Researchers remotely hacked Tesla’s electric car using a drone
Security researchers Ralf-Philipp Weinmann and Benedikt Schmotzle have clearly demonstrated that electric vehicles from Tesla and other manufacturers can be hacked remotely without any direct interaction. To do this, they used two software vulnerabilities, and the attack itself was carried out using an uncrewed aerial vehicle.
The attack, dubbed TBONE, exploits two vulnerabilities that affect ConnMan, a connection manager that provides basic networking functionality and is used in many embedded devices. Exploiting ConnMan vulnerabilities allowed researchers to remotely gain complete control over Tesla’s electric vehicle infotainment system and functions. Thanks to this, they could remotely open doors, change the position of the seats, turn on music playback, control the air conditioner, etc.
It should be noted that this attack does not allow remote control of the electric vehicle itself. However, the researchers achieved the main thing, and they clearly showed how a hacker could conduct a successful Wi-Fi attack from a distance of up to 100 meters. The researchers said the exploit they created could attack Tesla Model 3, Model S, Model Y, and Model X.
The study was conducted last year and originally intended to present the results of the work at the Pwn2Own hacker contest, in which you can get a solid reward for hacking Tesla electric vehicles. However, due to the coronavirus pandemic, the competition organizers temporarily refused to accept work in the automotive category, after which the researchers transferred the results of the work done directly to Tesla under the current reward program. Tesla reportedly fixed the software vulnerabilities with an October 2020 update.
It is worth noting that the ConnMan component is widely used in the automotive industry. This means that similar attacks can be effective against vehicles from other manufacturers. Researchers reached out to the German Computer Incident Response Center (CERT) to inform other automakers about the potential problem.