A group of security researchers managed to hack a Tesla car using an exploit delivered with a drone.
Tesla has already released a patch for the hack.
Over the last few years, Tesla has been investing a lot in cybersecurity and working closely with whitehat hackers.
The automaker has been participating in the Pwn2Own hacking competition by offering large prizes and its electric cars for hacking challengers.
Last year’s Pwn2Own competition was cancelled, but now, a group of researchers working on a Tesla hack for the competition have decided to release their work anyway.
They wrote about the hack, which they called TBONE:
“Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes – in short, pretty much what a driver pressing various buttons on the console can do. This attack does not yield drive control of the car though. Named “TBONE”, these exploits were originally written for the PWN2OWN 2020 contest, which was cancelled due to COVID-19.”
One of the most interesting parts of the hack is that they managed to find a way to deliver the exploit through a drone.
Why? Because it’s fun, and you can also fly one remotely to a Supercharger station to reach the parked cars.
Kunnamon CEO Ralf-Philipp Weinmann commented on the hack:
“Looking at the fact TBONE required no user interaction, and ease of delivery of the payload to parked cars, we felt this attack was ‘wormable’ and could have been weaponized. Adding a privilege escalation exploit such as CVE-2021-3347 to TBONE would allow us to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car’s proximity. We did not want to weaponize this exploit into a worm, however.”
Since the competition was cancelled, they managed to confirm the exploit on a simulated Tesla MCU.
But Tesla accepted the hack in its bug hunting program and quickly delivered a patch back in late October 2020, when it was disclosed by the hackers.
They have also disclosed that the hack exploited vulnerabilities in components also used in vehicles other than Teslas.
The researchers said that the wider automotive industry has been made aware of the vulnerability.
Here’s the full white paper on the TBONE Tesla hack:
As previously mentioned, Tesla has been investing heavily in cybersecurity.
We went into a lot of details about Tesla’s cybersecurity effort in our report about “The Big Tesla Hack” when a hacker managed to get control over Tesla’s entire fleet.
Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.
Author: Fred Lambert
Source: Electrek
