With the ability to unlock the car, they could then connect to the OBD diagnostic interface normally used by service technicians. Due to a weakness in the implementation of the pairing protocol, they could pair a modified key fob with the car, which would then even give them permanent access and the ability to drive off with the car at any time - and thus gain much more control over the vehicle than was the case with the known weakness of conventional keyless entry systems, at least until recently - which normally cannot be restarted after the car is parked.
The proof-of-concept attack was implemented with a homemade device built from low-cost equipment: A Raspberry pi-computer ($35) with a CAN protection shield ($30), a modified keychain, an ECU from a recovery vehicle ($100 on eBay) and a LiPo battery ($30).
The Belgian researchers informed Tesla on August 17, 2020 about the problems. Tesla confirmed the weaknesses, rewarded their findings with an error bonus and began work on security updates. As part of the 2020.48 software update that is now being released, a firmware update will be downloaded to the keychain.
The same research group had previously hacked the keyless entry system of the Tesla Model S. In the Model X, the carmaker had strengthened the security measures - with limited success, as has now been shown.
More information: www.imec-int.com