Two cybersecurity researchers have demonstrated a vulnerability (now fixed) that allowed them to unlock the doors of a Tesla Model X using nothing more than a drone and a Wi-Fi dongle.
Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have discovered zero-day security flaws in Intel’s ConnMan open-source software component managing the network connections, with code specifically written to abuse the flaw allowing them to unlock the doors and the trunk, change seat positions, and do pretty much anything a driver would be able to do by pressing the buttons on the console.
To exploit the vulnerability, the two security researchers turned to a DJI Mavic 2 drone, which was used to fly over the exposed vehicle, and a Wi-Fi module to connect to the infotainment unit and launch the remote attack aimed at ConnMan.
Called TBONE, the attack was originally projected to be presented at Pwn2Own 2020, but the hacking contest has eventually been canceled due to the global health issue.
The researchers, however, demonstrated the exploit at the CamSecWest conference, revealing that the flaws have already been patched after reaching out to Tesla, Intel, and the German CERT.
Furthermore, Tesla rolled out update 2020.44 in late October 2020 to resolve the security problems, with the carmaker also offering a $31,500 bounty for disclosing the vulnerabilities.
And now comes the more concerning part. The ConnMan component that’s been found to be vulnerable isn’t only used by Tesla but by plenty of other carmakers too, so there’s a chance the security flaws exist in other vehicles too. A new version of ConnMan (build 1.39) has already been published in February 2021, but at this point, it’s still not clear how many carmakers have included the new release in their software updates.
The researchers claim the attack is wormable and could be weaponized, which means a more complex attack could be even more harmful, eventually being able to even connect to nearby cars and break into their infotainment systems.