Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have discovered zero-day security flaws in Intel’s ConnMan open source software component that controls network connections, with code specifically written to exploit the flaw so they can unlock the trunk doors, change seat positions and do pretty much anything. all that a driver could do by pressing the buttons on the console.
To exploit the vulnerability, the two security researchers resorted to a DJI Mavic 2 drone, which was used to fly over the exposed vehicle, and a Wi-Fi module to connect to the infotainment device and launch the remote attack aimed at ConnMan.
Called TBONE, the attack was originally expected to be presented at Pwn2Own 2020, but the hacking competition has eventually been canceled due to the global health issue.
However, the researchers demonstrated the exploitation at the CamSecWest conference, revealing that the bugs have already been rectified after reaching out to Tesla, Intel and the German CAC.
In addition, Tesla rolled out update 2020.44 in late October 2020 to address security issues, with the automaker also offering a $ 31
And now comes the more worrying part. The ConnMan component, which has been found to be vulnerable, is used not only by Tesla but also by many other automakers, so there is a chance that safety flaws can also be found in other vehicles. A new version of ConnMan (build 1.39) has already been released in February 2021, but at this point it is still not clear how many automakers have included the new release in their software updates.
The researchers claim that the attack is wormy and can be armed, which means that a more complex attack can be even more damaging and eventually be able to even connect to nearby cars and break into their infotainment systems.