Menu Close

Demonstrated: hackers can break into Tesla using a drone flying over

Two cybersecurity researchers have demonstrated a vulnerability (now fixed) that allowed them to unlock the doors of a Tesla Model X using nothing more than a drone and a Wi-Fi dongle.

Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have discovered zero-day security flaws in Intel’s ConnMan open-source software component managing the network connections, with code specifically written to abuse the flaw allowing them to unlock the doors and the trunk, change seat positions, and do pretty much anything a driver would be able to do by pressing the buttons on the console.

To exploit the vulnerability, the two security researchers turned to a DJI Mavic 2 drone, which was used to fly over the exposed vehicle, and a Wi-Fi module to connect to the infotainment unit and launch the remote attack aimed at ConnMan.

Called TBONE, the attack was originally projected to be presented at Pwn2Own 2020, but the hacking contest has eventually been canceled due to the global health issue.

The researchers, however, demonstrated the exploit at the CamSecWest conference, revealing that the flaws have already been patched after reaching out to Tesla, Intel, and the German CERT.

Furthermore, Tesla rolled out update 2020.44 in late October 2020 to resolve the security problems, with the carmaker also offering a $31,500 bounty for disclosing the vulnerabilities.

And now comes the more concerning part. The ConnMan component that’s been found to be vulnerable isn’t only used by Tesla but by plenty of other carmakers too, so there’s a chance the security flaws exist in other vehicles too. A new version of ConnMan (build 1.39) has already been published in February 2021, but at this point, it’s still not clear how many carmakers have included the new release in their software updates.

The researchers claim the attack is wormable and could be weaponized, which means a more complex attack could be even more harmful, eventually being able to even connect to nearby cars and break into their infotainment systems.

Article: Hackers Break Into Tesla Using a Drone Flying Over the Car

 

Leave a Reply

Your email address will not be published. Required fields are marked *

(UN General Assembly, 1948) The Universal Declaration of Human Rights: 1. All human beings are free and equal 2. No discrimination 3. Right to life 4. No slavery 5. No torture and inhuman treatment 6. Same right to use law 7. Equal before the law 8. Right to be treated fair by court 9. No unfair detainment 10. Right to trial 11. Innocent until proved guilty 12. Right to privacy 13. Freedom to movement and residence 14. Right to asylum 15. Right to nationality 16. Rights to marry and have family 17. Right to own things 18. Freedom of thought and religion 19. Freedom of opinion and expression 20. Right to assemble 21. Right to democracy 22. Right to social security 23. Right to work 24. Right to rest and holiday 25. Right of social service 26. Right to education 27. Right of cultural and art 28. Freedom around the world 29. Subject to law 30. Human rights can’t be taken away