Gone In 90 Seconds: Tesla Model X Keyless Entry Bluetooth Hack Exposed

Tesla Model X
In the days of old, a car thief might stick a hanger in car window to unlock the door (or simply smash the glass), hop in, and hot wire the vehicle. Hollywood loves to show this kind of thing, sometimes with wires dangling beneath the steering column, and other times with a screwdriver jammed into the ignition. Trying to steel a Tesla Model X takes more effort, though perhaps not as much as you think, as a security researcher recently demonstrated.

Today's vehicles are more reliant than ever on computer systems, and Tesla is at the front of the pack, with its advanced self-driving and other technologies. And like many modern vehicles, keyless entry is a common feature. That is also where the exploit lies—a car thief with hacking skills could potentially alter the firmware of the key fob to effectively swipe the unlock code.

There actually exists a series of Bluetooth vulnerabilities that make this possible, as Lennert Wouters, a security researcher in Belgium, shared with Wired today. Those security holes are present in both the Model X itself and the accompanying keyless entry fob. Hacking both of them allows a skilled attacker to gain unauthorized entry to the vehicle.

The hack requires knowing the vehicle's ID number, which can typically be spied through the windshield. It also requires about a $300 investment in hardware, part of which entails a Raspberry Pi module. This is connected to a larger board, but the sum of parts is not all that unwieldy—it can fit inside a backpack.

What is equally concerning is how quickly this hack can be accomplished. With the necessary hardware in place, it takes about 90 seconds to pull it off. At least for the first part—that gets the hacker the necessary radio code to unlock the Model X. After that, another vulnerability would allow the potential car thief to pair it with their own keyless entry fob.

There are some caveats to this, that should give Model X owners some peace of mind. For one, this is hacking we are talking about, so not just any person off the street will have the skills to pull this off (and there are no reports of this having actually happened to anyone). Secondly, the hacker needs to be within 15 feet of the owner's key fob. Nevertheless, it is entirely possible to hack a Model X in a short time to not only gain entry, but start the vehicle and drive away. Yikes.

At least for now, anyway. The good news is, Tesla plans to patch the vulnerabilities. Wouters says he was told by Tesla that it may take a month for the over-the-air update(s) to arrive on all affected vehicles. So if you own a Model X, be on the lookout for an update.