Skip to main content

German pilots film their drone hack of a Tesla

It’s well known short traders are atop the many, many things Tesla honcho Elon Musk hates in this world. But it’s a safe bet mischievous drone geeks now populate that list ­– especially after a pair of pilots hacked one of his luxury rides open from the air.

Pushing Tesla’s buttons

In a video shown during their April 29 presentation at the virtual CanSecWest security conference, the daring duo described the manner they went about hacking a Tesla Model X from a hovering DJI Mavic 2. They said multiple test runs using a Wi-Fi dongle allowed them to compromise the car’s command system in three minutes or less. They demonstrated their exploit with elevated footage of an empty blue Tesla obediently flapping its doors open and shut on command.

Jump to minute 36 in the admittedly unspectacular video for views and a brief description of the aerial hack. And if the no-drama delivery seems too staid to be entertaining, just imagine how massively cheesed off Musk must have been seeing it.

In exposing the accessibility hole, German security researchers Ralf-Philipp Weinmann, CEO of Kunnamon, and Benedikt Schmotzle of Comsecuris made it evident just how valuable the flaw could be to geeky thieves.

Almost as an after-thought, they also dished how a hostile Tesla hack could be exceedingly annoying to boot. Use of the same command codes, they said, would have allowed them to move the car’s seats, blast its air conditioning, and crank the stereo system from the drone. And some people call restless kids in a car the paragon of distractions.

Crime (well, Tesla) pays

The hack targeted the (in this case, deliciously ironically named) ConnMan component managing Tesla network connections. The researcher perpetrators say Musk’s company has fixed the bug since their infraction. But in a paper posted describing their so-called TBONE operation, the pair say the potential for hacks ­– including via drones as autos are being driven ­– is considerable.

The affected components were also widely used in infotainment systems of other car manufacturers… It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes – in short, pretty much what a driver pressing various buttons on the console can do. This attack does not yield drive control of the car though.

The drone-powered coup was the third time cyber-security firms hacked Tesla cars in 2020. One of those successfully boosting a Model X in two minutes using just $200 in electronics equipment.

But if the one-upsmanship infuriated Musk, he did a commendable job hiding it. Tesla paid Weinnman and Schmotzle a $31,500 award as part of its security bounty program.

FTC: We use income earning auto affiliate links. More.

You’re reading DroneDJ — experts who break news about DJI and the wider drone ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow DroneDJ on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel.