According to ComputerWeekly, Lennert Wouters, a PhD student at the University of Leuven's Computer Security and Industrial Cryptography (Cosic) research group created the device which can wirelessly connect to the car from up to five meters away. This is the third time in as many years that Wouters has successfully broken into a Tesla vehicle by exploiting its keyfob. In both prior instances, he was able to effectively “clone” the device to gain access.

He used a modified ECU, obtained from a wrecked Tesla Model X, to force key fobs to advertise themselves as connectable BLE devices.

By reverse engineering the Tesla Model X key fob, he discovered that the chip providing Bluetooth Low Energy (BLE) interface could be updated, and was insecure enabling the team to compromise and attack the fob and obtain valid commands to lock/unlock the car.

It cost him $195 and could easily be hidden in a briefcase or bag, enabling the thief to walk casually by their target and take control of their key fob. It would then be a matter of time for the thief to use the onboard diagnostic connector, pair their modified key fob and then have control of the car.

The vulnerability has forced Tesla to issue an over the air patch for its Model X vehicles.