.
The problem: The radio key of the 90,000 euro car can evidently be tricked.
According to their own statements, researchers at KU Leuven have succeeded in cracking the so-called keyless-go locking system of a Tesla Model X, starting the car and driving away with it.
With this, the Belgians have again tricked Tesla's locking technology.
Two years ago, they had already cloned a Tesla Model S key in less than two seconds.
For the experiment with the Model X, the researchers said they had first removed a control unit from a scrap truck Tesla.
From this component and a Rasperry Pi minicomputer, they tinkered a box with a radio transmitter for less than 200 euros in order to fool the real car key into the right vehicle.
That is also the catch with the method, which is difficult to implement in practice.
Because with the bulky control block, which is about the size of a shoebox, thieves first have to get within five meters of the real car key in order to fake an upcoming update.
Keyless go locking systems under fire
But if that worked and the connection between the key and the control block is in place, then the rest of the work is supposed to be very quick.
It takes about 90 seconds for the malware to load onto the key, and this works even from a distance of up to 30 meters.
The manipulated software update finally forces the key to transmit opening codes to the control box.
With these codes, according to the scientists, all doors could be opened.
The scientists smuggled the malware in via the wireless technology Bluetooth Low Energy, which, in addition to Tesla, many other car manufacturers also use for the key signal.
This means, for example, that apps on the smartphone can also be used to unlock the car.
Keyless-go locking systems, however, are repeatedly criticized.
Last year, the ADAC warned that thieves would have an easy time with the technology.
The researchers exploited another security gap inside the Tesla Model X car.
They connected the converted control unit to a plug that technicians in the workshop usually use for diagnosis.
They used it to bypass the security check, started the car with a modified key and the intercepted opening code - and drove away in the test car.
Tesla has now fixed the security holes with an update.
According to the scientists, the error will be eliminated with software version 2020.48, which has been distributed to cars via WiFi for around two weeks.
In August, the research team pointed out the two problems to the automaker and was rewarded with a payment from the bug bounty program.
Tesla was worth $ 5,500 for the hack.
Icon: The mirror
