Evgenia Novozhenina/Reuters
Summary List PlacementAll a Belgian researcher needed to break into and effectively steal a Tesla Model X: a $300 bluetooth kit, and some luck.
According to Wired, Lennert Woulters, who studies security at the university KU Leuven, found a way to exploit two vulnerabilities by simply reading the car's VIN number and lifting a code from the owner's key fob (which requires being within about 15 feet).
Armed with that information and a bluetooth radio, Woulters was able to unlock the car by spoofing the signal that would usually come from the owner's key fob or phone.
Once inside, things got trickier. Woulters was able to use a separate Model X body control module from eBay plugged into the a computer port in the car that was easily accessible, and pair the car with his own "key" — something the Tesla computer system didn't verify.
"Basically a combination of two vulnerabilities allows a hacker to steal a Model X in a few minutes time," he told the magazine. "When you combine them, you get a much more powerful attack."
Tesla, which did not respond to a request for comment, plans to roll out a software update to patch the problem, Wired reported.
The automaker, like many tech firms, makes use of a "bug bounty" program, in which researchers and hacktivists are rewarded for helping discover flaws that could be exploited by would-be attackers. In the past it's offered cash rewards and even Tesla vehicles.
Read Wired's full profile of Woulters' discoveries here.
NOW WATCH: What candy corn is actually made of
See Also:
- Volkswagen's Tesla competitor won't launch in the US until 2021
- GM is following Tesla's example and launching its own insurance with OnStar
- Volkswagen's CEO says its latest round of investment in electric self-driving cars will let it finally 'beat Tesla'
SEE ALSO: Tesla's joining the S&P 500 means it's time to talk about how ridiculously overvalued the company is