While analyzing vulnerabilities researchers were able to unlock Tesla Model X’s doors with a remote hack using a DJI Mavic 2 drone carrying a WIFI dongle.
Wi-Fi-based hacking could be an issue of concern with automobiles we had never even thought about it. But two security researchers, Kunnamon, Inc.’s Ralf-Philipp Weinmann and Comsecuris GmbH’s Benedikt Schmotzle claim that it is possible.
The researchers have discovered remote zero-click security flaws in the open-source software component, called ConnMan, used in Tesla cars. The exploits are dubbed TBONE.
The exploits were written for the PWN2OWN 2020 contest. Since it was moved online last year due to COVID19, the researchers disclosed the exploits to Tesla. The automaker patched them in a software update in Oct 2020. The researchers demonstrated their exploits at the CanSecWest 2021 Conference.
The Threat is Real!
Exploiting the flaws, an attacker can:
- Compromise parked cars
- Gain control of their infotainment system over WIFI
- Lock/unlock the trunk and doors, modify seat positions
- Change steering/acceleration modes
- Change air conditioning settings and temperature.
This means a hacker can perform all those functions remotely that a driver can while sitting in the car. However, the hacker cannot yield the car’s drive control.
When the researchers checked the vulnerabilities themselves, they were able to unlock Tesla Model X’s doors with a remote hack using a DJI Mavic 2 drone carrying a WIFI dongle. This required no interaction from anyone in the vehicle.
Are Other Automobiles Vulnerable?
According to researchers, yes, other automobile brands are also vulnerable because researchers claim that nearly half of the auto industry uses ConnMan. The affected components are widely used in infotainment systems of internet-connected cars.
To prevent other manufacturers from getting their cars’ infotainment system hijacked, the researchers first informed ConnMan’s creator Intel and then engaged German CERT and the “wider automotive industry” in January 2021. Patches were checked into the Git repository, and the new version of ConnMan, version 1.39 was released in February 2021.
Weinmann stated that the attack could have been wormable and weaponized if they had added an exploit to create a new wifi firmware in Tesla. This would have turned the car into an “access point” that they could have used to exploit other Tesla cars present in the “victim car’s proximity.”
Tesla is yet to comment on this issue.