Researchers find serious flaws in Model X keyless entry system

November 25, 2020 //By Ally Winning
Researchers from COSIC, an imec research group at the University of Leuven in Belgium, have found major security flaws in the Tesla Model X’s keyless entry system.
Researchers from COSIC, an imec research group at the University of Leuven in Belgium, have found major security flaws in the Tesla Model X’s keyless entry system.

The same group of researchers has previously hacked the Tesla Model S keyless entry system. The researchers have now and shown how the security measures of the more recent Tesla Model X can be bypassed. The Tesla Model X priced at over $100.000 US can be stolen in only a few minutes.

Tesla has used an over-the-air software update to mitigate these issues found by the researchers.

The key fob of the Tesla Model X allows the owner to automatically unlock the vehicle by either approaching it, or pressing a button. Bluetooth Low Energy (BLE) is being used more in “phone-as-key” solutions to allow a smartphone APP to unlock the car. The Tesla Model X key fob uses BLE to communicate with the vehicle.

“Using a modified Electronic Control Unit (ECU), obtained from a salvage Tesla Model X, we were able to wirelessly (up to 5m distance) force key fobs to advertise themselves as connectable BLE devices. By reverse engineering the Tesla Model X key fob we discovered that the BLE interface allows for remote updates of the software running on the BLE chip. As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it.

Subsequently we could obtain valid unlock messages to unlock the car later on”, says Lennert Wouters, PhD student at the COSIC research group.

“With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians. Because of a vulnerability in the implementation of the pairing protocol we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car”, Wouters adds.

Two weaknesses exposed

“To summarize, we can steal a Tesla Model X vehicle by first approaching a victim key fob within about 5 meters to wake up the key fob. Afterwards we can


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.