wired shares a report from SecurityWeek: Safety researchers have shown how a Tesla – and possibly other cars – can be hacked remotely without any user interaction from a drone. This was the result of research carried out last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The attack, nicknamed TBONE, involves the exploitation of two vulnerabilities affecting ConnMan, an Internet connection manager for on-board devices. A hacker who exploits the vulnerabilities can perform any task that an ordinary user could perform from the infotainment system. This includes opening the doors, changing the position of the seats, playing music, controlling the air conditioning, and changing the steering and acceleration modes. They showed how an attacker could use a drone to launch an attack over Wi-Fi to hack into a parked car and open its doors at a distance of up to 100 meters (around 300 feet). They claimed the exploit worked against Tesla Models S, 3, X, and Y. “Tesla fixed the vulnerabilities with an update released in October 2020, and it would have stopped using ConnMan,” the report notes. Since the ConnMan component is widely used in the automotive industry, similar attacks could be launched against other vehicles.
Tesla car hacked remotely from drone via clickless exploit
Source link Tesla car hacked remotely from drone via clickless exploit