Two researchers have managed to partially take control of a Tesla Model X remotely using a drone,
Ralf-Philipp Weinmann and Benedikt Schmotzle participated in the Pwn20wn 2020 hacking competition which aims to flush out flaws in the software embedded by Tesla.
The two security specialists provided evidence of their attack dubbed TBONE in a video posted on YouTube.
In just three minutes, they managed to open the doors of the vehicle.
The two researchers used two vulnerabilities spotted in ConnMan, an open source software that powers the Tesla computer system.
As an Internet connection manager, it is a dream entry point for hackers wishing to break into a computer environment.
Using a drone with a Wi-Fi modem, they managed to hack the vehicle.
The drone was stationed 100 meters away
The TBONE attack made it possible to unlock the doors, play a piece of music or even control the ventilation.
Worse, it is possible to influence the steering and acceleration settings without actually starting the car.
For these attacks, the drone can be located at 100 meters and therefore be perfectly undetectable to the naked eye.
All Tesla vehicles (S, 3, X and Y) were subject to this attack.
Even though the 2020 Pwn20wn was canceled, Tesla, who has a Bug Bounty program, was of course warned of the weak spot spotted on his vehicle.
In October 2020, he released a security patch preventing the possibility of a TBONE attack.
The car manufacturer would have taken the opportunity to abandon the use of the ConnMan software.
However, this software would be used by other car manufacturers.
The risk of attack would therefore always be present for certain models still in circulation, indicates
Tesla: For Elon Musk, Model Y will be the world's best-selling car in 2023
Tesla crash in Texas: Driver was "probably" behind the wheel