fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Tesla Model X Key Fobs Could Be Hacked To Steal Cars, Fix Released

Tesla Model X Key Fobs Could Be Hacked To Steal Cars, Fix Released

Researchers at the University of Leuven in Belgium found vulnerabilities in the keyless entry system of the Tesla Model X that would have allowed attackers to steal the $100,000 car within just a few minutes.

The security bugs allowed taking full control of the key fob and of the car by remotely updating the Tesla Model X’s BLE chip with specially crafted firmware.

Once the key fob was compromised, the researchers were able to capture valid unlock messages which allowed them to unlock the car at any time.

“With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians,” Lennert Wouters, a PHD student at the Computer Security and Industrial Cryptography (COSIC) group explained.

“Because of a vulnerability in the implementation of the pairing protocol we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car.”

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

How to take control of a Tesla Model X

To successfully exploit the flaws, attackers would need to get close to the targeted car (under 5 meters), use a modified Electronic Control Unit (ECU) to wake up the key fob, deliver the firmware update to gain full control (from over 30 meters), and unlock the car.

“After approaching the vehicle and unlocking it we can access the diagnostic connector inside the vehicle. By connecting to the diagnostic connector, we can pair a modified key fob to the car,” Wouters added.

“The newly paired key fob allows us to then start the car and drive off. By exploiting these two weaknesses in the Tesla Model X keyless entry system we are thus able to steal the car in a few minutes.”

The researchers’ proof of concept attack used a device built only with low-priced equipment including a Raspberry Pi ($35) with a CAN shield ($30), a modified key fob, an ECU from a salvage vehicle (sold for less than $100 on eBay), and a LiPo battery ($30).

Tesla is rolling security updates

The Belgian researchers reported the security issues to Tesla in August 2020 and the company is now rolling over-the-air firmware update to address the issues affecting the SUV’s key fob.

The same researchers have also found flaws in the Tesla Model S key fob and Passive Keyless Entry and Start (PKES) system.

The University of Leuven researchers also provide a demonstration video showing the entire process and the tools they needed to take full control of the Tesla Model X.

The company’s Tesla Model 3 car Chromium-based infotainment system was hacked during last year’s Pwn2Own competition by Fluoroacetate’s Amat Cama and Richard Zhu.

Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?

Two years ago, Tesla also amended its responsible disclosure guidelines with clarifications welcoming registered researchers to carry out security tests probing the company’s cars for bugs as part of the official vulnerability reporting program.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us