Security researchers has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle.
The scenario is alarming as the hackers could use a drone to fly over your Tesla Model X and open the doors.
The researchers Kunnamon, Inc.’s Ralf-Philipp Weinmann and Comsecuris GmbH’s Benedikt Schmotzle have discovered remote zero-click flaws in the vehicle and exploited them using a DJI Mavic 2 drone equipped with a WIFI dongle.
The vulnerabilities are found in the ConnMan open-source software component used in Tesla cars. The researchers have exploited them to “compromise parked cars and control their infotainment systems over WiFi.”
The duo called the hack TBONE and presented it at the CanSecWest 2021 Conference.
The video of the presentation is below:
The researchers explained that the ConnMan is also widely used in infotainment systems of other carmakers, and so they have engaged German CERT and other actors of the automotive industry.
A new version of ConnMan (v1.39) has been released in February 2021.
As the TBONE does not need any user interaction, and is easy to deliver the payload to parked cars, the attack was ‘wormable’ and could have been weaponized.
Weinmann stated that adding a privilege escalation exploit such as CVE-2021-3347 to TBONE would allow them to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car’s proximity. However, they not want to weaponize this exploit into a worm.
The researchers were planning to present the attack at the PWN2OWN 2020 hacking contest, but since it was moved online due to the COVID19 pandemic they opted to privately report the issues to the carmaker.
The vulnerabilities could be exploited by remote attackers to compromise parked cars, gain control of the infotainment system over WIFI, to lock/unlock the trunk and doors, modify seat positions and steering/acceleration modes, and change air conditioning settings and temperature. However, this attack does not yield drive control of the car.
Tesla has not commented on the researchers’ findings.
Image Credits : CNET