Hacker Breaks Into And Starts Tesla Using Bluetooth, Other Automakers Are Just As Susceptible
A consultant at the NCC Group, a U.K.-based security firm, has reportedly demonstrated the ability to exploit a security weakness in the keyless entry system of some Tesla vehicles that could allow him to easily steal the vehicle.
Although this was demonstrated on a Tesla (the Model 3 and Model Y are susceptible), Sultan Qasim Khan, the principal security consultant at NCC Group, said that the security weakness was not unique to that automaker’s vehicles.
Khan demonstrated his discovery to Bloomberg News, conducting a relay attack, which sees a hacker using two small devices to forward communications. To unlock the vehicle, he placed one relay within a 15-yard (14-meter) radius of a Tesla owner’s smartphone or key fob while the second device was plugged into his laptop near the car.
It cost only $100 to get the parts
Utilizing computer code that Khan wrote for Bluetooth development kits, he was able to unlock the car, get in, and shift it into drive. In all, the system cost him about $100, all of the parts were easily accessible online, and the hack only takes about 10 seconds to execute.
“An attacker could walk up to any home at night—if the owner’s phone is at home—with a Bluetooth passive entry car parked outside and use this attack to unlock and start the car,” Khan told Bloomberg. “Once the device is in place near the fob or phone, the attacker can send commands from anywhere in the world.”
The consultant said that he discovered the hack by tinkering with Tesla’s keyless entry system, which relies on Bluetooth Low Energy (BLE) protocol. This was initially designed to link devices together conveniently but it has become a security headache for many, allowing hackers to unlock all kinds of smart technologies, including house locks, cars, phones, laptops, and more. Indeed, the NCC Group said this trick worked on vehicles from several other carmakers.
A representative from the collective of companies that manage Bluetooth said that it works with the security research community to address vulnerabilities identified with the technology. The NCC Group, meanwhile, said that it has informed Tesla and its other clients this weekend.
Fortunately, there’s no evidence that thieves have used the hack to improperly access Tesla vehicles but Khan claimed that the automaker did not deem the security flaw a significant risk. Unfortunately, to fix it, he said the company would have to make hardware changes to its keyless entry system.