
image credit: pexels
The vulnerabilities exploited in the attack were reported to Tesla in mid-August and they were patched recently by the electric car maker with an over-the-air update (version 2020.48) that is currently being rolled out to vehicles.
The attack method identified by the COSIC researchers targets the Tesla Model X key fob, which uses Bluetooth Low Energy (BLE) to communicate with the vehicle. They discovered that the BLE interface allows the software running on the Bluetooth chip to be updated remotely, but this updating mechanism was not protected properly.