A consultant to the NCC Group, a UK-based security firm, has demonstrated the ability to exploit security vulnerabilities in some Tesla car keyless access systems that could easily allow him to steal the car.
Although it appeared on a Tesla (Model 3 and Model Y Sensitive), Sultan Qasim Khan, the NCC Group’s chief security adviser, said the security vulnerability was not unique to that carmaker’s vehicle.
Khan showed his discovery to Bloomberg News, conducting a relay attack, where a hacker was seen forwarding communications using two small devices. To unlock the car, he placed a relay within a 15-yard (14-meter) radius of the Tesla owner’s smartphone or key fob while the second device was plugged into his laptop near the car.
It cost just 100 100 to get the parts
Using the computer code that Khan wrote for Bluetooth development kits, he was able to unlock the car, access it, and transfer it to the drive. All in all, it cost about $ 100 for the system, all parts were easily accessible online and the hack took only 10 seconds to take effect.
Khan told Bloomberg: “An attacker can go to any house at night – if the owner’s phone is at home – a Bluetooth passive entry car is parked outside and this attack can be used to unlock and turn on the car,” Khan told Bloomberg. “Once the device is located near a fob or phone, the attacker can send commands from anywhere in the world.”
The consultant said he discovered the hack by tinkering with Tesla’s keyless entry system, which relies on the Bluetooth Low Energy (BLE) protocol. It was originally designed to conveniently link devices together, but it has become a security headache for many, allowing hackers to unlock all kinds of smart technologies, including home locks, cars, phones, laptops and more. In fact, the NCC Group says the strategy has worked on the vehicles of several other car manufacturers.
Read more: 25 Tesla hacked by a teenager around the world doesn’t sound like it
A representative of a group of companies that operate Bluetooth said it works with the security research community to address vulnerabilities identified with the technology. The NCC Group, meanwhile, said it had notified Tesla and its other clients this weekend.
Fortunately, there is no evidence that thieves used the hack to gain access to Tesla vehicles, but Khan claims that the automaker did not consider the security flaw a significant risk. Unfortunately, to fix this, he said, the company needed to change the hardware on its keyless entry system.