Researchers found another way to hack Tesla Model X Key Fob

The hack occurred when researchers identified significant security flaws in the key fob of Tesla’s top-of-the-line SUV, Tesla Model X, the luxury vehicle costing $80,000 to $100,000.

Although proven to be a worthwhile addition to the automobile industry, the never-ending security flaws and vulnerabilities in internet-connected vehicles pose a great security risk. Tesla’s smart vehicles are one of the best in the industry.

Still, even these aren’t free of security concerns, as per the latest research from the Computer Security and Industrial Cryptography (COIC) Imec research team at the University of Leuven in Belgium.

Reportedly, researchers identified significant security flaws in the key fob of Tesla’s top-of-the-line SUV, Tesla Model X, the luxury vehicle costing $80,000 to $100,000.

On August 17th, 2020, the Belgian researchers informed Tesla about the flaw, and the company was forced to roll out an update in the over-the-air software of the key fob to fix the problem.

It is a small device that lets someone unlock the car automatically by merely pressing a button or approaching the vehicle.



Lennert Wouters, a Ph.D. student and member of the research team, previously detected two different types of attacks on Tesla Model S keyless entry technology.

In their latest research, the team discovered that it was possible to hack and steal the Tesla Model X within merely minutes using a Bluetooth connected key fob.

They could break into the luxurious vehicle using equipment worth a few hundred dollars. Researchers explained in their press release that the Model X key fob utilizes Bluetooth Low Energy (BLE) to connect with a smartphone app for enabling keyless entry.

The vulnerability lies in the BLE. The researchers used an inexpensive Raspberry Pi computer, which cost them around $35, and a CAN shield, priced at $30. Using a $100 salvage vehicle’s Electronic Control Unit and a $30 LiPo battery, they managed to modify the key fob. The ECU forced the key fob to become available as Bluetooth devices wirelessly.

“By reverse-engineering the Tesla Model X key fob we discovered that the BLE interface allows for remote updates of the software running on the BLE chip. As this update mechanism was not properly secured, we were able to wirelessly compromise a key fob and take full control over it,” Wouters explained in the press release.

Within a minute, the researchers could access the key fob within 30 meters range and unlocked the target vehicle using valid commands. They could also access the car’s diagnostic center, and after linking to the diagnostic connector, they managed to connect a modified key fob to the vehicle.

“The newly paired key fob allows us to then start the car and drive off. By exploiting these two weaknesses in the Tesla Model X keyless entry system we are thus able to steal the car in a few minutes,” explained the head of the research team, Professor Benedikt Gierlichs.

Watch how it was done:

You may also like...