Major Cybersecurity Vulnerability Discovered in Tesla Model X
Two cybersecurity researchers have discovered a vulnerability (now fixed) that allowed them to unlock the doors of a Tesla Model X using nothing more than a drone and a Wi-Fi dongle.
The zero-day security flaws in Intel’s ConnMan (What is ConnMan?) open-source software component managing the network connections, was discovered by Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH with code specifically written to abuse the flaw allowing them to unlock the doors and the trunk, change seat positions, and do pretty much anything a driver would be able to do by pressing the buttons on the console.
To exploit the vulnerability, the two cybersecurity researchers turned to a DJI Mavic 2 drone, which was used to fly over the exposed vehicle, and a Wi-Fi module to connect to the infotainment unit and launch the remote attack aimed at ConnMan.
TBONE as it has been dubbed, was the attack originally projected to be presented at Pwn2Own 2020, but the hacking contest had been canceled due to the global health issue.
Instead, the two cybersecurity researching demonstrated the exploit at the CamSecWest conference, revealing that the flaws have already been patched after reaching out to Tesla, Intel, and the German CERT.
Due to the major vulnerabilities discovered, Tesla rolled out update 2020.44 in late October 2020 to resolve the security problems, with the carmaker also offering a $31,500 bounty for disclosing the vulnerabilities.
Although the vulnerability has been addressed in Tesla software. The ConnMan component that’s been found to be vulnerable isn’t only used by Tesla but by plenty of other carmakers too, so there’s a chance the security flaws exist in other vehicles too. A new version of ConnMan (build 1.39) has already been published in February 2021, but at this point, it’s still not clear how many carmakers have included the new release in their software updates.
The researchers claim the attack is wormable and could be weaponized, which means a more complex attack could be even more harmful, eventually being able to even connect to nearby cars and break into their infotainment systems.
