Hack Tesla using a drone, might sound like something from the sci-fi movie. This is for real though, Ralf-Philipp Weinmann, CEO of Kunnamon, and Benedikt Schmotzle of Comsecuris showcased their skills at the CanSecWest conference.
They were able to open the Tesla doors without any interaction from anyone in the car. A drone fitted with a Wi-Fi dongle was able to crack open Tesla’s door.
Tesla had patched the bugs in October last year, yet the researchers were able to hack open the doors using a DJI Mavic 2. You can witness all the technical details and the action in the 36-minute video below.
The researcher in a post stated the flaw can be used to compromise parked cars and control their infotainment system over the WiFi. The hackers can also unlock the doors and trunk, change seat positions, both steering and acceleration modes. This means hackers can literally take control of your car.
The researchers targeted a component called ConnMan, accessed it over the WiFi, and used it to manage network connections.
The ConnMan has two vulnerabilities that allowed Weinmann and Schmotzle to run commands on the infotainment system on the Tesla. They further stated more harm can be caused by writing code to Tesla’s infotainment tech. The attacks could also have been “wormable” and “weaponized” by adding on an exploit that let them create entirely new Wi-Fi firmware in the Tesla,
The researchers decided against creating a wormable hack as it would turn it into an access point that could be used to exploit other Tesla cars that come into the victim car’s proximity.
According to the security researcher duo, the ConnMan component vulnerability can be used by most of the other cars also.
They had to undergo a long and frustrating process to disclose the issue. They had to report it firstly to Intel, who created the ConnMan, and then go to German Computer Emergency Response Team, who organize fixes for the ConnMan issues. It is unclear if all car manufacturers have updated their cars with a patch code.
Many other researchers have also been targeting Tesla for security flaws. Earlier in 2020 McAfee Advanced Threat Research | McAfee that take the car up to 85mph in a 35mph zone. A Tesla was hacked and stolen in two minutes the same year by academics at KU Leuven University’s Computer Security and Industrial Cryptography (COSIC), using $200 worth of equipment.
Tesla has a bug bounty program in place, it rewards researchers for exposing the flaws. Tesla has rewarded the researcher’s duo with $31000 for their efforts.