fbpx

Type to search

Cybersecurity Team Creates Tool to Unlock, Operate Tesla Cars

If an attacker can place a relaying device within signal range of a mobile phone or key fob authorised to access a Tesla they can unlock and operate the vehicle


A Tesla Model S electric car is seen at its dealership in Seoul
A Tesla Model S electric vehicle is seen at a dealership in Seoul (Reuters file photo).

 

Cybersecurity researchers say they have developed a tool to unlock a Tesla electric car using Bluetooth Low Energy (BLE) technology.

If an attacker can place a relaying device within BLE signal range of a mobile phone or key fob authorised to access a Tesla Model 3 or Model Y, they can conduct a relay attack to unlock and operate the vehicle, NCC Group said in a technical advisory.

They said they tested the method on a Tesla Model 3 from 2020 using an iPhone 13 mini running version 4.6.1-891 of the Tesla app.

“NCC Group has developed a tool for conducting a new type of Bluetooth Low Energy (BLE) relay attack,” the Dallas-based company said.

 

Attack Tool to Unlock and Operate

“NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside the BLE range of the vehicle.”

The vulnerability appears to affect virtually every device that uses BLE technology, but NCC Group demonstrated the vulnerability in Tesla vehicles.

During the experiment, they were able to deliver to the car the communication from the iPhone via two relay devices, one placed 7m from the phone, the other sitting 3m from the car.

The iPhone was placed on the top floor at the far end of a home, about 25m from the vehicle, which was in the garage at ground level.

The phone-side relaying device was positioned in a separate room from the iPhone, and the vehicle-side relaying device was able to unlock the vehicle when within placed within 3m.

 

Recommendations

NCC made a series of recommendations based on its discovery. It said that “users should be educated about the risks of BLE relay attacks, and encouraged to use the PIN to Drive feature”.

They also suggested the carmaker should “consider also providing users with an option to disable passive entry.”

NCC said it alerted Tesla Product Security about its discovery on April 21 and that Tesla responded a week later, “stating that relay attacks are a known limitation of the passive entry system”.

 

  • George Russell

 

 

READ MORE:

China to Conduct Cybersecurity Review of Ride-Hailer Didi Global

China Cyberspace Regulator Sets Out ‘Clean’ Campaign Goals

Tesla’s Removal From S&P ESG Index Sparks Elon Musk Fury

 

George Russell

George Russell is a freelance writer and editor based in Hong Kong who has lived in Asia since 1996. His work has been published in the Financial Times, The Wall Street Journal, Bloomberg, New York Post, Variety, Forbes and the South China Morning Post.