IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security researchers take control of a Tesla via drone

Cyber security researchers found a way to unlock the car doors with a Wi-Fi dongle

Tesla factory

Last week at an IT security conference, a pair of cyber security researchers demonstrated how they could unlock and open a Tesla’s doors using only a drone outfitted with a Wi-Fi dongle.

They were originally going to demonstrate this at last year’s Pwn2Own hacking competition, but that contest got canceled due to the COVID-19 pandemic. So, they presented it at this year’s CanSecWest conference instead.

You can view the German cyber security experts’ presentation via a 40-minute-long YouTube video. If you want to skip to the action, you can head directly to the 36-minute mark to see them unlock the Tesla.

The hack shouldn’t be possible today, the researchers explained, because the security flaw they exploited got fixed with a software update last October after they informed Tesla about it. However, the researchers said other automakers might have the same vulnerability in their operating systems.

In their presentation, the researchers said they exploited vulnerabilities in ConnMan, an open source software component produced by Inte that functions as an internet connection manager for embedded devices. 

The researchers discovered they could exploit this flaw to take control of a Tesla’s infotainment system. From there, they could do anything a driver could do by pressing the buttons on the car’s console, including unlocking the doors and trunk, changing seat positions, playing music, and controlling the air conditioning.

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

However, they couldn’t start or drive the car.

In the video, they use a drone equipped with a Wi-Fi dongle to remotely hack into a Tesla Model X’s infotainment system. They said this technique worked on Tesla S, 3, X, and Y models from up to 300 feet away.

The really concerning part is that other automakers besides Tesla use ConnMan software. An improved version of ConnMan came out in February, the researchers said, but it’s not clear how many automakers are using it.

Of course, this isn’t the first time hackers or cyber security researchers have targeted Tesla or its vehicles. In March, hackers breached more than 150,000 security cameras at Tesla and internet security provider Cloudflare. Last year, McAfee researchers used a two-inch strip of tape to trick Tesla autopilot systems into accelerating their vehicles 50 mph above the speed limit. Finally, in 2018, security researchers discovered Tesla keyfobs were vulnerable to spoofing attacks that would allow attackers to steal a Tesla simply by walking past the owner and cloning their key.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022
Storage's role in addressing the challenges of ensuring cyber resilience
Whitepaper

Storage's role in addressing the challenges of ensuring cyber resilience

4 Jul 2022
Introducing IBM Security QRadar XDR
Whitepaper

Introducing IBM Security QRadar XDR

4 Jul 2022
HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Latest LockBit ransomware strain 'strikingly similar' to BlackMatter
ransomware

Latest LockBit ransomware strain 'strikingly similar' to BlackMatter

4 Jul 2022