Tesla Model X hacked using a DJI Mavic 2 drone configured with a Wi-Fi dongle, security researchers demonstrated how to hack a Tesla Model X and open the doors.
The scenario is concerning because Tesla Model X can be hacked as hackers could fly a drone over your Tesla Model X and open the doors.
Hackers could steal your Tesla using the drone.
Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH discovered remote zero-click vulnerabilities in the vehicle and exploited them with a DJI Mavic 2 drone configured with a Wi-Fi dongle.
The flaws were discovered in the open-source ConnMan software component used in Tesla vehicles. They’ve used them to “compromise parked cars and control their infotainment systems over Wi-Fi,” according to the researchers.
The hack was labeled TBONE by the pair, and it was introduced at the CanSecWest 2021 Conference.
Watch the video presentation here: https://www.youtube.com/watch?v=krSj81thN0w&t=5s
The researchers clarified that the ConnMan is also commonly used in other carmakers’ infotainment systems, so they enlisted the help of German CERT and other industry players.
In February 2021, a new version of ConnMan (v1.39) was announced.
The exploit was wormable and could have been weaponized because the TBONE requires no user intervention and is easy to deliver the payload to parked cars.
Adding a privilege escalation exploit like CVE-2021-3347 to TBONE, according to Weinmann, will enable them to load new Wi-Fi firmware into the Tesla car, turning it into an access point that could be used to exploit other Tesla cars in the vicinity.
They do not, however, want to turn this hack into a worm.
The researchers intended to present the attack at the PWN2OWN 2020 hacking competition, but when it was moved online due to the COVID-19 pandemic, they decided to privately report the issues to the automaker.
Remote attackers may use the flaws to compromise parked vehicles, gain control of the infotainment system through Wi-Fi, lock and unlock the trunk and doors, adjust seat positions and steering/acceleration modes, and change the temperature and air conditioning settings.
This attack, however, does not allow the driver to take control of the vehicle.
Tesla has not responded to the findings of the researchers.
Latest in Cybersecurity: Hotbit cryptocurrency exchange down, suffers a cyberattack